From 8ddf587d5530836c9ce7d87d6a3b7230551cdc53 Mon Sep 17 00:00:00 2001 From: Robin Krahl Date: Tue, 10 Oct 2017 10:01:04 +0000 Subject: Add investigate script that extracts and plots data --- broccoli/script/investigate.sh | 47 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) create mode 100755 broccoli/script/investigate.sh (limited to 'broccoli') diff --git a/broccoli/script/investigate.sh b/broccoli/script/investigate.sh new file mode 100755 index 0000000..df1c617 --- /dev/null +++ b/broccoli/script/investigate.sh @@ -0,0 +1,47 @@ +#!/bin/bash + +if [ $# -ne 3 ] +then + echo "Extracts the data for one machine and one register from a Modbus dump" + echo "and stores both the data and a plot in the current directory." + echo + echo "Usage: $0 DUMP IP ADDR" + echo "Example: $0 packets_00014_20161128135616.cap 192.168.215.66 64" + exit +fi + +CAPTURE_FILE=$1 +FILTER_MACHINE=$2 +FILTER_REGISTER=$3 + +BRODIR=$(realpath "$(dirname "$0")/../..") +BROSCRIPT_BASE=${BRODIR}/broccoli/script/modbus.bro + +TMPDIR=$(mktemp --tmpdir --directory pasad.XXXX) +TMPDIR_BRO=${TMPDIR}/bro +BROSCRIPT_MOD=${TMPDIR}/modbus.bro + +OUTDIR=$(pwd) +OUTFILE_DAT=${OUTDIR}/${FILTER_MACHINE}-${FILTER_REGISTER}.dat +OUTFILE_PNG=${OUTDIR}/${FILTER_MACHINE}-${FILTER_REGISTER}.png + +echo " * Preparing Bro script ..." +cp "${BROSCRIPT_BASE}" "${BROSCRIPT_MOD}" +sed -ie "s/\(const enable_filtering : bool = \).*;/\1T;/g" "${BROSCRIPT_MOD}" +sed -ie "s/\(const filter_ip_addr : addr = \).*;/\1${FILTER_MACHINE};/g" "${BROSCRIPT_MOD}" +sed -ie "s/\(const filter_mem_addr : count = \).*;/\1${FILTER_REGISTER};/g" "${BROSCRIPT_MOD}" + +echo " * Running Bro ..." +mkdir "${TMPDIR_BRO}" +cd "${TMPDIR_BRO}" +bro -r "${CAPTURE_FILE}" "${BROSCRIPT_MOD}" > /dev/null + +echo " * Extracting data ..." +tail -n +9 "${TMPDIR_BRO}/pasad-parsed.log" | cut -f 5 > "${OUTFILE_DAT}" +echo "${OUTFILE_DAT}" + +echo " * Generating graph ..." +echo "set terminal png; plot '${OUTFILE_DAT}' using 0:1 title '${FILTER_MACHINE} ${FILTER_REGISTER}'" | gnuplot > "${OUTFILE_PNG}" +echo "${OUTFILE_PNG}" + +rm -r "${TMPDIR}" -- cgit v1.2.3