summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rwxr-xr-xbroccoli/script/investigate.sh47
1 files changed, 47 insertions, 0 deletions
diff --git a/broccoli/script/investigate.sh b/broccoli/script/investigate.sh
new file mode 100755
index 0000000..df1c617
--- /dev/null
+++ b/broccoli/script/investigate.sh
@@ -0,0 +1,47 @@
+#!/bin/bash
+
+if [ $# -ne 3 ]
+then
+ echo "Extracts the data for one machine and one register from a Modbus dump"
+ echo "and stores both the data and a plot in the current directory."
+ echo
+ echo "Usage: $0 DUMP IP ADDR"
+ echo "Example: $0 packets_00014_20161128135616.cap 192.168.215.66 64"
+ exit
+fi
+
+CAPTURE_FILE=$1
+FILTER_MACHINE=$2
+FILTER_REGISTER=$3
+
+BRODIR=$(realpath "$(dirname "$0")/../..")
+BROSCRIPT_BASE=${BRODIR}/broccoli/script/modbus.bro
+
+TMPDIR=$(mktemp --tmpdir --directory pasad.XXXX)
+TMPDIR_BRO=${TMPDIR}/bro
+BROSCRIPT_MOD=${TMPDIR}/modbus.bro
+
+OUTDIR=$(pwd)
+OUTFILE_DAT=${OUTDIR}/${FILTER_MACHINE}-${FILTER_REGISTER}.dat
+OUTFILE_PNG=${OUTDIR}/${FILTER_MACHINE}-${FILTER_REGISTER}.png
+
+echo " * Preparing Bro script ..."
+cp "${BROSCRIPT_BASE}" "${BROSCRIPT_MOD}"
+sed -ie "s/\(const enable_filtering : bool = \).*;/\1T;/g" "${BROSCRIPT_MOD}"
+sed -ie "s/\(const filter_ip_addr : addr = \).*;/\1${FILTER_MACHINE};/g" "${BROSCRIPT_MOD}"
+sed -ie "s/\(const filter_mem_addr : count = \).*;/\1${FILTER_REGISTER};/g" "${BROSCRIPT_MOD}"
+
+echo " * Running Bro ..."
+mkdir "${TMPDIR_BRO}"
+cd "${TMPDIR_BRO}"
+bro -r "${CAPTURE_FILE}" "${BROSCRIPT_MOD}" > /dev/null
+
+echo " * Extracting data ..."
+tail -n +9 "${TMPDIR_BRO}/pasad-parsed.log" | cut -f 5 > "${OUTFILE_DAT}"
+echo "${OUTFILE_DAT}"
+
+echo " * Generating graph ..."
+echo "set terminal png; plot '${OUTFILE_DAT}' using 0:1 title '${FILTER_MACHINE} ${FILTER_REGISTER}'" | gnuplot > "${OUTFILE_PNG}"
+echo "${OUTFILE_PNG}"
+
+rm -r "${TMPDIR}"