Skip to content

GitLab

Commit e224f89b authored by Michael Preisach's avatar Michael Preisach
Browse files

added -U to the other tcpdump commands

parent 36f19278
Pipeline #9 failed with stages
Hide whitespace changes
Inline Side-by-side
networksnif.sh
View file @ e224f89b
#!/bin/sh
SSH_PORT="22"
DUMP_IF="eno0"
DUMP_IF="enp0s20f0u5"
DUMP_DIR="/home/michael/Documents/FaustCTF18 test"
DUMP_FILE="test.pcap"
SERVICE_PORTS='20001 20002 20003 20004 20005 20006 20007 20008 20009 20010 20011 20012'
LOCAL_IP="172.31.129.98"
LOCAL_IP="140.78.100.189"
#ROTATE_TIME="$((10*60))" # seconds for subdumps
touch "$DUMP_DIR/logfile"
......@@ -17,7 +17,7 @@ for i in $SERVICE_PORTS; do
echo "Starting filtering Port $i from file $DUMP_DIR/$DUMP_FILE into folder $DUMP_DIR/$i/"
mkdir "$DUMP_DIR/$i"
cd "$DUMP_DIR/$i"
tail -c +1 -f --pid $TCPDUMP_PID "$DUMP_DIR/$DUMP_FILE" | tcpdump -r - -z gzip -w "$DUMP_DIR/$i/dump-port$i.pcap" -s 0 -vvv -nn "(src host $LOCAL_IP and src port $i) or (dst host $LOCAL_IP and dst port $i)" >> "$DUMP_DIR/logfile" &
tail -c +1 -f --pid $TCPDUMP_PID "$DUMP_DIR/$DUMP_FILE" | tcpdump -r - -z gzip -w -U "$DUMP_DIR/$i/dump-port$i.pcap" -s 0 -vvv -nn "(src host $LOCAL_IP and src port $i) or (dst host $LOCAL_IP and dst port $i)" >> "$DUMP_DIR/logfile" &
echo "tcpdump Port $i on PID $!"
tail -c +1 -f --pid $TCPDUMP_PID "$DUMP_DIR/$DUMP_FILE" | tcpick -r - -wRub "(src host $LOCAL_IP and src port $i) or (dst host $LOCAL_IP and dst port $i)" >> "$DUMP_DIR/logfile" &
echo "tcpick Port $i on PID $!"
......@@ -28,16 +28,16 @@ echo "Network analyzing started"
# local execution
#tcpdump -i "$DUMP_IF" -z gzip -w "$LOGPATH/dump-port8080-%H-%M-%S.pcap" -G "$ROTATE_TIME" -s 0 -vvv "(src host $LOCAL_IP and src port 8080) or (dst host $LOCAL_IP and dst port 20001)" &
#tcpdump -i "$DUMP_IF" -z gzip -w -U "$LOGPATH/dump-port8080-%H-%M-%S.pcap" -G "$ROTATE_TIME" -s 0 -vvv "(src host $LOCAL_IP and src port 8080) or (dst host $LOCAL_IP and dst port 20001)" &
#echo $? >> pid.txt
#tcpdump -i "$DUMP_IF" -z gzip -w "$LOGPATH/dump-port80-%H-%M-%S.pcap" -G "$ROTATE_TIME" -s 0 -vvv "(src host $LOCAL_IP and src port 80) or (dst host $LOCAL_IP and dst port 20002)" &
#tcpdump -i "$DUMP_IF" -z gzip -w "$LOGPATH/dump-port5554-%H-%M-%S.pcap" -G "$ROTATE_TIME" -s 0 -vvv "(src host $LOCAL_IP and src port 5554) or (dst host $LOCAL_IP and dst port 20003)" &
#tcpdump -i "$DUMP_IF" -z gzip -w "$LOGPATH/dump-port4242-%H-%M-%S.pcap" -G "$ROTATE_TIME" -s 0 -vvv "(src host $LOCAL_IP and src port 4242) or (dst host $LOCAL_IP and dst port 20004)" &
