On many projects you need to take network traces form
several interfaces and then merge them. The below script needs to be run on
each host and it takes network traces from several interfaces and waits until
any key is pressed; once you press any key, the script will stop tshark and
will merge the files into one file.
The script input is a directory name,
starttraces.csh <directory>
for example:
starttraces.csh monday
it will create a directory named monday and the captured files will be located inside
starttraces.csh
-------------------
mkdir $1
sudo tshark -inet7 -w$1/`hostname`.network7.$1.pcap -P &
sudo tshark -inet11 -w$1/`hostname`.network11.$1.pcap -P
&
sudo tshark -inet5 -w$1/`hostname`.network5.$1.pcap &
sudo tshark -inet9 -w$1/`hostname`.network9.$1.pcap &
term=`tty | cut -f3- -d'/'`
echo "Press any key to terminate and merge"
dd count=1
sudo pkill tshark -t $term
sudo chmod -R 777 *
mergecap -w$1/`hostname`.merged7_11.cap
$1/`hostname`.network7.$1.pcap $1/`hostname`.network11.$1.pcap
mergecap -w$1/`hostname`.merged5_9.cap
$1/`hostname`.network5.$1.pcap $1/`hostname`.network9.$1.pcap
pwd
echo "Trace Name: "$1
No comments:
Post a Comment