def main(self):
if self.options.jobname:
export_name = self.options.jobname
source = self.netshark.get_capture_job_by_name(export_name)
elif self.options.clipname:
export_name = self.options.clipname
source = self.netshark.get_trace_clip_by_description(export_name)
filename = self.options.filename
if not filename:
filename = "%s_export.pcap" % export_name
if self.options.timerange:
timefilter = TimeFilter.parse_range(self.options.timerange)
elif self.options.start_time and self.options.end_time:
start = string_to_datetime(float(self.options.start_time))
end = string_to_datetime(float(self.options.end_time))
timefilter = TimeFilter(start, end)
else:
self.parser.error("Select either --timerange or --start and --end times")
if self.options.filters:
kvs = [f.split("=") for f in self.options.filters]
filters = [NetSharkFilter(r'%s="%s"' % (k, v)) for k, v in kvs]
else:
filters = None
with self.netshark.create_export(source, timefilter, filters=filters) as e:
print "beginning download to file %s" % filename
e.download(filename, overwrite=self.options.overwrite)
def main(self):
if self.options.jobname:
export_name = self.options.jobname
source = self.netshark.get_capture_job_by_name(export_name)
elif self.options.clipname:
export_name = self.options.clipname
source = self.netshark.get_trace_clip_by_description(export_name)
filename = self.options.filename
if not filename:
filename = '%s_export.pcap' % export_name
if self.options.timerange:
timefilter = TimeFilter.parse_range(self.options.timerange)
elif self.options.start_time and self.options.end_time:
start = string_to_datetime(float(self.options.start_time))
end = string_to_datetime(float(self.options.end_time))
timefilter = TimeFilter(start, end)
else:
self.parser.error(
'Select either --timerange or --start and --end times')
if self.options.filters:
kvs = [f.split('=') for f in self.options.filters]
filters = [NetSharkFilter(r'%s="%s"' % (k, v)) for k, v in kvs]
else:
filters = None
with self.netshark.create_export(source, timefilter,
filters=filters) as e:
print 'beginning download to file %s' % filename
e.download(filename, overwrite=self.options.overwrite)
def test_view_on_job(self):
""" Test creating a view on a capture job """
job = setup_capture_job(self.shark)
columns, filters = setup_defaults()
with self.shark.create_view(job,
columns,
None,
name='test_view_on_job') as view:
data = view.get_data()
self.assertTrue(
view.config['input_source']['path'].startswith('jobs'))
#testing bug 111168
#http://bugzilla.nbttech.com/show_bug.cgi?id=111168
with self.shark.create_view(job, columns, filters,
name='bug_111168') as view:
data = view.get_data()
self.assertTrue(
view.config['input_source']['path'].startswith('jobs'))
with self.shark.create_view(job,
columns,
[TimeFilter.parse_range('last 2 hours')],
name='bug_111168_2') as view:
data = view.get_data()
self.assertTrue(
view.config['input_source']['path'].startswith('jobs'))
self.assertEqual(len(view.config['input_source']['filters']), 1)
filter = view.config['input_source']['filters'][0]
self.assertEqual(filter.start + datetime.timedelta(hours=2),
filter.end)
def main(app):
# Get the list of jobs
jobs = app.shark.get_capture_jobs()
if len(jobs) == 0:
print ("No jobs on the appliance, you can create jobs using the "
"'create_job.py' and start/stop them using the 'control_job.py' script.")
return 0
# Pick the first job
job = jobs[0]
print 'creating a 30 minutes clip on job {0}'.format(job.name)
# set the filters
filters = (
# Time filter: keep the last 30 minutes
TimeFilter.parse_range("last 30 m"),
# IP address filter: keep only 192.168.0.1
NetSharkFilter('ip.src="192.168.0.1"')
)
# Create the clip
clip = job.add_clip(filters, "a_test_clip")
print 'Clip with the following properties created:'
print ''
print 'ID: %s' % clip.id
print 'Description: %s' % clip.description
print 'Source Path: %s' % clip.source_path
print 'Size: %s' % clip.size
def main(self):
# Get the list of jobs
jobs = self.netshark.get_capture_jobs()
if len(jobs) == 0:
print ("No jobs on the appliance, you can create jobs using the "
"'create_job.py' and start/stop them using the "
"'control_job.py' script.")
return 0
# Pick the first job
job = jobs[0]
print 'creating a 30 minutes clip on job {0}'.format(job.name)
# set the filters
filters = (
# Time filter: keep the last 30 minutes
TimeFilter.parse_range("last 30 m"),
# IP address filter: keep only 192.168.0.1
NetSharkFilter('ip.src="192.168.0.1"')
)
# Create the clip
clip = job.add_clip(filters, "a_test_clip")
print 'Clip with the following properties created:'
print ''
print 'ID: %s' % clip.id
print 'Description: %s' % clip.description
print 'Source Path: %s' % clip.source_path
print 'Size: %s' % clip.size
def test_loaded_decorator(self):
shark = self.shark
fltr = (TimeFilter.parse_range("last 30 m"))
interface = shark.get_interfaces()[0]
job = self.shark.create_job(interface, 'test_loaded_decorator', '300MB')
with shark.create_clip(job, [fltr], 'test_decorator_clip') as clip:
#this will test the @loaded decorator
clip.size
def test_clip_export(self):
job = self.shark.get_capture_jobs()[0]
fltr = TimeFilter.parse_range('last 1 minute')
clip = self.shark.create_clip(job, [fltr], 'test_clip')
logger.info('created 1 min trace clip for export test')
f = clip.download()
f.close()
self.assertTrue(os.path.exists(f.name))
os.remove(f.name)
def test_clip_export(self):
job = self.shark.get_capture_jobs()[0]
fltr = TimeFilter.parse_range('last 1 minute')
clip = self.shark.create_clip(job, [fltr], 'test_clip')
logger.info('created 1 min trace clip for export test')
f = clip.download()
f.close()
self.assertTrue(os.path.exists(f.name))
os.remove(f.name)
def test_loaded_decorator(self):
shark = self.shark
fltr = (TimeFilter.parse_range("last 30 m"))
interface = shark.get_interfaces()[0]
job = self.shark.create_job(interface, 'test_loaded_decorator',
'300MB')
with shark.create_clip(job, [fltr], 'test_decorator_clip') as clip:
#this will test the @loaded decorator
clip.size
def setup_defaults():
#
# some columns and filters we can use for creating views
#
columns = [Key('ip.src'),
Key('ip.dst'),
Value('generic.packets'),
Value('http.duration', Operation.max, description="Max Duration"),
Value('http.duration', Operation.avg, description="Avg Duration")]
# we don't
# have generic.application in 5.0 anymore
filters = [NetSharkFilter('(tcp.src_port=80) | (tcp.dst_port=80)'),
TimeFilter.parse_range('last 2 hours')]
return columns, filters
def test_view_on_job(self):
""" Test creating a view on a capture job """
job = setup_capture_job(self.shark)
columns, filters = setup_defaults()
with self.shark.create_view(
job,
columns,
None,
name='test_view_on_job') as view:
data = view.get_data()
self.assertTrue(
view.config['input_source']['path'].startswith('jobs'))
#testing bug 111168
#http://bugzilla.nbttech.com/show_bug.cgi?id=111168
with self.shark.create_view(job,
columns,
filters,
name='bug_111168') as view:
data = view.get_data()
self.assertTrue(
view.config['input_source']['path'].startswith('jobs'))
with self.shark.create_view(job, columns,
[TimeFilter.parse_range('last 2 hours')],
name='bug_111168_2') as view:
data = view.get_data()
self.assertTrue(
view.config['input_source']['path'].startswith('jobs'))
self.assertEqual(len(view.config['input_source']['filters']), 1)
filter = view.config['input_source']['filters'][0]
self.assertEqual(
filter.start + datetime.timedelta(hours=2),
filter.end)
def test_shark_interface(self):
interfaces = self.shark.get_interfaces()
try:
interface = self.shark.get_interface_by_name('mon0')
except:
interface = self.shark.get_interfaces()[0]
try:
job = self.shark.get_capture_job_by_name('test_shark_interface_job')
job.delete()
except ValueError:
#everything is allright,
#we can create the test_shark_interface_job job
pass
job = self.shark.create_job(interface,
'test_shark_interface_job',
'300M')
filters = [TimeFilter.parse_range('last 10 minutes')]
with self.shark.create_clip(job, filters,
'test_shark_interface_clip') as clip:
self.shark.get_capture_jobs()
self.shark.get_clips()
self.assertNotEqual(
self.shark.get_capture_job_by_name(
'test_shark_interface_job'), None)
self.assertNotEqual(
self.shark.get_trace_clip_by_description(
'test_shark_interface_clip'), None)
try:
self.assertNotEqual(
self.shark.get_file('/admin/noon.cap'), None)
except RvbdHTTPException as e:
if e.status != 404:
raise
self.assertNotEqual(self.shark.get_files(), None)
self.assertNotEqual(self.shark.get_dir('/admin/'), None)
job.delete()
def test_shark_interface(self):
interfaces = self.shark.get_interfaces()
try:
interface = self.shark.get_interface_by_name('mon0')
except:
interface = self.shark.get_interfaces()[0]
try:
job = self.shark.get_capture_job_by_name(
'test_shark_interface_job')
job.delete()
except ValueError:
#everything is allright,
#we can create the test_shark_interface_job job
pass
job = self.shark.create_job(interface, 'test_shark_interface_job',
'300M')
filters = [TimeFilter.parse_range('last 10 minutes')]
with self.shark.create_clip(job, filters,
'test_shark_interface_clip') as clip:
self.shark.get_capture_jobs()
self.shark.get_clips()
self.assertNotEqual(
self.shark.get_capture_job_by_name('test_shark_interface_job'),
None)
self.assertNotEqual(
self.shark.get_trace_clip_by_description(
'test_shark_interface_clip'), None)
try:
self.assertNotEqual(self.shark.get_file('/admin/noon.cap'),
None)
except RvbdHTTPException as e:
if e.status != 404:
raise
self.assertNotEqual(self.shark.get_files(), None)
self.assertNotEqual(self.shark.get_dir('/admin/'), None)
job.delete()
def main(self):
if self.options.timerange is not None:
try:
timefilter = TimeFilter.parse_range(self.options.timerange)
except ValueError:
print "Could not parse time filter expression."
return
elif (self.options.starttime is not None or
self.options.endtime is not None):
timeparser = TimeParser()
if self.options.starttime is None:
start_time = datetime.min
else:
try:
start_time = timeparser.parse(self.options.starttime)
except ValueError:
print "Could not parse start timestamp"
return
if self.options.endtime is None:
end_time = datetime.now()
else:
try:
end_time = timeparser.parse(self.options.endtime)
except ValueError:
print "Could not parse end timestamp"
return
timefilter = TimeFilter(start_time, end_time)
else:
timefilter = None
filters = [NetSharkFilter(f) for f in self.options.filters]
if timefilter is not None:
filters.append(timefilter)
if self.options.file is None:
sharks_info = [[self.options.host, self.options.username,
self.options.password]]
else:
sharks_info = self.get_csv_sharks_info(self.options.file)
out_table = []
for host, username, password in sharks_info:
shark = NetShark(host, auth=UserAuth(username, password))
jobs_bytes = self.get_jobs_bytes(shark, filters)
if not jobs_bytes:
print "(No data returned from NetShark {0}.)".format(host)
else:
for job_name, job_bytes in self.get_jobs_bytes(shark, filters):
out_table.append([host, job_name, job_bytes])
if not out_table:
print "No data found by any NetShark."
else:
out_table_sorted = sorted(out_table, reverse=True,
key=operator.itemgetter(2))
heads = ["NetShark", "Job", "Total bytes"]
Formatter.print_table(out_table_sorted, heads)
def main(self):
if self.options.jobname:
export_name = self.options.jobname
source = self.netshark.get_capture_job_by_name(export_name)
create_export = self.netshark.api.jobs.create_export
status_export = self.netshark.api.jobs.get_export_details
download_export = self.netshark.api.jobs.get_packets_from_export
delete_export = self.netshark.api.jobs.delete_export
elif self.options.clipname:
export_name = self.options.clipname
source = self.netshark.get_trace_clip_by_description(export_name)
create_export = self.netshark.api.clips.create_export
status_export = self.netshark.api.clips.get_export_details
download_export = self.netshark.api.clips.get_packets_from_export
delete_export = self.netshark.api.clips.delete_export
filename = self.options.filename
if not filename:
filename = '%s_export.pcap' % export_name
if self.options.timerange:
timefilter = TimeFilter.parse_range(self.options.timerange)
elif self.options.start_time and self.options.end_time:
start = string_to_datetime(float(self.options.start_time))
end = string_to_datetime(float(self.options.end_time))
timefilter = TimeFilter(start, end)
else:
self.optparse.error('Select either --timerange or --start and --end times')
config = {
#'output_filename': filename,
'output_format': 'PCAP_US',
'start_time': datetime_to_seconds(timefilter.start),
'end_time': datetime_to_seconds(timefilter.end),
}
if self.options.filters:
filters = [f.split('=') for f in self.options.filters]
filters = [r'%s="%s"' % (k, v) for k, v in filters]
config['filters'] = [NetSharkFilter(filt).bind(self.netshark) for filt in filters]
try:
export_id = create_export(source.id, config=config)
print 'Export created with ID: %s' % export_id
status = status_export(source.id, export_id['id'])
print 'Current status of export is:\n%s' % status
if status['status']['state'] == 'RUNNING':
print 'beginning download to file %s' % filename
download_export(source.id, export_id['id'], filename)
finally:
try:
print 'Trying to delete export ... ',
delete_export(source.id, export_id['id'])
print 'deleted.'
except:
print 'Error when trying to delete export. Ignoring.'
pass
def create_trace_clip(shark, job):
# create a relatively short trace clip that we can use later
fltr = TimeFilter.parse_range('last 10 minutes')
clip = shark.create_clip(job, [fltr], 'test_clip')
logger.info('created test trace clip')
return clip
