PCAP script.
I have a server with 32 processors, and need to maximize this script to utilize those processors. Currently, the program tshark only uses 1 processor, so I need to run multiple instances of tshark at the same time. Currently the loop defined in the script below does 1 pcap at a time which is very slow. I need to run up to 15 tsharks at one time, but not more than that until the loop gets to the end of the file.
Essentially the script reads certain pcap files and lists the pcaps in a text file, and then uses tshark to filter, and then merges using mergecap.
In this example there are 5 pcap files to filter.
- full_cap_1589
- full_cap_1590
- full_cap_1591
- full_cap_1592
- full_cap_1593
#!/bin/bash
# Test Script to parse pcap files
#DATE=`date |awk '{print $2}'`
set -x
echo "Start Time - Month/Day TIME example: 07/19 08:00"
read -e date1
echo "End Time - Month/Day TIME example 07/19 08:35"
read -e date2
echo "What IP address to filter on?"
read -e ip
echo $ip
FIND=`find /mnt/pcap/captures/ -type f -newermt "$date1" ! -newermt "$date2" | cut -c20-40 > /home/username/loading_dock/load.txt`
#for full_caps in "${FIND[@]}"
for i in `cat /home/username/loading_dock/load.txt`
do
tshark -r /mnt/pcap/captures/$i "-Y ip.addr == $ip" -w /home/username/loading_dock/$i.pcap
done
mergecap -w /home/username/loading_dock/*.pcap -w /home/username/test1.pcap
rm -rf /home/username/loading_dock/*.pcap
rm -f /home/username/loading_dock/load.txt
exit 0