#tcpdump -i "$DUMP_IF" -z gzip -w "$LOGPATH/dump-port65533-%H-%M-%S.pcap" -G "$ROTATE_TIME" -s 0 -vvv "(src host $LOCAL_IP and src port 65533) or (dst host $LOCAL_IP and dst port 20005)" &
#tcpdump -i "$DUMP_IF" -z gzip -w "$LOGPATH/dump-port8000-%H-%M-%S.pcap" -G "$ROTATE_TIME" -s 0 -vvv "(src host $LOCAL_IP and src port 8000) or (dst host $LOCAL_IP and dst port 20006)" &
#tcpdump -i "$DUMP_IF" -z gzip -w "$LOGPATH/dump-port2443-%H-%M-%S.pcap" -G "$ROTATE_TIME" -s 0 -vvv "(src host $LOCAL_IP and src port 2443) or (dst host $LOCAL_IP and dst port 20007)" &
#tcpdump -i "$DUMP_IF" -z gzip -w "$LOGPATH/dump-port5743-%H-%M-%S.pcap" -G "$ROTATE_TIME" -s 0 -vvv "(src host $LOCAL_IP and src port 5743) or (dst host $LOCAL_IP and dst port 20008)" &
#tcpdump -i "$DUMP_IF" -z gzip -w "$LOGPATH/dump-all-%H-%M-%S.pcap" -G "$ROTATE_TIME" -s 0 -vvv "(src host $LOCAL_IP or dst host $LOCAL_IP) and not port $SSH_PORT" &
#tcpdump -i "$DUMP_IF" -z gzip -w -U "$LOGPATH/dump-port80-%H-%M-%S.pcap" -G "$ROTATE_TIME" -s 0 -vvv "(src host $LOCAL_IP and src port 80) or (dst host $LOCAL_IP and dst port 20002)" &
#tcpdump -i "$DUMP_IF" -z gzip -w -U "$LOGPATH/dump-port5554-%H-%M-%S.pcap" -G "$ROTATE_TIME" -s 0 -vvv "(src host $LOCAL_IP and src port 5554) or (dst host $LOCAL_IP and dst port 20003)" &
#tcpdump -i "$DUMP_IF" -z gzip -w -U "$LOGPATH/dump-port4242-%H-%M-%S.pcap" -G "$ROTATE_TIME" -s 0 -vvv "(src host $LOCAL_IP and src port 4242) or (dst host $LOCAL_IP and dst port 20004)" &
#tcpdump -i "$DUMP_IF" -z gzip -w -U "$LOGPATH/dump-port65533-%H-%M-%S.pcap" -G "$ROTATE_TIME" -s 0 -vvv "(src host $LOCAL_IP and src port 65533) or (dst host $LOCAL_IP and dst port 20005)" &
#tcpdump -i "$DUMP_IF" -z gzip -w -U "$LOGPATH/dump-port8000-%H-%M-%S.pcap" -G "$ROTATE_TIME" -s 0 -vvv "(src host $LOCAL_IP and src port 8000) or (dst host $LOCAL_IP and dst port 20006)" &
#tcpdump -i "$DUMP_IF" -z gzip -w -U "$LOGPATH/dump-port2443-%H-%M-%S.pcap" -G "$ROTATE_TIME" -s 0 -vvv "(src host $LOCAL_IP and src port 2443) or (dst host $LOCAL_IP and dst port 20007)" &
#tcpdump -i "$DUMP_IF" -z gzip -w -U "$LOGPATH/dump-port5743-%H-%M-%S.pcap" -G "$ROTATE_TIME" -s 0 -vvv "(src host $LOCAL_IP and src port 5743) or (dst host $LOCAL_IP and dst port 20008)" &
#tcpdump -i "$DUMP_IF" -z gzip -w -U "$LOGPATH/dump-all-%H-%M-%S.pcap" -G "$ROTATE_TIME" -s 0 -vvv "(src host $LOCAL_IP or dst host $LOCAL_IP) and not port $SSH_PORT" &
#echo "tcpdump launched."
####
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment