joemccray

Scripting TCPDump

Feb 23rd, 2018
649
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 1.30 KB | None | 0 0
  1. #!/bin/bash
  2.  
  3.  
  4.  
  5. #############################################
  6. # Check to see if script is running as root #
  7. #############################################
  8. if [ "$EUID" -ne 0 ]
  9. then echo "Please run as root"
  10. exit
  11. fi
  12.  
  13.  
  14.  
  15. #################
  16. # Start TCPDump #
  17. #################
  18.  
  19. #start tcpdump in the background and make sure NOT to record ssh traffic since we may be SSH'd into the host
  20.  
  21. # tcpdump -i eth0 -w /tmp/ScanResults/ecsa_net_scan.pcap &
  22.  
  23.  
  24.  
  25. if = ip link | awk -F: '$0 !~ "lo|vir|wl|^[^0-9]"{print $2;getline}'
  26.  
  27.  
  28. tcpdump -i $if -w /tmp/ScanResults/ecsa_net_scan.pcap &
  29.  
  30. #########################################################
  31. # Quick host discovery with propecia and scan with nmap #
  32. #########################################################
  33. cd ~/toolz
  34. mkdir -p /tmp/ScanResults
  35. ./propecia 172.31.2 22 > /tmp/ScanResults/iplist.txt
  36. sudo /bin/bash
  37. for x in `cat /tmp/ScanResults/iplist.txt` ; do nmap -sS $x >> /tmp/ScanResults/sr.txt ; done
  38. cd /tmp/ScanResults/
  39.  
  40.  
  41.  
  42. #############################################################################
  43. # Identify the PID of tcpdump and kill it now that we are finished scanning #
  44. #############################################################################
  45. pid=$(ps -e | pgrep tcpdump)
  46. echo $pid
  47.  
  48. #interrupt it:
  49. kill -2 $pid
Add Comment
Please, Sign In to add comment