Created
May 21, 2015 02:26
-
-
Save drldcsta/c3be819901c9dfffc855 to your computer and use it in GitHub Desktop.
netcap script. Was originally used to have constant tcpdumps running against all relevant management boxes. example of using old style bash variable to create "arrays" which contain both hostnames and IPs. (certain digits have been removed to obfuscate IP address)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
###################################################### | |
# Program: netCap.sh | |
# Date Created: 7 July 010 | |
# Description: Starts a TCP dump of the management network and the USRM's or the management network and the proxy. | |
# Date Updated: 1 June 01 | |
# |_Complete Rewrite | |
# |_Added check if running on primary machine | |
# |_Added crateion of pid files for use in cleanup | |
# |_Added ability to be run from cron for simple hourly zips | |
# 18 June 01 | |
# |_Removed isPrime check. Script now runs regardless of if machine is primary. | |
# 05 Aug 013 | |
# |_Rewritten to so that one single script can be used on all managers | |
# 13 Aug 013 | |
# |_Added a boolean variable so that this script can also be used on the proxy | |
# |_Renamed to netCap from usrmNetcap to reflect the change | |
# Developers: Darrell D (Support Engineer) | |
# Stefan P (Support Engineer) | |
###################################################### | |
usrmIPS=( | |
"17.16.13.36|par.usrm.36" | |
"17.16.13.39|par.usrm.39" | |
"17.16.13.18|par.usrm.18" | |
"17.16.13.1|liw.usrm.1" | |
"17.16.13.15|liw.usrm.15" | |
"17.16.13.9|liw.usrm.9" | |
"17.16.13.4|wst.usrm.4" | |
"17.16.13.1|nj.usrm.1" | |
"17.16.13.4|nj.usrm.4" | |
"17.16.151.48|nj.usrm.48" | |
"17.16.151.54|nj.usrm.54" | |
"17.16.13.39|ct.usrm.39" | |
"17.16.13.18|bk.usrm.18" | |
"17.16.13.1|lix.usrm.1" | |
"17.16.13.15|lix.usrm.15" | |
"17.16.13.9|lix.usrm.9" | |
"17.16.13.1|nj.usrm.1" | |
"17.16.13.4|nj.usrm.4" | |
"17.16.151.48|nj.usrm.48" | |
"17.16.151.54|nj.usrm.54" | |
"17.16.13.1|lix3.usrm.1" | |
"17.16.13.15|lix3.usrm.15" | |
"17.16.13.9|lix3.usrm.9" | |
"17.16.13.1|nj3.usrm.1" | |
"17.16.13.4|nj3.usrm.4" | |
"17.16.151.48|nj3.usrm.48" | |
"17.16.151.54|nj3.usrm.54" | |
) | |
mgmtIPS=( | |
"10.48.19.4|par" | |
"10.48.19.5|par" | |
"10.48.19.6|par" | |
"10.48.19.9|liw" | |
"10.48.19.10|liw" | |
"10.48.19.11|liw" | |
"10.48.19.19|wst" | |
"10.48.19.0|wst" | |
"10.48.19.1|wst" | |
"10.48.19.4|nj" | |
"10.48.19.5|nj" | |
"10.48.19.6|nj" | |
"10.48.19.9|ct" | |
"10.48.19.30|ct" | |
"10.48.19.31|ct" | |
"10.48.19.89|bk" | |
"10.48.19.90|bk" | |
"10.48.19.91|bk" | |
"10.48.19.94|lix" | |
"10.48.19.95|lix" | |
"10.48.19.96|lix" | |
"10.48.19.99|nj" | |
"10.48.19.100|nj" | |
"10.48.19.101|nj" | |
"10.48.59.9|lix3" | |
"10.48.59.10|lix3" | |
"10.48.59.11|lix3" | |
"10.48.59.14|nj3" | |
"10.48.59.15|nj3" | |
"10.48.59.16|nj3" | |
