diff options
author | Andreas Lindhé <andreas@lindhe.io> | 2017-10-31 08:33:46 +0100 |
---|---|---|
committer | Andreas Lindhé <andreas@lindhe.io> | 2017-10-31 08:41:40 +0100 |
commit | bc5ecd6da7f068a12b9ee5397178723481c7a3ea (patch) | |
tree | 6ac5bb33df7c3aacde8eb254c4aee1ce1df9dd29 /script/investigate.sh | |
parent | 2d5d5be5702867a7a719312a5a148489c3b68f31 (diff) | |
download | midbro-bc5ecd6da7f068a12b9ee5397178723481c7a3ea.tar.gz midbro-bc5ecd6da7f068a12b9ee5397178723481c7a3ea.tar.bz2 |
Move all files one level down
Diffstat (limited to 'script/investigate.sh')
-rwxr-xr-x | script/investigate.sh | 53 |
1 files changed, 53 insertions, 0 deletions
diff --git a/script/investigate.sh b/script/investigate.sh new file mode 100755 index 0000000..9f67949 --- /dev/null +++ b/script/investigate.sh @@ -0,0 +1,53 @@ +#!/bin/bash + +if [ $# -ne 3 ] +then + echo "Extracts the data for one machine and one register from a Modbus dump" + echo "and stores both the data and a plot in the current directory." + echo + echo "Usage: $0 DUMP IP ADDR" + echo "Example: $0 packets_00014_20161128135616.cap 192.168.215.66 64" + exit +fi + +if [[ ! -f "$1" || ! -r "$1" ]] +then + echo "Dump file $1 does not exist or cannot be read." + exit +fi + +CAPTURE_FILE=$(realpath "$1") +FILTER_MACHINE=$2 +FILTER_REGISTER=$3 + +BRODIR=$(realpath "$(dirname "$0")/../..") +BROSCRIPT_BASE=${BRODIR}/broccoli/script/modbus.bro + +TMPDIR=$(mktemp --tmpdir --directory pasad.XXXX) +TMPDIR_BRO=${TMPDIR}/bro +BROSCRIPT_MOD=${TMPDIR}/modbus.bro + +OUTDIR=$(pwd) +OUTFILE_DAT=${OUTDIR}/${FILTER_MACHINE}-${FILTER_REGISTER}.dat +OUTFILE_PNG=${OUTDIR}/${FILTER_MACHINE}-${FILTER_REGISTER}.png + +echo " * Preparing Bro script ..." +cp "${BROSCRIPT_BASE}" "${BROSCRIPT_MOD}" +sed -ie "s/\(const enable_filtering : bool = \).*;/\1T;/g" "${BROSCRIPT_MOD}" +sed -ie "s/\(const filter_ip_addr : addr = \).*;/\1${FILTER_MACHINE};/g" "${BROSCRIPT_MOD}" +sed -ie "s/\(const filter_mem_addr : count = \).*;/\1${FILTER_REGISTER};/g" "${BROSCRIPT_MOD}" + +echo " * Running Bro ..." +mkdir "${TMPDIR_BRO}" +cd "${TMPDIR_BRO}" +bro -r "${CAPTURE_FILE}" "${BROSCRIPT_MOD}" > /dev/null + +echo " * Extracting data ..." +tail -n +9 "${TMPDIR_BRO}/pasad-parsed.log" | cut -f 5 > "${OUTFILE_DAT}" +echo "${OUTFILE_DAT}" + +echo " * Generating graph ..." +echo "set terminal png; plot '${OUTFILE_DAT}' using 0:1 title '${FILTER_MACHINE} ${FILTER_REGISTER}'" | gnuplot > "${OUTFILE_PNG}" +echo "${OUTFILE_PNG}" + +rm -r "${TMPDIR}" |