Name: tod (无盘机器上的tcpdump)
Language: KSH
Destination: tcpdump on diskless
Orignal Intention: Run tcpdump on diskless machine where memory space is highly restricted
Version: 0.0
Supported Protocol: UDP/TCP/SCTP
Supported OS: Linux/FreeBSD/Solaris
Note: ‘root’ permission is preferred to avoid OS kernel error and ‘ssh’ key needs to be setup before running this tool
Example: ./tod -i bond0 -s 0 -w fpt06-s01c11h0_ngss -C 1 -p sctp -R root@172.96.64.152:/root/
P.S. ‘tod’ is written both for use and fun. Hope it useful for you.
Src:
#
# tcpdump on diskless – tod
# Version 0.0
# Oct 12, 2010
# Dave.Tian@alcatel-lucent.com
#
# Changes:
# Limitation:
# ‘tod’ is based on ‘tcpdump’ and ‘ssh’. Only 5 options from ‘tcpdump’ –
# i, s, w, C, p – have been implemented in ‘tod’. For extra options support,
# please modify ‘tod’ accordingly. For ‘ssh’ issue, ssh keys needs to be
# constructed ahead of time to guarantee calling ‘scp’ without password.
# ‘tod’ is NOT supporting multiple instance running on the same machine.
# Examples:
# tod -i bond0 -s 0 -w fpt06-s01c11h0_ngss -C 1 -p sctp -R root@172.96.64.152:/root/
# tod -i eth0.400:4BAAA -s 0 -w tod_on_XXX -C 2 -R daveti@135.1.252.252/home/daveti/
# tod -i eth0.400 -R root@172.96.64.152:/root/
#
# func:
show_usage() {
echo “Usage: tod [-h] [-i <interface>] [-s <snaplen>] [-w <filename>] [-C <filesize>] [-p <protocol>] [-R <remoteMachine>]”
echo ” -h print this help message”
echo ” -p tcpdump option, protocol of the socket: udp/tcp/sctp”
echo ” -i tcpdump option, interface of the ethernet card”
echo ” -s tcpdump option, snaplen of the required packet, default value 0″
echo ” -w tcpdump option, file name for the tcpdump, default name ‘tod_dump'”
echo ” -C tcpdump option, file size limitation for each dump, default size 1(MB)”
echo ” -R scp option, remote machine to hold the dump from diskless (host IP is prefered), format: login@IP:DIR”
echo “For detailed information about this tool, please refer to:”
echo ” http://daveti.blog.com”
echo “Any feedback or suggestion please mail to:”
echo ” Dave.Tian@alcatel-lucent.com”
}
# Parameters’ processing for ‘tod’
typeset -i VAR_H
typeset -i VAR_I
typeset -i VAR_P
typeset -i VAR_S
typeset -i VAR_W
typeset -i VAR_C
typeset -i VAR_R
VAR_H=0
VAR_I=0
VAR_P=0
VAR_S=0
VAR_W=0
VAR_C=0
VAR_R=0
export INTERFACE=””
export PROTOCOL=””
export SNAPLEN=””
export FILENAME=””
export FILESIZE=””
export REMOTEMACH=””
if [ “$#” != 0 ]
then
while getopts hp:i:s:w:C:R: VAR
do
case $VAR in
h|H)
((VAR_H+=1))
;;
i|I)
((VAR_I+=1))
INTERFACE=${OPTARG}
;;
p|P)
((VAR_P+=1))
PROTOCOL=${OPTARG}
;;
s|S)
((VAR_S+=1))
SNAPLEN=${OPTARG}
;;
C|c)
((VAR_C+=1))
FILESIZE=${OPTARG}
;;
w|W)
((VAR_W+=1))
FILENAME=${OPTARG}
;;
R|r)
((VAR_R+=1))
REMOTEMACH=${OPTARG}
;;
?)
show_usage
exit 1
;;
esac
done
shift $(($OPTIND – 1))
VAR_R_ARG=”$*”
if [ -n “$VAR_R_ARG” ] || [ “$VAR_I” = 0 ] || [ “$VAR_R” = 0 ] || [ “$VAR_H” = 1 ]
then
show_usage
exit 1
else
if [ “$VAR_P” != 0 ] && [ “$PROTOCOL” != “udp” ] && [ “$PROTOCOL” != “tcp” ] && [ “$PROTOCOL” != “sctp” ]
then
echo “Error: unsupported protocol. Only UDP/TCP/SCTP is supported by ‘tod'”
exit 1
fi
if [ “$VAR_S” = 0 ]
then
echo “tod: Take default snaplen 0 for tcpdump”
SNAPLEN=”0″
fi
if [ “$VAR_C” = 0 ]
then
echo “tod: Take default file size 1MB for tcpdump”
FILESIZE=”1″
fi
if [ “$VAR_W” = 0 ]
then
echo “tod: Take default file name ‘tod_dump’ for tcpdump”
FILENAME=”tod_dump”
fi
fi
else
show_usage
exit 1
fi
# Construct ‘tcpdump’ cmd and get the PID
echo “tod: tcpdump started”
tcpdump -i $INTERFACE -s $SNAPLEN -w $FILENAME -C$FILESIZE -Z root $PROTOCOL &
TCPDUMP_PID=`ps | grep tcpdump | cut -d” ” -f1 | tr -d ” “`
if [ “$TCPDUMP_PID” = “” ]
then
echo “Error: could not find the PID of tcpdump”
echo “Warning: please kill the background job manually”
exit 1
else
echo “tod: PID of tcpdump: $TCPDUMP_PID”
fi
# Call for ‘todss’ with PID of ‘tod’ and PID of ‘tcpdump’
TOD_PID=`echo $$`
echo “tod: PID of todss: $TOD_PID”
if [ -f “$PWD/todss” ]
then
echo “tod: todss started”
./todss $TOD_PID $TCPDUMP_PID &
else
echo “Error: no ‘todss’ found in currrent directory”
exit 1
fi
# Start main thread for ‘tod’
echo “tod: started”
touch $FILENAME
while true
do
files=`ls $FILENAME* | wc -l`
if [ “$files” -gt 1 ]
then
# Only keep the 2 latest files on diskless
for var in $(ls -t $FILENAME* | sed ‘1,2d’)
do
scp $var $REMOTEMACH
rm $var
done
fi
sleep 1
done
#
# tcpdump on diskless sub script – todss
# Version 0.0
# Oct 12, 2010
# Dave.Tian@alcatel-lucent.com
#
# Instruction:
# This is a sub script called by ‘tod’. It acts as a sub thread
# to detect if ‘tod’ is existed by ‘ctrl-c’ to determine if
# background ‘tcpdump’ job is needed to be shutdown.
#
while true
do
if [ “$(ps | grep ${1})” = “” ]
then
# Main ‘tod’ is exited; kill the ‘tcpdump’ job
echo “todss: tcpdump stopped”
# Note: only shell builtin kill accepts the job id as option,
# however, seems builtin kill could not be called in script.
# The possible reason should be independent job ids among
# different sub shells. (That is why cmd kill works but script
# kill complains: no such job.)
# /bin/kill or /usr/bin/kill only accepts PID.
# type -a kill: display the different kinds of kills.
# So we will use PID instead of job id.
kill ${2}
exit 1
else
sleep 1
fi
done
davejingtian.org 
Jon, was that you on the guitar 🙂
yes, sir….I play elec guitar:) though not pro, i like the things i make it myself – including music:)
u remind me…i should kick off guitar blogging:)
Jon K – you said “Any Canadian would totally rather be living in the tropics pursued by ravenous giant monsters than have to live in Canada, you know?”
Really smart words. I agree:)
When I originally commented I clicked the -Notify me when new comments are added- checkbox and now each time a comment is added I get four emails with the same comment. Is there any way you can remove me from that service? Thanks!
I tried modifying the setting on ‘member notification’ by disabling ‘notify once a new comment there’. However, i could not find the member list to maintain. U can leave me a msg to see if it works…
Youre so cool! I dont suppose Ive read anything like this before. So nice to find somebody with some original thoughts on this subject. realy thank you for starting this up. this website is something that is needed on the web, someone with a little originality. useful job for bringing something new to the internet!
thank you, buddy. Yep, that is my point – writing sth with my real exp. Glad to see someone like it:)
dentysta
dentist?
Thank you for posting this! 🙂
Glad to see it helps:-)
That is a brilliant idea!
thank you, my friend:)
Lately IÂ’ve been coming across articles on this topic one after another. IÂ’m always very grateful for everyone who write them.
U r so nice:)
Hello! I just would like to give a huge thumbs up for the great info you have here on this post. I will be coming back to your blog for more soon.
Thank you for your compliment:)
Usually I don’t read post on blogs, but I wish to say that this write-up very forced me to try and do so! Your writing style has been amazed me. Thanks, quite nice post.
Thanks so much for your so nice words. Glad to see this blog does some help to someone:)
any update on this? debt relief
sorry, man, haven’t got time on this….but will post some ideas on AI/assembly/socket. Wish you like them:)
And thanks for your kind asking…at least, i know i could write sth really helping other:)
Here is an good post regarding traffic from Twitter with your WordPress site. Here it is: http://www.wordpressrobot.com/5-steps-to-becoming-highly-infectious-on-twitter You can use unlimited Twitter accounts to tweet from and use proxy IP’s if you prefer. This will really deliver a lot of visitors from Twitter to all your WordPress blogs. All fully automatic! wprobot
that’s cool…actually if we could write that robot all by ourselves…will be much more cooler:)
Hey there! Quick question that’s completely off topic. Do you know how to make your site mobile friendly? My site looks weird when browsing from my iphone4. I’m trying to find a theme or plugin that might be able to correct this problem. If you have any recommendations, please share. With thanks!
Hi, my friend. I have to say sorry as i have never used my nokia 6600 to checked out my blog before (even though you remind me, i am not able to get access to my blog because of GFW of chinese government…). Back to your question, I wonder if it is related with the web browser your iphone4 is running….apparently, my site looks a bit different between firefox and IE…I assume this should be related with different parsing for tags in html…though i am not an expert on web:) I would recommend trying another web browser if possible – to get fully support for all kinds of tags there on your blog. Otherwise, we may need to rise up this question to support@blog.com
* Buy Original Art Online
not bad, i mean the web:)
I wanna read more your articles!
Thank you, man
Once again Awesome post ! Linked to this 🙂
Thank you very much. Feel free to link or transfer it – CopyLeft:)
You have some very helpful suggestions! Conceivably I must take into account carrying out this by my self. Cheers
Thank you for your nice word, cheers:)
Simply desire to say your article is as surprising. The clarity in your post is simply nice and i could assume you are an expert on this subject. Fine with your permission allow me to grab your feed to keep up to date with forthcoming post. Thanks a million and please keep up the rewarding work.
U r so nice, my friend. In fact, i’m not such an expert – just writing down the things/issues during my work. Indeed, I encountered a few UDP pkgs issue. From my point of view, there are 4 potential causes – CPU overload, socket overflow, limited bandwidth and router…..(seems i still need a series of posts to make it more clear:) Again, thank you, my friend!
The entire 3d Floor Decal Graphics will probably be appropriate, split second picture presentation method. In their up-right overall look, 3-d Floorgraphics can be straight away observed by virtually anyone who will be walking into their path.
Good to know i’ve done sth right and thank you for your pro instruction on web design/layout:)
This was a very interesting post!
thank you, may it help:)
Excellent content and genuinely can assist with becoming familiar with the issue much better.
