terça-feira, 15 de abril de 2014

Script to capture traffic HTTP and HTTPS on linux interface

1. Introduction

Script to capture http and https traffic on linux interface

2. Example


#! /bin/bash

PCAP_FILE_NAME=/tmp/http_traffic.$$.pcap
REPORT_FILE=/tmp/http_traffic_report_`date +%Y%m%d%H%M%S`.txt
DSTNET=10.3.0.0/16
/usr/sbin/tcpdump -G 3600 -w $PCAP_FILE_NAME -W 1 -s 64 -i eth5 "dst net $DSTNET and (src port 80 or src port 443)"
/usr/sbin/tcpdump -nn -r $PCAP_FILE_NAME | awk '{split($5,a,"."); print a[1] "." a[2] "." a[3] "." a[4]  ";" $NF}' | /bin/awk -F";" '{sz[$1] = sz[$1] + $2} END{for (x in sz) {print sz[x] "\t" x}}' | sort -n > $REPORT_FILE
/sbin/ip neighb show >> $REPORT_FILE
rm -f $PCAP_FILE_NAME

Nenhum comentário:

Postar um comentário