) | |
case $HOSTNAME in | |
mgmt0[1,]) | |
srmIndex=( 0 1 ) | |
;; | |
liwmgmt0[1,]) | |
srmIndex=( 3 4 5 ) | |
;; | |
wstmgmt0[1,]) | |
srmIndex=( 6 ) | |
;; | |
njmgmt0[1,]) | |
srmIndex=( 7 8 9 10 ) | |
;; | |
ctmgmt0[1,]) | |
srmIndex=( 11 ) | |
;; | |
bkmgmt0[1,]) | |
srmIndex=( 1 ) | |
;; | |
lixmgmt0[1,]) | |
srmIndex=( 13 14 15 ) | |
;; | |
njmgmt0[1,]) | |
srmIndex=( 16 17 18 19 ) | |
;; | |
lix3mgmt0[1,]) | |
srmIndex=( 0 1 ) | |
;; | |
nj3mgmt0[1,]) | |
srmIndex=( 3 4 5 6 ) | |
;; | |
proxy0[1,]) | |
isProxy=true | |
;; | |
esac | |
#Directory to place captures in | |
capDir="/tmp/$(/bin/date "+%d.%b")" | |
#Brief description of capture type for use in file names | |
capType=() | |
if "$isProxy"; then | |
for (( i=0; i < ${#mgmtIPS[@]}; i++ )); do | |
capType[$i]=${mgmtIPS[$i]##*|} | |
done | |
else | |
for (( i=0; i < ${#usrmIPS[@]}; i++ )); do | |
capType[$i]=${usrmIPS[$i]##*|} | |
done | |
fi | |
#Function to zip old pcaps and remove the original file | |
zipPcap () | |
{ | |
/bin/gzip -c $1 > $1.gz && rm $1 & | |
} | |
#Function to go through .pid files and clean up any running captures started by this script | |
#Relies of .pid files being in the following format: | |
#First line is pid of capture | |
#Second line is absolute path to where pcap is stored | |
#Contains logic to ignore any pcap started by this instance of the netCap script | |
cleanOldDumps () | |
{ | |
/usr/bin/find /var/run -name "${capType[$1]}.netcap.*.pid" | while read pidFile;do | |
if [[ ! "${pidFile}" =~ "${$}" ]];then | |
/bin/kill $(head -1 ${pidFile}) | |
zipPcap $(tail -1 ${pidFile}) | |
rm ${pidFile} | |
fi | |
done | |
} | |
#Function that actually kicks of capture and creates .pid file | |
doWork () | |
{ | |
if "$isProxy"; then | |
PCAPFILE="${capDir}/${capType[$1]}.${HOSTNAME}.$(/bin/date "+%H.%M.%h.%d").pcap" | |
/usr/sbin/tcpdump -i eth0 -s 0 "(host ${mgmtIPS[$1]%%|*} or host ${mgmtIPS[$(($1+1))]%%|*} or host ${mgmtIPS[$(($1+))]%%|*})" and "(port 599)" -w $PCAPFILE > /dev/null >&1 & | |
else | |
PCAPFILE="${capDir}/${capType[$1]}.${HOSTNAME}.$(/bin/date "+%H.%M.%h.%d").pcap" | |
/usr/sbin/tcpdump -i eth0 -s 0 "(host ${usrmIPS[$1]%%|*})" -w $PCAPFILE > /dev/null >&1 & | |
fi | |
dumpPid=$! | |
echo "${dumpPid}" >> /var/run/${capType[$1]}.netcap.${$}.pid | |
echo "${PCAPFILE}" >> /var/run/${capType[$1]}.netcap.${$}.pid | |
} | |
#function to create a new directory with today's date to drop pcaps in | |
mkCapDir () | |
{ | |
if [[ ! -d ${capDir} ]];then | |
/bin/mkdir ${capDir} | |
fi | |
} | |
if "$isProxy"; then | |
for (( i=0; i<${#mgmtIPS[@]}; i+=3 )); do | |
mkCapDir | |
doWork ${i} | |
cleanOldDumps ${i} | |
done | |
else | |
for index in ${srmIndex[@]}; do | |
mkCapDir | |
doWork ${index} | |
cleanOldDumps ${index} | |
done | |
fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment