#!/bin/sh # # capture.sh, Copyright © 2011 Matteo Cypriani # ######################################################################## # This program is licensed under the terms of the Expat license. # # Permission is hereby granted, free of charge, to any person obtaining # a copy of this software and associated documentation files (the # "Software"), to deal in the Software without restriction, including # without limitation the rights to use, copy, modify, merge, publish, # distribute, sublicense, and/or sell copies of the Software, and to # permit persons to whom the Software is furnished to do so, subject to # the following conditions: # # The above copyright notice and this permission notice shall be # included in all copies or substantial portions of the Software. # # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, # EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF # MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. # IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY # CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, # TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE # SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. ######################################################################## # # Captures a few packets on a Wi-Fi interface, using Tcpdump, and # writes them to a Pcap file along with some information about the # system. A tarball containing all these files is finally created. #set -x set -e # Displays the message in argument and exits error() { echo "$1" exit 1 } # Switches the capture interface on the channel in argument set_channel() { echo -n "Setting interface $IFACE on channel $1... " case $OS in Linux) [ -x /sbin/iwconfig ] \ || error "iwconfig is required to run this program on Linux!" iwconfig $IFACE channel $1 ;; NetBSD) ifconfig $IFACE chan $1 ;; *) error "Your OS is not supported." ;; esac \ && echo "OK." \ || error "Cannot set the channel!" } # Invokes tcpdump and returns the number of packets captured invoke_tcpdump() { return $(tcpdump -i $IFACE -c $NB_PKT -w "$FILE" 2>&1 \ | sed -n 's/ packets captured$//p') } # Waits for a number of seconds, then kills any tcpdump process wait_tcpdump() { sleep $1 pkill tcpdump } [ $# -eq 1 ] \ || error "Usage: $0 " which tcpdump >/dev/null \ || error "tcpdump is required to run this program!" ## Parameters (tune them if you want) ## # Number of packet to capture: NB_PKT=10 # Maximal time of a capture on a given channel: TIMEOUT=15 # Temporary directory: TMP=/tmp # Name of the capture file: FILE=capture.pcap # First channel to scan: CHANNEL=1 ## Generated parameters ## # Interface to capture from: IFACE=$1 # Machine information: OS=`uname` OS_RELEASE=`uname -r` HOSTNAME=`uname -n` # Current date: DATE=`date +%FT%H%M%S` echo -n "Shuting down interface $IFACE... " ifconfig $IFACE down && echo "OK." \ || error "Cannot shut down the interface!" echo -n "Switching interface $IFACE to monitor mode... " case $OS in Linux) [ -x /sbin/iwconfig ] \ || error "iwconfig is required to run this program on Linux!" iwconfig $IFACE mode monitor ;; NetBSD) ifconfig $IFACE media autoselect mediaopt monitor ;; *) error "Your OS is not supported." ;; esac \ && echo "OK." \ || error "Cannot configure the interface!" echo -n "Turning up interface $IFACE... " ifconfig $IFACE up && echo "OK." \ || error "Cannot turn the interface up!" echo "Trying to capture $NB_PKT packets..." DIR=$(mktemp -d \ "$TMP"/capture_${OS}-${OS_RELEASE}_${IFACE}_${HOSTNAME}_${DATE}_XX) FILE="$DIR/$FILE" CAPTURED=0 while [ $CAPTURED -eq 0 -a $CHANNEL -le 14 ] ; do set_channel $CHANNEL wait_tcpdump $TIMEOUT & invoke_tcpdump CAPTURED=$? [ $CAPTURED -eq 0 ] \ && echo "No packet captured on channel $CHANNEL." CHANNEL=`expr $CHANNEL + 1` done [ $CAPTURED -gt 0 ] \ && echo "Capture file \"$FILE\" created with $CAPTURED packets." \ || error "Failed to capture any packet!" echo -n "Gathering system information... " # Kernel & other information: uname -a >"$DIR"/uname-a # Wi-Fi interface information: ifconfig $IFACE >"$DIR"/ifconfig_$IFACE # PCI devices: which lspci >/dev/null \ && lspci >"$DIR"/lspci \ || echo "lspci not available! Please install pciutils. " # Loaded kernel modules & USB devices: case $OS in Linux) lsmod >"$DIR"/lsmod which lsusb >/dev/null \ && lsusb >"$DIR"/lsusb \ || echo "lsusb not available! Please install usbutils. " ;; NetBSD) modstat >"$DIR"/modstat which usbstats >/dev/null \ && usbstats >"$DIR"/usbstats \ || echo "usbstats not available! Please install usbutil. " ;; DragonFly) kldstat >"$DIR"/kldstat which usbstats >/dev/null \ && usbstats >"$DIR"/usbstats \ || echo "usbstats not available! Please install usbutil. " ;; esac echo "OK." FILE="${DIR}.tar.gz" DIR=`basename "$DIR"` tar -C "$TMP" -czf "$FILE" "$DIR" echo "Archive \"$FILE\" created." rm -fr "$TMP/$DIR" echo echo "You can now shut down the interface $IFACE if you want:" echo " ifconfig $IFACE down"