Class: Dorothy::Doro_NAM
- Inherits:
-
Object
- Object
- Dorothy::Doro_NAM
- Defined in:
- lib/dorothy2/NAM.rb
Overview
Dorothy module-class for controlling the network sniffers i.e. tcpdump instances
Instance Method Summary collapse
- #init_sniffer ⇒ Object
-
#initialize(namdata) ⇒ Doro_NAM
constructor
Create a dotothy user in the NSM machine, and add this line to the sudoers : dorothy ALL = NOPASSWD: /usr/sbin/tcpdump, /bin/kill.
- #start_sniffer(vmaddress, interface, name, pcaphome) ⇒ Object
- #stop_sniffer(pid) ⇒ Object
Constructor Details
#initialize(namdata) ⇒ Doro_NAM
Create a dotothy user in the NSM machine, and add this line to the sudoers :
dorothy ALL = NOPASSWD: /usr/sbin/tcpdump, /bin/kill
14 15 16 17 18 19 |
# File 'lib/dorothy2/NAM.rb', line 14 def initialize(namdata) @server = namdata[:host] @user= namdata[:user] @pass= namdata[:pass] @port = namdata[:port] end |
Instance Method Details
#init_sniffer ⇒ Object
44 45 46 47 48 |
# File 'lib/dorothy2/NAM.rb', line 44 def init_sniffer Net::SSH.start(@server, @user, :password => @pass, :port =>@port) do |ssh| ssh.exec "nohup sudo killall tcpdump 2>/dev/null" end end |
#start_sniffer(vmaddress, interface, name, pcaphome) ⇒ Object
21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 |
# File 'lib/dorothy2/NAM.rb', line 21 def start_sniffer(vmaddress, interface, name, pcaphome) Net::SSH.start(@server, @user, :password => @pass, :port =>@port) do |ssh| MANUAL ? not_rdp = "and not port 3389" : not_rdp = "" ssh.exec "nohup sudo tcpdump -i #{interface} -s 1514 -w #{pcaphome}/#{name}.pcap host #{vmaddress} #{not_rdp} 2> log.tmp & " begin t = ssh.exec!"ps aux |grep #{name}|grep -v grep|grep -v bash" pid = t.split(" ")[1] rescue r = 0 if r <= 2 r = r+1 LOGGER.warn "NSM", " NAM has failed to catch the Tcpdump PID, retry n. #{r}/3" sleep 2 retry end LOGGER.warn "NSM", " NAM has failed to catch the Tcpdump PID, retry n. #{r}/3" raise end return pid.to_i end end |
#stop_sniffer(pid) ⇒ Object
50 51 52 53 54 55 |
# File 'lib/dorothy2/NAM.rb', line 50 def stop_sniffer(pid) Net::SSH.start(@server, @user, :password => @pass, :port =>@port) do |ssh| ssh.exec "sudo kill -2 #{pid}" LOGGER.debug "NAM", "Tcpdump instance #{pid} stopped" end end |