Last active
December 7, 2023 09:05
-
-
Save etyp/dc9a9c620cc66f8d0344979e118b1721 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Send TCP dumps to S3 | |
| die() { status=$1; shift; echo "FATAL: $*"; exit $status; } | |
| # Replace with actual bucket name | |
| BUCKET_NAME="my-bucket"; | |
| # Get instance id | |
| INSTANCE_ID="`wget -q -O - http://169.254.169.254/latest/meta-data/instance-id || die \"wget instance-id has failed: $?\"`" | |
| # Init temp file | |
| touch temp.pcap | |
| while true : | |
| do | |
| # Capture 5k packets | |
| sudo tcpdump -i eth0 -w temp.pcap -c 5000 port 80 | |
| # Build filename | |
| YEAR=$(date +%Y); | |
| MONTH=$(date +%m); | |
| DAY=$(date +%d); | |
| HOUR=$(date +%H); | |
| MINUTE=$(date +%M); | |
| S3_KEY="s3://${BUCKET_NAME}/${INSTANCE_ID}/${YEAR}/${MONTH}/${DAY}/${HOUR}:${MINUTE}-${INSTANCE_ID}.pcap"; | |
| # Upload file to bucket with date | |
| echo "Writing temp.pcap to ${S3_KEY}" | |
| aws s3 cp --quiet temp.pcap $S3_KEY | |
| # Clear temp pcap | |
| rm -f temp.pcap | |
| done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment