Creating an Interactive Bash Script to Call a PCAP to Analyz

MrTuxor · April 17, 2013, 2:19pm

Hello Everyone,

I am currently trying to write a Bash Script to call a PCAP file. The command I will use in the script will be the following:

tshark –r testfile.pcap –T fields –e frame.number –e frame.time –e eth.src –e eth.dst –e ip.src –e ip.dst –r ip.proto –E header=y –E separator=, quote=d –E occurance=f > testfile.csv

This command will allow me to see everything I need in a nicely formatted CSV file however I am struggling to write an interactive script to input **both ****the **name of the pcap (testfile.pcap above) and the name of the csv file (testfile.csv above) for the output to be saved to.

Does anyone know how I could put this into an interactive script so that when an admin runs the script, they can input the name of the existing pcap and the name of the csv file that the formatted information should be saved to?

Thanks in advance!

Tuxor

wsgd · April 30, 2013, 9:08pm

Script capture.sh :

inputFile=$1
outputFile=$2

if  -z "${inputFile}" ]
then
   echo -n "Enter input capture file name and press [ENTER]: " 
   read  inputFile
fi

if  -z "${outputFile}" ]
then
   echo -n "Enter output file name and press [ENTER]: " 
   read  outputFile
fi

tshark –r ${inputFile} –T fields –e frame.number –e frame.time –e eth.src –e eth.dst –e ip.src –e ip.dst –r ip.proto –E header=y –E separator=, quote=d –E occurance=f > ${outputFile}

Call the script :
capture.sh testfile.pcap testfile.csv
capture.sh testfile.pcap
capture.sh

Code not tested.