Tag Cloud

Wednesday
Aug082012

## dumpcap Reference / Helper Bat File for Long Term Packet Captures

When you’re trying to debug a network device over a long period of time… Wireshark just wouldn’t cut it. It wasn’t designed for this purpose and will consume too much memory on your system. Not to worry, Wireshark does come with a command line utility which solves this deficiency. The utility is called dumpcap and with a simple command you can set it up to write packets to a series of files and roll over once you get to the end (a circular buffer).

Heres an example dumpcap line to run a capture that will create 1 log per day for 14 days and will only record traffic from host with IP = 10.32.1.234.  It records on network interface 1 by default.

“c:\Program Files\Wireshark\dumpcap.exe” -b duration:86400 -b files:14 -f “host 10.32.1.234” -P -w capture.pcap


Here is a little batch file script I wrote to make this easier / repeatable.  It’s got some handy features like it will prompt you for IP to filter if you run without any arguments.  Otherwise, you can pass an argument in on cmd line or set a default at the top of the file.

### dump_packets.bat

::
:: Use to log packets over a long period of time from a particular device.
:: Creates a new file every 1 day for a total of 14 days. -f is capture filter, -w is the filename.
::
:: USAGE: Passing an argument will allow you to set the host IP.  Otherwise, you will be prompted.
::        Set DEFAULT_HOST to not have to specify any arguments / answer prompts.
::

@set DEFAULT_HOST=
@IF “%1” == “” GOTO SkipArgSet
@   set HOST=%1
@echo Host is now %HOST% (Set from command line argument)
@GOTO SkipPrompt
:SkipArgSet
@IF “%DEFAULT_HOST%” == “” GOTO SkipDefaultSet
@SET HOST=%DEFAULT_HOST%
@echo Host is now %HOST% (Set from DEFAULT at top of file)
@GOTO SkipPrompt
:SkipDefaultSet
@SET /p HOST=Enter the IP Address of the host you want to capture from:
:SkipPrompt

@TITLE DUMPCAP Capture of %HOST% In Progress

@echo.
@echo ============[ INTERFACES ]===============
@”c:\Program Files\Wireshark\dumpcap” -D
echo.
@SET /p INTERFACE_NUMBER=Type Interface Number:

@echo.
“c:\Program Files\Wireshark\dumpcap” -b duration:86400 -b files:14 -f “host %HOST%” -i %INTERFACE_NUMBER% -P -w capture.pcap
@TITLE DUMPCAP stopped
@pause


### Sample Output


D:\packet_captures>dump_packets.bat
Enter the IP Address of the host you want to capture from:  10.32.1.234

============[ INTERFACES ]===============
1. \Device\NPF_{1F70299B-0F5A-4F7D-BEC2-C7A36B7AC5A4} (Broadcom L2 NDIS client driver)
2. \Device\NPF_{2FC895CF-6EB7-4A1A-A5F6-23601DAAC8F1} (Broadcom L2 NDIS client driver)
3. \Device\NPF_{6F12DF50-73AB-4859-9B5C-469B7EACD28C} (Broadcom L2 NDIS client driver)
4. \Device\NPF_{CEFE7F77-A53E-4FCC-9B3D-975DBAB66012} (Network Teaming Intermediate Driver (NTID))
5. \Device\NPF_{900DE9A5-1BED-4A3A-96EC-F0D391CEA622} (Broadcom L2 NDIS client driver)

Type Interface Number:1

D:\packet_captures>”c:\Program Files\Wireshark\dumpcap” -b duration:14400 -b files:14 -f “host 10.32.1.234” -i 1 -P -w capture.pcap
Capturing on \Device\NPF_{1F70299B-0F5A-4F7D-BEC2-C7A36B7AC5A4}
File: capture_00001_20120808205029.pcap
Packets: 346



Complete Command Reference: http://www.wireshark.org/docs/man-pages/dumpcap.html

Saturday
Sep302006

## Batch Snippets

### Create a timestamp with Date and Time with a underscore seperating them.

set DateStamp=%DATE:~10,4%%DATE:~4,2%%DATE:~7,2%
set TimeStamp=%TIME::=%
set TimeStamp=%DateStamp%_%TimeStamp:.=%
set TimeStamp=%TimeStamp: =0%
echo %TimeStamp%
:: TimeStamp is like 20120326_13034087


### Tests to see if an svn export was successful. This snippet could be applied to a lot of situations where you want to test if a command was successful.

svn export <REPO_URL> C:\path\to\outputdir --username <USERNAME> --password <PASS> --non-interactive
set svnErrorLevel=%ERRORLEVEL%
IF NOT %svnErrorLevel% == "0" GOTO FAILED

rem PUT STUFF HERE THAT SHOULD EXECUTE ONLY IF EXPORT WAS SUCCESSFUL

GOTO end
:FAILED


### How to test to see if an argument is set. (Notes: 1) there must be quotes around the %1 and 2) the goto must be on same line as if)

if "%1" == "" goto displayUsage

NOTE: I asked a question about this on stackover flow and got a good answer that works even when you have variables that might have quote in it. Google blak3r on stackoverflow + batch test and you’ll probably find it.

### Add a user definable delay, where the number following -n is number of seconds

ping -n 2 1.1.1.1 > NUL


Wednesday
Sep202006

## Windows SVN Repo Backup Script

Heres a simple windwos svn repo backup script i wrote. It makes a safe copy of three different svn repos i had. Each repository is backed up to a folder which has a date prefix and is located in the path specified by BACKUP_FOLDER.

REM —————————————————+
REM |SVN REPO BACKUP BATCH FILE |
REM |Created 9/20/06 - Blake Robertson|
REM —————————————————+

SET DATE_STR=%Date:/=%

SET BACKUP_FOLDER=R:\svn_backups

SET MIDDLEWARE_REPO=R:\svn_repo1
SET FW_REPO=R:\svn_repo2
SET DOCS_REPO=R:\svn_repo3

echo ——[ Middleware Backup ]————
SET DEST_PATH=”%BACKUP_FOLDER%\%DATE_STR%_middleware-svn_repo”
svnadmin hotcopy MIDDLEWARE_REPO DEST_PATH

echo ——[ Firmware Backup ]————
SET DEST_PATH=”%BACKUP_FOLDER%\%DATE_STR%_firmware_svn_repo”
svnadmin hotcopy FW_REPO DEST_PATH

echo ——[ DOCS Backup ]————
SET DEST_PATH=”%BACKUP_FOLDER%\%DATE_STR%_docs_svn_repo”
svnadmin hotcopy DOCS_REPO DEST_PATH