forked from travelping/docker-pcap
-
Notifications
You must be signed in to change notification settings - Fork 0
/
run.sh
executable file
·38 lines (30 loc) · 935 Bytes
/
run.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
#!/bin/sh
# FIX: since tshark wont write to a directory that is not owned by the user
# executing the command
chown root:root /data
INTERFACE=""
BUFFEROPTS=""
for INTERFACE in $IFACE;
do
INTERFACES="$INTERFACES -i $INTERFACE"
done
# -b filesize:
# max file size (creates new file counting up, unit 1 = 1,000
# bytes))
# files: max number of created files (rotating buffer since files from the
# beginning are overwritten)
# duratioin: number of seconds that a file will be kept before rotating
# -w writing the raw packets to a file rather than to stdout
if [ -n "$MAXFILESIZE" ];
then
BUFFEROPTS="$BUFFEROPTS -b filesize:${MAXFILESIZE}000"
fi
if [ -n "$MAXFILENUM" ];
then
BUFFEROPTS="$BUFFEROPTS -b files:$MAXFILENUM"
fi
if [ -n "$DURATION" ];
then
BUFFEROPTS="$BUFFEROPTS -b duration:$DURATION"
fi
/usr/bin/tshark $BUFFEROPTS -w "/data/$FILENAME" -f "$FILTER" $INTERFACES -F $FORMAT