Difference between revisions of "Tshark Scripts"
Jump to navigation
Jump to search
(Created page with "Collect SNIs without using up a lot of memory ``` #!/bin/bash set -eu duration=180 interface=internal # pmatch=python pmatch=tshark get_sni() { ts=$(date +"%Y-%m-%dT%T.%3N%...") |
|||
| Line 1: | Line 1: | ||
Collect SNIs without using up a lot of memory | Collect SNIs without using up a lot of memory | ||
| + | |||
| + | get-snis-via-tshark.sh | ||
``` | ``` | ||
#!/bin/bash | #!/bin/bash | ||
Revision as of 23:14, 8 February 2022
Collect SNIs without using up a lot of memory
get-snis-via-tshark.sh
#!/bin/bash
set -eu
duration=180
interface=internal
# pmatch=python
pmatch=tshark
get_sni() {
ts=$(date +"%Y-%m-%dT%T.%3N%z")
echo "I: Running tshark instance to get sni info. ${ts}"
sleep 1
tshark -l -i $interface -a duration:$duration -f 'dst port ( 443 )' -Y 'ssl.handshake.extension.type == "server_name" || http.host' -T fields -e ip.src -e ip.dst -e tcp.dstport -e http.host -e ssl.handshake.extensions_server_name 2>&1 > sni.log &
}
is_tshark_running() {
echo foo
}
main() {
echo Staring tshark looper
while true; do
if ! pgrep -x "$pmatch" > /dev/null; then
get_sni
else
echo "$pmatch command is already running."
fi
sleep 5
done
}
main
Watch memory usage of tshark command
top | grep tshark