Some tech documentation and snippets, finally organized.
Posts tagged as script

Wireshark-readable tcpdump to remote disk

This line captures all packets on the network interface eth0 with source or destination TARGET_IP. To obtain a format readable by wireshark, tcpdump must be configured to not truncate packets. This is achieved by setting the -s flag to 0 or 65535 (maximum packet length in bytes).

The output is piped through ssh to OUTFILE on a remote host.

$ tcpdump -i eth0 -w - -s 0 host TARGET_IP |\
    ssh USER@HOST "cat > dump.pcap"

[Ctrl]+[c] to stop the capture...

To avoid packet dropping at high traffic volume, it may be reasonable to put the capturing computer as transparent bridge into the IP stream and use a logging host on an independent network, connected to an additional (third) network interface ethZ.

In one go:




#iptables-restore < /etc/iptables/bridge.v4

ifdown "$NIC1"
ifdown "$NIC2"
brctl addbr br0
brctl addif br0 "$NIC1"
brctl addif br0 "$NIC2"
ifconfig "$NIC1"
ifconfig "$NIC2"
ifconfig br0 "$BRIDGE_IP" netmask "$MASK" up

tcpdump -i "$NIC1" -w - -s 65535 host "$TARGET_IP" |\
    ssh "$SSHD" "cat > dump_`date +%H.%M.%S`.pcap"

Note: When running this script on a headless/remote machine (e.g. an OpenWRT router), double check its iptables rules and possible sshd restrictions to not lock you out or even brick the box.

Dynamic IP workaround

When running on a NATed computer (e.g. a NAS), this shell script checks an external service for the router's WAN IP in an configurable interval. Whenever it detects a change, an e-mail with the new IP address will be sent via msmtp. As long as the $APIURL is valid, only the $MAILTO definition needs to be adapted.


MSG="Subject: Home IP\n\nCurrent IP: "
GETIP="/usr/bin/curl -s "$APIURL""

printf "$MSG""$IP" | "$SENDCMD" "$MAILTO"
sleep "$INTERVAL"

while : ; do
    if [ "$IPNEW" = "$IP" ] ; then
        sleep "$INTERVAL"
        echo "$MSG""$IP" | "$SENDCMD" "$MAILTO"

And here a simple msmtp configuration with TLS enabled – be aware that the mail password is stored on the host computer in plaintext.

### File: ~/.msmtprc or /etc/msmtprc

auth            on
tls             on
tls_starttls    off
tls_trust_file  /etc/ssl/certs/ca-certificates.crt
logfile         ~/.msmtp.log

account         ACCOUNT_1
host            SMTP_SERVER
user            USER_NAME
password        PASSWORD
from            FROM_ADDRESS

account default : ACCOUNT_1

Auto-upgrade for Debian based systems

A reliable auto-updater for home use. It can be executed e.g. at boot from /etc/rc.local to keep apt based systems up-to-date. Some output will be logged to /var/log/safe-upgrade.log, in case of upgraded or held packages as well as errors a report will be sent to root@localhost.


sleep 5

echo ----- `date` ----- >> "$LOGFILE"

ping -c 1 "$PINGTEST" > /dev/null 2>> "$LOGFILE" ||\
        echo "System upgrade cancelled: No internet connection." |\
        tee -a "$LOGFILE" |\
        mailx -s "$HOSTNAME"\ update\ \*\*\*ERROR\*\*\* "$MAILTO"
        exit 0


apt-get -q=2 update 2>&1 |\
    tee -a "$LOGFILE" |\
    mailx -E -s "$HOSTNAME"\ update\ \*\*\*ERROR\*\*\* "$MAILTO"

apt-get upgrade -y -q 2>&1 |\
    grep -ve "^(\{0,1\}Reading" \
         -e "^Building" |\
    tee -a "$LOGFILE" |\
    grep -ve "^0 upgraded.*0 not upgraded\.$" |\
    mailx -E -s "$HOSTNAME"\ upgrade\ log "$MAILTO" &&

echo ----- DONE ----- >> "$LOGFILE"

exit 0

To tame the daily growing log file, add the following lines to /etc/logrotate.conf or into an own file in /etc/logrotate.d/. This will keep compressed archives of the last three months' log files.

### File: /etc/logrotate.conf

/var/log/safe-upgrade.log {
    rotate 3

If you want the script to be executed by cron, it is necessary to set the $PATH variable - in the script itself, or in the crontab. This example runs every three hours at 45':

### File: root crontab, open to edit with "crontab -e"

# m h  dom mon dow   command
45 */3 * * * PATH='/usr/sbin:/usr/bin:/sbin:/bin' /path/to/