Last active
March 16, 2023 14:47
-
-
Save mschmitt/fd32d2eb1f5dee0d206789ed352dc3ec to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # /etc/systemd/system/tcpdump-unattended.service | |
| [Unit] | |
| Description=unattended tcpdump (to /var/tmp) | |
| After=network.target suspend.target hibernate.target hybrid-sleep.target suspend-then-hibernate.target | |
| [Service] | |
| UMask=0022 | |
| WorkingDirectory=/var/tmp | |
| # Ensure requirements are met | |
| ExecCondition=jq --version | |
| ExecCondition=tcpdump --version | |
| # Cleanup files from previous run | |
| ExecStartPre=sh -c 'rm -v -f tcpdump-unattended.*' | |
| # Rotate -w outfile after -G 900 seconds, write -W 1 generations (= exit when first outfile done) | |
| ExecStart=tcpdump -G 900 -W 1 -w tcpdump-unattended.INPROGRESS.cap -i any | |
| # Move to final location | |
| ExecStopPost=test -s tcpdump-unattended.INPROGRESS.cap | |
| ExecStopPost=mv -v -f tcpdump-unattended.INPROGRESS.cap tcpdump-unattended.complete.cap | |
| # Match interface indexes to interface names | |
| ExecStopPost=sh -c 'ip --json addr show | jq -r ".[] | [ .ifindex, .ifname ] | join(\\" \\")" | tee tcpdump-unattended.interfaces.txt' | |
| # Split full capture into per-interface capture files | |
| ExecStopPost=sh -c 'while read i n; do tcpdump -r tcpdump-unattended.complete.cap -w tcpdump-unattended.$${n}.cap ifindex "$${i}"; done < tcpdump-unattended.interfaces.txt' | |
| [Install] | |
| WantedBy=network.target suspend.target hibernate.target hybrid-sleep.target suspend-then-hibernate.target |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment