OPENSOURCE SCRIPT LIBRARY

Written By Aaron Foo

Scripting is an essential part of the FMADIO packet capture systems as packet capture is only the first step in the process of understanding your network traffic. We have released a small (but growing) library of commands to help integrate into your environment.

SCRIPT INTEGRATION

To get started here`s the link on Github.

https://github.com/fmadio/fmadio_scripts

It`s currently not much but expect it to grow and evolve based on your needs and requests.

MIRROR CAPTURE DATA ON REMOTE MACHINE

The purpose is to "rsync a capture" so to speak with a twist. You can run in follow mode, so it constantly downloads new data of the currently active capture. Also you can choose how the data is split! e.g. 1 minute PCAP`s or 1GB PCAP`s or any of the other options. It does lazy state evaluation too, so already downloaded files are skipped the same as rsync.

Here`s an example of rsyncing the currently active capture at 1 second PCAP splits in follow/poll mode (download new data as it arrives).

$ ./capture_rsync.py  --follow  --host 192.168.1.1 --split split_1sec
Follow Mode
[./py4_160105_16:12:20.211.165.440 ] Downloading...   0.000 GB   0.877 sec    0.000000 Gbps
[./py4_1618_20160105_16:18:50.749.243.904 ] Downloading...   0.343 GB  29.817 sec    0.091988 Gbps
[./py4_1618_20160105_16:18:51.749.243.904 ] Downloading...   0.415 GB  38.029 sec    0.087294 Gbps
[./py4_1618_20160105_16:18:52.749.243.904 ] Downloading...   0.488 GB  42.962 sec    0.090792 Gbps
[./py4_1618_20160105_16:18:53.749.243.904 ] Downloading...   0.436 GB  43.522 sec    0.080117 Gbps
[./py4_1618_20160105_16:18:54.749.243.904 ] Downloading...   0.110 GB   0.949 sec    0.931275 Gbps
[./py4_1618_20160105_16:18:55.749.243.904 ] Downloading...   0.100 GB   0.860 sec    0.928788 Gbps
[./py4_1618_20160105_16:18:56.749.243.904 ] Downloading...   0.109 GB   0.941 sec    0.930891 Gbps
[./py4_1618_20160105_16:18:57.749.243.904 ] Downloading...   0.099 GB   2.317 sec    0.341684 Gbps
[./py4_1618_20160105_16:18:58.749.243.904 ] Downloading...   0.078 GB   0.760 sec    0.820824 Gbps
[./py4_1618_20160105_16:18:59.749.243.904 ] Downloading...   0.064 GB   0.784 sec    0.648858 Gbps
[./py4_1618_20160105_16:19:00.749.243.904 ] Downloading...   0.099 GB   3.152 sec    0.250963 Gbps
[./py4_1618_20160105_16:19:01.749.243.904 ] Downloading...   0.108 GB   1.268 sec    0.678948 Gbps
[./py4_1618_20160105_16:19:02.749.243.904 ] Downloading...   0.113 GB   1.512 sec    0.596313 Gbps
.
.
.

DOWNLOAD CAPTURE DATA ON REMOTE MACHINE WITH FILTERING

Used when you want to download only data from an IP range or Protocol specific packets. e.g. save on network bandwidth/time by downloading specific data your interested in. This feature helps speed up analysis and troubleshooting.

In the example below we`re downloading all data in the subnet 192.168.1.0/24 in follow/poll mode with 1GB PCAP splits. Note the filter is applied to 1GB source PCAP`s on the FMADIO device, with the filtered result sent down the network.

$ ./capture_rsync.py  --host 192.168.1.1 --output fmadio20 --filter FilterIPHost=192.168.1.0/24 --follow
Follow Mode
[fmadio20_landata_20160105_2145_split_1GB/landata_20160105_2145__20160105_21:46:14.660.095.232 ] Downloading...   0.264 GB   3.971 sec    0.532612 Gbps
[fmadio20_landata_20160105_2145_split_1GB/landata_20160105_2145__20160105_21:46:54.697.121.792 ] Downloading...   0.380 GB   7.556 sec    0.402748 Gbps
[fmadio20_landata_20160105_2145_split_1GB/landata_20160105_2145__20160105_21:47:43.308.749.568 ] Downloading...   0.072 GB   1.186 sec    0.484051 Gbps
Sleeping...
[fmadio20_landata_20160105_2145_split_1GB/landata_20160105_2145__20160105_21:48:05.748.449.280 ] Downloading...   0.000 GB   1.226 sec    0.000267 Gbps
[fmadio20_landata_20160105_2145_split_1GB/landata_20160105_2145__20160105_21:48:24.473.020.672 ] Downloading...   0.000 GB   1.933 sec    0.000176 Gbps
[fmadio20_landata_20160105_2145_split_1GB/landata_20160105_2145__20160105_21:48:50.867.348.736 ] Downloading...   0.000 GB   1.851 sec    0.000077 Gbps
[fmadio20_landata_20160105_2145_split_1GB/landata_20160105_2145__20160105_21:49:10.676.263.424 ] Downloading...   0.010 GB   2.225 sec    0.037457 Gbps
Sleeping...
.
.

LOCAL CONFIG

As always typing in the username/password/hostname sucks and is a security risk. The scripts read a config file from ~/.fmadio.config for default parameters. An example is shown below.

$ cat ~/.fmadio.conf
[General]
username=fmadio
password=secret
hostname=192.168.1.1
protocol=http
$

.. AND MORE TO COME

Its a small start, send us your requests, patches and questions. We`re more than happy to do the leg work in the library code to get you up and running as quickly as possible.

Aaron Foo
Previous

AWS CLOUD PACKET CAPTURE
Next

MEASURING SWITCH LATENCY