Class: Dorothy::Doro_NAM

Inherits:
Object
  • Object
show all
Defined in:
lib/dorothy2/NAM.rb

Overview

Dorothy module-class for controlling the network sniffers i.e. tcpdump instances

Instance Method Summary collapse

Constructor Details

#initialize(namdata) ⇒ Doro_NAM

Create a dotothy user in the NSM machine, and add this line to the sudoers :

dorothy  ALL = NOPASSWD: /usr/sbin/tcpdump, /bin/kill



14
15
16
17
18
19
 
# File 'lib/dorothy2/NAM.rb', line 14

def initialize(namdata)
  @server = namdata[:host]
  @user= namdata[:user]
  @pass= namdata[:pass]
  @port = namdata[:port]
end

Instance Method Details

#init_snifferObject 



44
45
46
47
48
 
# File 'lib/dorothy2/NAM.rb', line 44

def init_sniffer
  Net::SSH.start(@server, @user, :password => @pass, :port =>@port) do |ssh|
    ssh.exec "nohup sudo killall tcpdump 2>/dev/null"
  end
end

#start_sniffer(vmaddress, interface, name, pcaphome) ⇒ Object 



21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
 
# File 'lib/dorothy2/NAM.rb', line 21

def start_sniffer(vmaddress, interface, name, pcaphome)
  Net::SSH.start(@server, @user, :password => @pass, :port =>@port) do |ssh|
    MANUAL ? not_rdp = "and not port 3389" : not_rdp = ""
    ssh.exec "nohup sudo tcpdump -i #{interface} -s 1514 -w #{pcaphome}/#{name}.pcap host #{vmaddress} #{not_rdp} 2> log.tmp  & "

    begin
      t = ssh.exec!"ps aux |grep #{name}|grep -v grep|grep -v bash"
      pid = t.split(" ")[1]
    rescue
      r = 0
      if r <= 2
        r = r+1
        LOGGER.warn "NSM", " NAM has failed to catch the Tcpdump PID, retry n. #{r}/3"
        sleep 2
        retry
      end
      LOGGER.warn "NSM", " NAM has failed to catch the Tcpdump PID, retry n. #{r}/3"
      raise
    end
    return pid.to_i
  end
end

#stop_sniffer(pid) ⇒ Object 



50
51
52
53
54
55
 
# File 'lib/dorothy2/NAM.rb', line 50

def stop_sniffer(pid)
  Net::SSH.start(@server, @user, :password => @pass, :port =>@port) do |ssh|
    ssh.exec "sudo kill -2 #{pid}"
    LOGGER.debug "NAM", "Tcpdump instance #{pid} stopped"
  end
end