运维开发网

批量抓包

运维开发网 https://www.qedev.com 2020-11-28 12:30 出处:51CTO 作者:类似简单
-hosts:allvars:cap_file:packet_capture_{{ansible_hostname}}.pcaptasks:-name:starttcpdump#command:/usr/sbin/tcpdump-nnviany'port80'-s0-B65535-C50M-W100-w/data/tmp/{{cap_file}}command:/usr/sbin/tcpdump-
- hosts: all
  vars:
   cap_file: packet_capture_{{ ansible_hostname }}.pcap
  tasks:
    - name: start tcpdump
      # command: /usr/sbin/tcpdump -nnvi any 'port 80' -s 0 -B 65535 -C 50M -W 100 -w /data/tmp/{{ cap_file }}
      command: /usr/sbin/tcpdump -nnvi any 'port 80' -s 0 -B 65535 -w /data/tmp/{{ cap_file }}
      async: 60
      poll: 0

    - pause: minutes=1 prompt="pause for 60 seconds or press Ctrl + c then c to continue"

    - name: kill tcpdump
      command: /usr/bin/pkill tcpdump

    - name: compress capture file
      shell: (cd /data/tmp && gzip {{ cap_file }})

    - name: copy logs to local boxes webroot
      fetch: src=/data/tmp/{{ cap_file }}.gz dest=/tmp flat=yes

    - name: remove files from server
      file: path=/data/tmp/{{ cap_file }}.gz state=absent

/usr/sbin/tcpdump -nnvi any dst 10.131.4.128 -s 0 -B 65535 -C 50M -W 100 -w /data/tmp/
tcpdump -i 1 -c 1 -nn  dst 192.168.233.1 and port 80

[[email protected] ~]$ cat tcpdump.yaml 
#ansible -i add add -m shell -a "killall tcpdump;rm -f /data/tmp/*" -K -k -s
#ansible-playbook -i add tcpdump.yaml -K -k -s
- hosts: all
  vars: 
      IP: "{{ ansible_eth0['ipv4']['address'] }}"
  tasks:
    - name: mkdir -pv /data/tmp
      file: dest=/data/tmp mode=777 owner=root group=root state=directory
    - name: stop tcpdump
      command: killall tcpdump
      tags:
        - stop
#    - name: rm -f /data/tmp/pcap
#      command: rm -f /data/tmp/*pcap*
#    - name: start tcpdump
#      shell: screen -dmS haha /usr/sbin/tcpdump -nnvi any dst 10.20.0.45 -s 0 -B 65535 -C 50M -W 100 -w /data/tmp/{{ inventory_hostname }}.pcap
#    - name: start tcpdump
#      shell: screen -dmS haha /usr/sbin/tcpdump  host 10.130.4.4 and \(10.130.0.117 or 10.130.0.178 or 10.130.0.174 \) -s 0 -B 65535 -C 200M -W 50 -w /data/tmp/{{ inventory_hostname }}.pcap
    - name: start tcpdump
#      shell: screen -dmS haha /usr/sbin/tcpdump -i bond1 -vvv  host 10.130.4.4 and 10.130.0.32 -s 0 -B 65535 -C 200M -W 50 -w /data/tmp/{{ inventory_hostname }}.pcap
#      pcap
#
#      shell: screen -dmS haha /usr/sbin/tcpdump -nnvi any -vvv host {{ IP }} and /(10.131.1.154 or 10.131.1.235 or 10.131.5.136 or 10.131.5.155 or 10.131.5.152 or 10.131.4.158 or 10.131.5.117 or 10.131.5.226/) -s 0 -B 65535 -C 100M -W 100 -w /data/tmp/{{ inventory_hostname }}.pcap
#      shell: screen -dmS haha /usr/sbin/tcpdump -nnvi any -vvv host 10.131.11.8 and 'tcp port 8360' -s 0 -B 65535 -C 100M -W 100 -w /data/tmp/{{ inventory_hostname }}.pcap
        shell: screen -dmS haha /usr/sbin/tcpdump -nnvi any -vvv 'tcp port 8360' -s 0 -B 65535 -C 100M -W 100 -w /data/tmp/{{ inventory_hostname }}.pcap
    - name: check tcpdump task
        shell: pgrep tcpdump

扫码领视频副本.gif

0

精彩评论

暂无评论...
验证码 换一张
取 消

关注公众号