Thanks, man. Good to see it helps:)
Attractive section of content. I just stumbled upon your site and in accession capital to assert that I acquire actually enjoyed account your blog posts. Any way I’ll be subscribing to your augment and even I achievement you access consistently fast.
Thank you, Man! Glad to see it helps:)
Quite a complete checklist and makes for terribly interesting studying… Hopefully will capable to do all of it although!!!
indeed, sir – key point is if scp could be done without passwd checking…
*I’m impressed, I must say. Really rarely do I encounter a blog that’s both educative and entertaining, and let me tell you, you have hit the nail on the head. Your idea is outstanding; the issue is something that not enough people are speaking intelligently about. I am very happy that I stumbled across this in my search for something relating to this.
Very very very nice words and compliment:) Thank you, my friend!
I think this is among the most vital info for me. And i’m glad reading your article. But should remark on some general things, The website style is great, the articles is really excellent : D. Good job, cheers
Thank you sir….frankly, there should be lots of stuffs on ssh….wish i could go deeper someday and have a share:)
Thanks a lot for your great article. I have been looking for such content for a really long time. Not everything is completely clear to me, even though it is definitely interesting and worth reading.
Thank you, my friend, though i have not updated my blog for long time. Being struggle with project…However, your comment is always a good reminder for me – update the damn blog and write sth original and real – as long as you do this, you could get the great comment:)
I think it is a really good point of view. I often meet people who rather say what they suppose others want to hear. Good and well written! I will come back to your site for sure!
Thank you, my friend – u r telling me how important to make it by myself at first:)
it is a truely good point of view. I meet people who rather say what they suppose others want to hear. Good and well written! I will come back to your site for sure!
thanks, my friend, will this blog could go on make u feel good:)
Not only will these floor mats defend your carpet from mud and exterior particles, but you will not have to fear about foods stains, drink spills or grime from tools. Your automobile will search a lot greater with the ground mats, whilst defending it at the same time. The variety of protection that would operate greatest for a truck that is becoming used for large duty work would be the thick rubber ground mats. These rubber mats resist stains very well, and are not hard to clean; they can be rinsed with h2o hose as prolonged as you clear them although spills are clean. After hosing them down and letting them air dry or drying them with a towel you are all set to put them again inside your truck.
urr….what were you talking about?
Pretty section of content. I just stumbled upon your site and in accession capital to assert that I get in fact enjoyed account your blog posts. Any way I’ll be subscribing to your feeds and even I achievement you access consistently rapidly.
Thank you, my friend, any time drop me a msg when u need me:)
Can I simply say what a reduction to search out somebody who really is aware of what theyre speaking about on the internet. You undoubtedly know tips on how to bring an issue to mild and make it important. More folks need to read this and perceive this aspect of the story. I cant consider youre no more standard since you definitely have the gift.
So nice words – thank you for your compliment, my friend. Frankly, I’ve never thought some of my ‘not serious’ post would help people. Well, seems I should keep my ‘not serious” style:)
I was suggested this website by my cousin. I’m not sure whether this post is written by him as no one else know such detailed about my difficulty. You are amazing! Thanks!
