OpenLI

From neil.tappsville.com
Revision as of 01:33, 26 April 2022 by Gonzo (talk | contribs)
Jump to navigationJump to search

LI Information

Open LI Compiling

Wireshark

https://wiki.wireshark.org/jmirror

OpenLI Intercept Management

OpenLI Test Cases

OpenLI Testing Tools

https://github.com/wanduow/openli https://github.com/LibtraceTeam/libtrace https://github.com/wanduow/libwandder

Interfaces

Disabling NIC offloading for capturing interfaces that are not encapsulated in a vendors wrapper/header to prevent desegmentation/defragmentation

/etc/sysconfig/network-scripts/ifcfg-<INTERFACE>
ETHTOOL_OPTS="-K <INTERFACE> gso off gro off tso off"

Enable without restarting ethtool -K <INTERFACE> gso off gro off tso off


Transferring pcaps

Should be using keys, but if no public key is used, will need to have the password in a file that sshpass can read (it essentially runs expect looking for a 'assword' prompt

scp

Crontab
* * * * * /usr/bin/flock -n /tmp/openli-[LLID].lck /bin/find /pcaps/openli-[LLID]* -type f -mmin +1 -exec sshpass -f "/dir/scp-job.pass" scp -P [port] -r {} [user]@[ipaddress]:/[directory]/ \; -delete

sftp (for really simple folk)

Crontab
* * * * * /usr/bin/flock -n /tmp/openli-[LLID].lck /bin/find /pcaps/openli-[LLID]* -type f -mmin +1 -exec  sh -c "echo 'put {}' | sshpass -f '/dir/scp-job.pass' sftp -q -P 2221 [user]@[ipaddress]:/[directory]/" \; -delete


sftp