tcpdump on diskless – tod

Name: tod (无盘机器上的tcpdump)

Language: KSH

Destination: tcpdump on diskless

Orignal Intention: Run tcpdump on diskless machine where memory space is highly restricted

Version: 0.0

Supported Protocol: UDP/TCP/SCTP

Supported OS: Linux/FreeBSD/Solaris

Note: ‘root’ permission is preferred to avoid OS kernel error and ‘ssh’ key needs to be setup before running this tool

Example: ./tod -i bond0 -s 0 -w fpt06-s01c11h0_ngss -C 1 -p sctp -R root@172.96.64.152:/root/

P.S. ‘tod’ is written both for use and fun. Hope it useful for you.

Src:

#
# tcpdump on diskless – tod
# Version 0.0
# Oct 12, 2010
#
Dave.Tian@alcatel-lucent.com
#
# Changes:
# Limitation:
#       ‘tod’ is based on ‘tcpdump’ and ‘ssh’. Only 5 options from ‘tcpdump’ –
#       i, s, w, C, p – have been implemented in ‘tod’. For extra options support,
#       please modify ‘tod’ accordingly. For ‘ssh’ issue, ssh keys needs to be
#       constructed ahead of time to guarantee calling ‘scp’ without password.
#       ‘tod’ is NOT supporting multiple instance running on the same machine.
# Examples:
#       tod -i bond0 -s 0 -w fpt06-s01c11h0_ngss -C 1 -p sctp -R
root@172.96.64.152:/root/
#       tod -i eth0.400:4BAAA -s 0 -w tod_on_XXX -C 2 -R daveti@135.1.252.252/home/daveti/
#       tod -i eth0.400 -R root@172.96.64.152:/root/
#

# func:
show_usage() {
        echo “Usage: tod [-h] [-i <interface>] [-s <snaplen>] [-w <filename>] [-C <filesize>] [-p <protocol>] [-R <remoteMachine>]”
        echo ”  -h print this help message”
        echo ”  -p tcpdump option, protocol of the socket: udp/tcp/sctp”
        echo ”  -i tcpdump option, interface of the ethernet card”
        echo ”  -s tcpdump option, snaplen of the required packet, default value 0″
        echo ”  -w tcpdump option, file name for the tcpdump, default name ‘tod_dump'”
        echo ”  -C tcpdump option, file size limitation for each dump, default size 1(MB)”
        echo ”  -R scp option, remote machine to hold the dump from diskless (host IP is prefered), format:
login@IP:DIR
        echo “For detailed information about this tool, please refer to:”
        echo ” 
http://daveti.blog.com
        echo “Any feedback or suggestion please mail to:”
        echo ” 
Dave.Tian@alcatel-lucent.com
}

# Parameters’ processing for ‘tod’
typeset -i VAR_H
typeset -i VAR_I
typeset -i VAR_P
typeset -i VAR_S
typeset -i VAR_W
typeset -i VAR_C
typeset -i VAR_R
VAR_H=0
VAR_I=0
VAR_P=0
VAR_S=0
VAR_W=0
VAR_C=0
VAR_R=0
export INTERFACE=””
export PROTOCOL=””
export SNAPLEN=””
export FILENAME=””
export FILESIZE=””
export REMOTEMACH=””

 if [ “$#” != 0 ]
then
        while getopts hp:i:s:w:C:R: VAR
        do
                case $VAR in
                        h|H)
                                ((VAR_H+=1))
                                ;;
                        i|I)
                                ((VAR_I+=1))
                                INTERFACE=${OPTARG}
                                ;;
                        p|P)
                                ((VAR_P+=1))
                                PROTOCOL=${OPTARG}
                                ;;
                        s|S)
                                ((VAR_S+=1))
                                SNAPLEN=${OPTARG}
                                ;;
                        C|c)
                                ((VAR_C+=1))
                                FILESIZE=${OPTARG}
                                ;;
                        w|W)
                                ((VAR_W+=1))
                                FILENAME=${OPTARG}
                                ;;
                        R|r)
                                ((VAR_R+=1))
                                REMOTEMACH=${OPTARG}
                                ;;
                        ?)
                                show_usage
                                exit 1
                                ;;
                esac

        done

        shift $(($OPTIND – 1))
        VAR_R_ARG=”$*”

        if [ -n “$VAR_R_ARG” ] || [ “$VAR_I” = 0 ] || [ “$VAR_R” = 0 ] || [ “$VAR_H” = 1 ]
        then
                show_usage
                exit 1
        else
                if [ “$VAR_P” != 0 ] && [ “$PROTOCOL” != “udp” ] && [ “$PROTOCOL” != “tcp” ] && [ “$PROTOCOL” != “sctp” ]
                then
                        echo “Error: unsupported protocol. Only UDP/TCP/SCTP is supported by ‘tod'”
                        exit 1
                fi

                if [ “$VAR_S” = 0 ]
                then
                        echo “tod: Take default snaplen 0 for tcpdump”
                        SNAPLEN=”0″
                fi

                if [ “$VAR_C” = 0 ]
                then
                        echo “tod: Take default file size 1MB for tcpdump”
                        FILESIZE=”1″
                fi

                if [ “$VAR_W” = 0 ]
                then
                        echo “tod: Take default file name ‘tod_dump’ for tcpdump”
                        FILENAME=”tod_dump”
                fi
        fi
else
        show_usage
        exit 1
fi

# Construct ‘tcpdump’ cmd and get the PID
echo “tod: tcpdump started”
tcpdump -i $INTERFACE -s $SNAPLEN -w $FILENAME -C$FILESIZE -Z root $PROTOCOL &
TCPDUMP_PID=`ps | grep tcpdump | cut -d” ” -f1 | tr -d ” “`
if [ “$TCPDUMP_PID” = “” ]
then
        echo “Error: could not find the PID of tcpdump”
        echo “Warning: please kill the background job manually”
        exit 1
else
        echo “tod: PID of tcpdump: $TCPDUMP_PID”
fi

# Call for ‘todss’ with PID of ‘tod’ and PID of ‘tcpdump’
TOD_PID=`echo $$`
echo “tod: PID of todss: $TOD_PID”
if [ -f “$PWD/todss” ]
then
        echo “tod: todss started”
        ./todss $TOD_PID $TCPDUMP_PID &
else
        echo “Error: no ‘todss’ found in currrent directory”
        exit 1
fi

 # Start main thread for ‘tod’
echo “tod: started”
touch $FILENAME
while true
do
        files=`ls $FILENAME* | wc -l`
        if [ “$files”  -gt 1 ]
        then
                # Only keep the 2 latest files on diskless
                for var in $(ls -t $FILENAME* | sed ‘1,2d’)
                do
                        scp $var $REMOTEMACH
                        rm $var
                done
        fi
        sleep 1
done

#
# tcpdump on diskless sub script – todss
# Version 0.0
# Oct 12, 2010
#
Dave.Tian@alcatel-lucent.com
#
# Instruction:
#       This is a sub script called by ‘tod’. It acts as a sub thread
#       to detect if ‘tod’ is existed by ‘ctrl-c’ to determine if
#       background ‘tcpdump’ job is needed to be shutdown.
#

while true
do
        if [ “$(ps | grep ${1})” = “” ]
        then
                # Main ‘tod’ is exited; kill the ‘tcpdump’ job
                echo “todss: tcpdump stopped”
                # Note: only shell builtin kill accepts the job id as option,
                # however, seems builtin kill could not be called in script.
                # The possible reason should be independent job ids among
                # different sub shells. (That is why cmd kill works but script
                # kill complains: no such job.)
                # /bin/kill or /usr/bin/kill only accepts PID.
                # type -a kill: display the different kinds of kills.
                # So we will use PID instead of job id.
                kill ${2}
                exit 1
        else
                sleep 1
        fi
done

 

About daveti

Interested in kernel hacking, compilers, machine learning and guitars.
This entry was posted in Dave's Tools and tagged , , , , . Bookmark the permalink.

86 Responses to tcpdump on diskless – tod

  1. Jon, was that you on the guitar 🙂

  2. stomatolog says:

    Jon K – you said “Any Canadian would totally rather be living in the tropics pursued by ravenous giant monsters than have to live in Canada, you know?”

  3. When I originally commented I clicked the -Notify me when new comments are added- checkbox and now each time a comment is added I get four emails with the same comment. Is there any way you can remove me from that service? Thanks!

    • dave.tian says:

      I tried modifying the setting on ‘member notification’ by disabling ‘notify once a new comment there’. However, i could not find the member list to maintain. U can leave me a msg to see if it works…

  4. Youre so cool! I dont suppose Ive read anything like this before. So nice to find somebody with some original thoughts on this subject. realy thank you for starting this up. this website is something that is needed on the web, someone with a little originality. useful job for bringing something new to the internet!

  5. Thank you for posting this! 🙂

  6. Lately IÂ’ve been coming across articles on this topic one after another. IÂ’m always very grateful for everyone who write them.

  7. akumulatory says:

    Hello! I just would like to give a huge thumbs up for the great info you have here on this post. I will be coming back to your blog for more soon.

  8. Usually I don’t read post on blogs, but I wish to say that this write-up very forced me to try and do so! Your writing style has been amazed me. Thanks, quite nice post.

