[LINUX] Execute packet capture at the specified time on CentOS7

A customer said, "I want you to get packets regularly when the specified time comes." I hurriedly built CentOS 7 as a capture PC (while googled), I will leave the one at that time as a memorandum.

The version of CentOS 7 is as follows

[smatsu@smatsu ~]$ cat /etc/redhat-release
CentOS Linux release 7.7.1908 (Core)

Thing you want to do

I want to perform packet capture at a specified time.

means

Create a shell script to run Wireshark and use Cento S7 standard cron for the scheduling function.

CentOS installation

Details omitted. Set the virtual machine according to the environment. I don't use sound cards, floppies, printers, etc. so I deleted them at this point. This time I installed it with GNOME.

Install Wireshark

Since it is a GUI, add gnome.

$ sudo yum install -y wireshark-gnome

It has entered.

[smatsu@smatsu ~]$ wireshark -v
wireshark 1.10.14 (Git Rev Unknown from unknown)

Check here in the GUI. image.png

If this is left as it is, the interface will not be displayed for general users due to permission issues, so give permission.

$ sudo groupadd wireshark
$ sudo usermod -aG wireshark [user]

Reboot here.     The interface is displayed. image.png

The GUI is just for confirmation, and from here on, we will set it with the CLI.

Create an executable file

First, create a working folder.

$ mkdir pcap
$ cd pcap

Next, create an executable file.

pcap.sh


#!/bin/bash

/usr/sbin/tshark -i ens33 -w /home/smatsu/pcap/`date +\%Y\%m\%d`/`date +\%Y\%m\%d_\%H\%M`.pcapng -a duration:600

・ Tshark = Command version Wireshark ・ If you install gnome, it is included. ・ Ens33 = Interface name you want to capture -The file name is stored as "(date) .pcapng" under the date folder. ・ Capture time is 600 seconds   Give execute permission.

chmod +x pcap.sh

Scheduling settings

Set up cron to schedule the executable file. Check the status of cron.

[smatsu@smatsu ~]$ systemctl status crond
● crond.service - Command Scheduler
   Loaded: loaded (/usr/lib/systemd/system/crond.service; enabled; vendor preset: enabled)
   Active: active (running) since Tue 2020-04-21 22:34:28 JST; 8min ago


$ systemctl start crond

Edit the command to be executed by crontab.

$ crontab -e
0 6 * * * /usr/bin/mkdir /home/smatsu/pcap/`date +\%Y\%m\%d`   #Create a date folder at 6am every morning
0 7 * * * /home/smatsu/pcap/pcap.sh                            #Execute the capture file at 7 o'clock every morning

*: Save as wq

Check the contents of cron.

[smatsu@smatsu pcap]$ crontab -l
0 6 * * * /usr/bin/mkdir /home/smatsu/pcap/`date +\%Y\%m\%d`
0 7 * * * /home/smatsu/pcap/pcap.sh

Now you can save the packet capture under the date folder every morning.

Recommended Posts

Execute packet capture at the specified time on CentOS7
At the time of python update on ubuntu
Let's execute the command on time with the bot of discord
Automatically work on the python project specified at zsh login
Find out where the java entity is on Linux (CentOS this time)
Call the python debugger at any time
Run yolov4 "for the time being" on windows
Loop variables at the same time in the template
I created a Discord bot on Docker that reports the number of corona infected people in Tokyo at a specified time.