customization for ruCTFe2018

6e8c8516 · Michael · e224f89b · 6e8c8516
Commit 6e8c8516 authored Nov 09, 2018 by Michael
--- a/networksnif.sh
+++ b/networksnif.sh
 #!/bin/sh
 SSH_PORT="22"
-DUMP_IF="enp0s20f0u5"
-DUMP_DIR="/home/michael/Documents/FaustCTF18 test"
-DUMP_FILE="test.pcap"
-SERVICE_PORTS='20001 20002 20003 20004 20005 20006 20007 20008 20009 20010 20011 20012'
-LOCAL_IP="140.78.100.189"
+SMB_PORT1="137"
+SMB_PORT2="138"
+SMB_PORT3="139"
+SMB_PORT4="445"
+DUMP_IF="br0"
+DUMP_DIR="/mnt/share/tcpdumps"
+DUMP_FILE="all.pcap"
+SERVICE_PORTS='20001 20002 20003 20004 20005 20006 20007 20008 20009 20010 20011 20012' #customization for ruCTFe2018
+LOCAL_IP="10.60.12.4" #customization for ruCTFe2018
 #ROTATE_TIME="$((10*60))" # seconds for subdumps

 touch "$DUMP_DIR/logfile"
 echo "Starting capturing on interface $DUMP_IF to file $DUMP_DIR/$DUMP_FILE"
-tcpdump -i "eth0" -z gzip -w "$DUMP_DIR/$DUMP_FILE" -s 0 -nn -U -vvv  "(src host $LOCAL_IP and not src port $SSH_PORT) or (dst host $LOCAL_IP and not dst port $SSH_PORT)" >> "$DUMP_DIR/logfile" &
+tcpdump -i "eth0" -z gzip -w "$DUMP_DIR/$DUMP_FILE" -s 0 -nn -U -vvv  "(src host $LOCAL_IP and not src port $SSH_PORT and not src port $SMB_PORT1 and not src port $SMB_PORT2 and not src port $SMB_PORT3 and not src port $SMB_PORT4) or (dst host $LOCAL_IP and not dst port $SSH_PORT and not dst port $SMB_PORT1 and not dst port $SMB_PORT2 and not dst port $SMB_PORT3 and not dst port $SMB_PORT4)" >> "$DUMP_DIR/logfile" &
 TCPDUMP_PID=$!
 echo "Capturing works on PID $!"