    • daveti says:

      sorry, man, haven’t got time on this….but will post some ideas on AI/assembly/socket. Wish you like them:)
      And thanks for your kind asking…at least, i know i could write sth really helping other:)

  9. Na Kenrick says:

    Here is an good post regarding traffic from Twitter with your WordPress site. Here it is: http://www.wordpressrobot.com/5-steps-to-becoming-highly-infectious-on-twitter You can use unlimited Twitter accounts to tweet from and use proxy IP’s if you prefer. This will really deliver a lot of visitors from Twitter to all your WordPress blogs. All fully automatic! wprobot

  10. Hey there! Quick question that’s completely off topic. Do you know how to make your site mobile friendly? My site looks weird when browsing from my iphone4. I’m trying to find a theme or plugin that might be able to correct this problem. If you have any recommendations, please share. With thanks!

    • daveti says:

      Hi, my friend. I have to say sorry as i have never used my nokia 6600 to checked out my blog before (even though you remind me, i am not able to get access to my blog because of GFW of chinese government…). Back to your question, I wonder if it is related with the web browser your iphone4 is running….apparently, my site looks a bit different between firefox and IE…I assume this should be related with different parsing for tags in html…though i am not an expert on web:) I would recommend trying another web browser if possible – to get fully support for all kinds of tags there on your blog. Otherwise, we may need to rise up this question to support@blog.com

  11. I wanna read more your articles!

  12. Once again Awesome post ! Linked to this 🙂

  13. You have some very helpful suggestions! Conceivably I must take into account carrying out this by my self. Cheers

  14. FROSTWIRE says:

    Simply desire to say your article is as surprising. The clarity in your post is simply nice and i could assume you are an expert on this subject. Fine with your permission allow me to grab your feed to keep up to date with forthcoming post. Thanks a million and please keep up the rewarding work.

    • daveti says:

      U r so nice, my friend. In fact, i’m not such an expert – just writing down the things/issues during my work. Indeed, I encountered a few UDP pkgs issue. From my point of view, there are 4 potential causes – CPU overload, socket overflow, limited bandwidth and router…..(seems i still need a series of posts to make it more clear:) Again, thank you, my friend!

  15. The entire 3d Floor Decal Graphics will probably be appropriate, split second picture presentation method. In their up-right overall look, 3-d Floorgraphics can be straight away observed by virtually anyone who will be walking into their path.

  16. This was a very interesting post!

  17. Excellent content and genuinely can assist with becoming familiar with the issue much better.

  18. Attractive section of content. I just stumbled upon your site and in accession capital to assert that I acquire actually enjoyed account your blog posts. Any way I’ll be subscribing to your augment and even I achievement you access consistently fast.

  19. Quite a complete checklist and makes for terribly interesting studying… Hopefully will capable to do all of it although!!!

  20. *I’m impressed, I must say. Really rarely do I encounter a blog that’s both educative and entertaining, and let me tell you, you have hit the nail on the head. Your idea is outstanding; the issue is something that not enough people are speaking intelligently about. I am very happy that I stumbled across this in my search for something relating to this.

  21. frostwire says:

    I think this is among the most vital info for me. And i’m glad reading your article. But should remark on some general things, The website style is great, the articles is really excellent : D. Good job, cheers

  22. Thanks a lot for your great article. I have been looking for such content for a really long time. Not everything is completely clear to me, even though it is definitely interesting and worth reading.

    • daveti says:

      Thank you, my friend, though i have not updated my blog for long time. Being struggle with project…However, your comment is always a good reminder for me – update the damn blog and write sth original and real – as long as you do this, you could get the great comment:)

  23. I think it is a really good point of view. I often meet people who rather say what they suppose others want to hear. Good and well written! I will come back to your site for sure!

  24. it is a truely good point of view. I meet people who rather say what they suppose others want to hear. Good and well written! I will come back to your site for sure!

  25. Not only will these floor mats defend your carpet from mud and exterior particles, but you will not have to fear about foods stains, drink spills or grime from tools. Your automobile will search a lot greater with the ground mats, whilst defending it at the same time. The variety of protection that would operate greatest for a truck that is becoming used for large duty work would be the thick rubber ground mats. These rubber mats resist stains very well, and are not hard to clean; they can be rinsed with h2o hose as prolonged as you clear them although spills are clean. After hosing them down and letting them air dry or drying them with a towel you are all set to put them again inside your truck.

  26. mydirtyhobby says:

    Pretty section of content. I just stumbled upon your site and in accession capital to assert that I get in fact enjoyed account your blog posts. Any way I’ll be subscribing to your feeds and even I achievement you access consistently rapidly.

  27. Can I simply say what a reduction to search out somebody who really is aware of what theyre speaking about on the internet. You undoubtedly know tips on how to bring an issue to mild and make it important. More folks need to read this and perceive this aspect of the story. I cant consider youre no more standard since you definitely have the gift.

