Difference between revisions of "OpenLI"
From neil.tappsville.com
Jump to navigationJump to searchm |
m |
||
| Line 27: | Line 27: | ||
</pre> | </pre> | ||
Enable without restarting <code>ethtool -K <INTERFACE> gso off gro off tso off</code> | Enable without restarting <code>ethtool -K <INTERFACE> gso off gro off tso off</code> | ||
| + | |||
| + | |||
| + | == Transferring pcaps == | ||
| + | Should be using keys, but if no public key is used, will need to have the password in a file that sshpass can read (it essentially runs expect looking for a 'assword' prompt | ||
| + | |||
| + | scp | ||
| + | <pre> | ||
| + | Crontab | ||
| + | * * * * * /usr/bin/flock -n /tmp/openli-[LLID].lck /bin/find /pcaps/openli-[LLID]* -type f -mmin +1 -exec sshpass -f "/dir/scp-job.pass" scp -P [port] -r {} [user]@[ipaddress]:/[directory]/ \; -delete | ||
| + | </pre> | ||
| + | |||
| + | sftp (for really simple folk) | ||
| + | <pre> | ||
| + | Crontab | ||
| + | * * * * * /usr/bin/flock -n /tmp/openli-[LLID].lck /bin/find /pcaps/openli-[LLID]* -type f -mmin +1 -exec sh -c "echo 'put {}' | sshpass -f '/dir/scp-job.pass' sftp -q -P 2221 [user]@[ipaddress]:/[directory]/" \; -delete | ||
| + | </pre> | ||
| + | |||
| + | |||
| + | sftp | ||
Revision as of 01:33, 26 April 2022
LI Information
- https://youtu.be/pRXdv-CaVjA?t=3710 LI how it works and Handover Interfaces
- https://youtu.be/7p1SH8-6KtI?t=3524 NZ LI Legislation
Wireshark
https://wiki.wireshark.org/jmirror
https://github.com/wanduow/openli https://github.com/LibtraceTeam/libtrace https://github.com/wanduow/libwandder
Interfaces
Disabling NIC offloading for capturing interfaces that are not encapsulated in a vendors wrapper/header to prevent desegmentation/defragmentation
/etc/sysconfig/network-scripts/ifcfg-<INTERFACE> ETHTOOL_OPTS="-K <INTERFACE> gso off gro off tso off"
Enable without restarting ethtool -K <INTERFACE> gso off gro off tso off
Transferring pcaps
Should be using keys, but if no public key is used, will need to have the password in a file that sshpass can read (it essentially runs expect looking for a 'assword' prompt
scp
Crontab
* * * * * /usr/bin/flock -n /tmp/openli-[LLID].lck /bin/find /pcaps/openli-[LLID]* -type f -mmin +1 -exec sshpass -f "/dir/scp-job.pass" scp -P [port] -r {} [user]@[ipaddress]:/[directory]/ \; -delete
sftp (for really simple folk)
Crontab
* * * * * /usr/bin/flock -n /tmp/openli-[LLID].lck /bin/find /pcaps/openli-[LLID]* -type f -mmin +1 -exec sh -c "echo 'put {}' | sshpass -f '/dir/scp-job.pass' sftp -q -P 2221 [user]@[ipaddress]:/[directory]/" \; -delete
sftp
