2022-05-14 11:57:09 +02:00
|
|
|
|
#!/bin/bash
|
|
|
|
|
|
#
|
|
|
|
|
|
# Capture network packets for later replay on dev machines
|
|
|
|
|
|
#
|
|
|
|
|
|
# This should be run as root via a service.
|
|
|
|
|
|
#
|
|
|
|
|
|
|
|
|
|
|
|
OUTDIR="$(realpath "$(dirname "$0")/..")/var/pcap"
|
|
|
|
|
|
OUTNAME="capture-$(hostname)-$(date -u +%s)-$$-pcap"
|
|
|
|
|
|
OUTPATH="$OUTDIR/$OUTNAME"
|
|
|
|
|
|
|
|
|
|
|
|
# Inputs:
|
|
|
|
|
|
#
|
|
|
|
|
|
# 4461/UDP: GPS NMEA
|
|
|
|
|
|
# 4462/UDP: AIS NMEA
|
|
|
|
|
|
# 30000/UDP: Navigation system headers
|
|
|
|
|
|
# Not all inputs will be present in all systems.
|
|
|
|
|
|
#
|
2023-09-29 15:28:11 +02:00
|
|
|
|
# NOTE: $INS_HOST must be defined and point to the
|
|
|
|
|
|
# navigation server. The reason we don't use a port
|
|
|
|
|
|
# filter for this data is because that doesn't work
|
|
|
|
|
|
# with fragmented UDP packets.
|
|
|
|
|
|
#
|
|
|
|
|
|
EXPR="udp and (port 4461 or port 4462 or src host $INS_HOST)"
|
2022-05-14 11:57:09 +02:00
|
|
|
|
|
|
|
|
|
|
if [[ ! -d "$OUTDIR" ]]; then
|
|
|
|
|
|
mkdir "$OUTDIR"
|
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
|
|
# The size of each capture file is 50 MB (-C 50)
|
|
|
|
|
|
# and it will use a ring of 1000 files (-W 1000).
|
|
|
|
|
|
# The capture packet size is unlimited (-s 0).
|
|
|
|
|
|
#
|
|
|
|
|
|
# 50 MB (47.7 MiB) is about one day's worth of data
|
|
|
|
|
|
# so in theory it shouldn't overwrite files even if
|
|
|
|
|
|
# it was running continuously for over two years.
|
|
|
|
|
|
# NOTE: The above figures do not include AIS data.
|
|
|
|
|
|
|
|
|
|
|
|
echo "Logging to: $OUTPATH"
|
|
|
|
|
|
echo "Expression: $EXPR"
|
|
|
|
|
|
|
|
|
|
|
|
tcpdump -n -s 0 -W 1000 -C 50 -w "$OUTPATH" "$EXPR"
|