    • daveti says:

      So nice words – thank you for your compliment, my friend. Frankly, I’ve never thought some of my ‘not serious’ post would help people. Well, seems I should keep my ‘not serious” style:)

  28. I was suggested this website by my cousin. I’m not sure whether this post is written by him as no one else know such detailed about my difficulty. You are amazing! Thanks!

    • daveti says:

      I have to say thanks to your cousin, who guided you here finally. Most of my posts were originated; otherwise, you may see ‘Transferred’ in the topic. Thanks again, my friend:)

  29. Hello Web Admin, I noticed that your On-Page SEO is not that great, for one you do not use all three H tags in your post, also I notice that you are not using bold or italics properly in your SEO optimization. On-Page SEO means more now than ever since the new Google update: Panda. No longer are backlinks and simply pinging or sending out a RSS feed the key to getting Google PageRank or Alexa Rankings, You now NEED On-Page SEO. So what is good On-Page SEO?First your keyword must appear in the title.Then it must appear in the URL.You have to optimize your keyword and make sure that it has a nice keyword density of 3-5% in your article with relevant LSI (Latent Semantic Indexing). Then you should spread all H1,H2,H3 tags in your article.Your Keyword should appear in your first paragraph and in the last sentence of the page. You should have relevant usage of Bold and italics of your keyword.There should be one internal link to a page on your blog and you should have one image with an alt tag that has your keyword….wait there’s even more Now what if i told you there was a simple WordPress plugin that does all the On-Page SEO, and automatically for you? That’s right AUTOMATICALLY, just watch this 4minute video for more information at. WordPress Seo Plugin

  30. I precisely wanted to say thanks once again. I do not know what I would have made to happen without these techniques revealed by you relating to my area of interest. It had become a very difficult condition for me, nevertheless taking a look at the very expert avenue you resolved it made me to weep over joy. I’m happier for your guidance and believe you find out what a powerful job you’re putting in training the mediocre ones using a blog. Most likely you’ve never encountered any of us.

    • daveti says:

      Thanks again, my friend – so nice words – I am trying my best to make this blog a hint for the ones once ever trying to find sth useful via Google….

  31. prezent says:

    I am extremely impressed with your writing skills as well as with the layout on your weblog. Is this a paid theme or did you customize it yourself? Anyway keep up the excellent quality writing, it’s rare to see a great blog like this one nowadays..

  32. prezenty says:

    I don’t even know how I ended up here, but I thought this post was great. I do not know who you are but definitely you’re going to a famous blogger if you are not already 😉 Cheers!

  33. kominki says:

    I’m not sure where you are getting your info, but good topic. I needs to spend some time learning more or understanding more. Thanks for magnificent information I was looking for this information for my mission.

  34. szklane says:

    Very nice post. I just stumbled upon your blog and wished to say that I’ve really enjoyed surfing around your blog posts. In any case I will be subscribing to your rss feed and I hope you write again soon!

  35. kliknij says:

    This is very interesting, You’re a very skilled blogger. I’ve joined your rss feed and look forward to seeking more of your excellent post. Also, I’ve shared your website in my social networks!

  36. you have a great blog here! would you like to make some invite posts on my blog?

  37. robocza says:

    I in addition to my guys came reading through the good thoughts found on the blog while quickly developed an awful feeling I had not thanked the web site owner for them. Those people are already totally thrilled to study all of them and now have truly been making the most of them. Appreciation for indeed being so thoughtful as well as for selecting this kind of really good areas most people are really needing to understand about. My very own sincere apologies for not expressing gratitude to you sooner.

    • daveti says:

      You are so welcome, my friends, and thank you for your so many compliment words. No apology indeed – I have got the most exciting thing already when you come into my blog! Thank you!

  38. Apple inc is now offering Rhapsody as a possible software, and that is a terrific launch, yet it’s currently distracted with the wherewithal to keep in your neighborhood on your own ipod devices, and it has a gloomy 64kbps little bit fee. If this type of changes, then it will certainly somewhat negate this specific edge for the Zune, though the 13 music monthly will still be an important also in Microsoft zune Pass’ prefer.

  39. momo says:

    tcpdump on diskless – tod | daveti – blog of Dave(Jing) Tian Very nice post. I just stumbled upon your blog and wished to say that I’ve truly enjoyed browsing your blog posts. In any case I’ll be subscribing to your rss feed and I hope you write again very soon!

  40. Cacilia says:

    I don’t spam people, in fact I hate it. For matters of ranking your keyword on baidu, the world’s second large search engine, it takes me only hours because I use totally my own private method based on my oen experiment. I provide Ranking Baidu overnight service on fiverr and you may see a big number of my customers’ feedback for my excellent service. Yes, that’s right. I prvide Ranking your keyword 24 hours on Baidu top 10 list. You may head to my service on fiverr clicking the link below: http://fiverr.com/chinaforce/rank-your-keyword-on-china-key-search-engine-baidu

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s