I have to say thanks to your cousin, who guided you here finally. Most of my posts were originated; otherwise, you may see ‘Transferred’ in the topic. Thanks again, my friend:)
Hello Web Admin, I noticed that your On-Page SEO is not that great, for one you do not use all three H tags in your post, also I notice that you are not using bold or italics properly in your SEO optimization. On-Page SEO means more now than ever since the new Google update: Panda. No longer are backlinks and simply pinging or sending out a RSS feed the key to getting Google PageRank or Alexa Rankings, You now NEED On-Page SEO. So what is good On-Page SEO?First your keyword must appear in the title.Then it must appear in the URL.You have to optimize your keyword and make sure that it has a nice keyword density of 3-5% in your article with relevant LSI (Latent Semantic Indexing). Then you should spread all H1,H2,H3 tags in your article.Your Keyword should appear in your first paragraph and in the last sentence of the page. You should have relevant usage of Bold and italics of your keyword.There should be one internal link to a page on your blog and you should have one image with an alt tag that has your keyword….wait there’s even more Now what if i told you there was a simple WordPress plugin that does all the On-Page SEO, and automatically for you? That’s right AUTOMATICALLY, just watch this 4minute video for more information at. WordPress Seo Plugin
Generally, I believe in free soft and open source…Anyway, thx for your comments:)
VerlineBoudreau93@yaho.com
I precisely wanted to say thanks once again. I do not know what I would have made to happen without these techniques revealed by you relating to my area of interest. It had become a very difficult condition for me, nevertheless taking a look at the very expert avenue you resolved it made me to weep over joy. I’m happier for your guidance and believe you find out what a powerful job you’re putting in training the mediocre ones using a blog. Most likely you’ve never encountered any of us.
Thanks again, my friend – so nice words – I am trying my best to make this blog a hint for the ones once ever trying to find sth useful via Google….
I am extremely impressed with your writing skills as well as with the layout on your weblog. Is this a paid theme or did you customize it yourself? Anyway keep up the excellent quality writing, it’s rare to see a great blog like this one nowadays..
Thanks Man – this is 21-centry theme from wordPress and customized with my own pic and interesting wedgets. Glad to see you like it:)
I don’t even know how I ended up here, but I thought this post was great. I do not know who you are but definitely you’re going to a famous blogger if you are not already 😉 Cheers!
Thank you sir, hope it helpful:)
I’m not sure where you are getting your info, but good topic. I needs to spend some time learning more or understanding more. Thanks for magnificent information I was looking for this information for my mission.
Thanks my friend:)
Very nice post. I just stumbled upon your blog and wished to say that I’ve really enjoyed surfing around your blog posts. In any case I will be subscribing to your rss feed and I hope you write again soon!
Glad to see it helps:)
This is very interesting, You’re a very skilled blogger. I’ve joined your rss feed and look forward to seeking more of your excellent post. Also, I’ve shared your website in my social networks!
Thank you my friend – both for your support and share:)
you have a great blog here! would you like to make some invite posts on my blog?
Sure, very nice:)
I in addition to my guys came reading through the good thoughts found on the blog while quickly developed an awful feeling I had not thanked the web site owner for them. Those people are already totally thrilled to study all of them and now have truly been making the most of them. Appreciation for indeed being so thoughtful as well as for selecting this kind of really good areas most people are really needing to understand about. My very own sincere apologies for not expressing gratitude to you sooner.
You are so welcome, my friends, and thank you for your so many compliment words. No apology indeed – I have got the most exciting thing already when you come into my blog! Thank you!
Apple inc is now offering Rhapsody as a possible software, and that is a terrific launch, yet it’s currently distracted with the wherewithal to keep in your neighborhood on your own ipod devices, and it has a gloomy 64kbps little bit fee. If this type of changes, then it will certainly somewhat negate this specific edge for the Zune, though the 13 music monthly will still be an important also in Microsoft zune Pass’ prefer.
tcpdump on diskless – tod | daveti – blog of Dave(Jing) Tian Very nice post. I just stumbled upon your blog and wished to say that I’ve truly enjoyed browsing your blog posts. In any case I’ll be subscribing to your rss feed and I hope you write again very soon!
I don’t spam people, in fact I hate it. For matters of ranking your keyword on baidu, the world’s second large search engine, it takes me only hours because I use totally my own private method based on my oen experiment. I provide Ranking Baidu overnight service on fiverr and you may see a big number of my customers’ feedback for my excellent service. Yes, that’s right. I prvide Ranking your keyword 24 hours on Baidu top 10 list. You may head to my service on fiverr clicking the link below: http://fiverr.com/chinaforce/rank-your-keyword-on-china-key-search-engine-baidu