-
Notifications
You must be signed in to change notification settings - Fork 0
/
mcap.rb
executable file
·97 lines (73 loc) · 2.58 KB
/
mcap.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
#!/usr/bin/ruby
require 'rubygems'
require 'time'
require 'packetfu'
require 'postgres'
# ///////////////////////////////////////////////////////////////////////
# //
# // table function that creates monthly tables if necessary
# //
# ///////////////////////////////////////////////////////////////////////
def table(day)
conn = PGconn.connect("localhost", 5432, '', '', "maestro", "dbusername", "dbpassword")
# //
# // get dates for constraint exclusion
# //
d = Time.parse("day")
doy = d.strftime("%Y")
dom = d.strftime("%m")
doy = doy.to_i
dom = dom.to_i
first_dom = Date.new(doy,dom, +1)
last_dom = Date.new(doy,dom, -1)
maestro_day = d.strftime("maestro_mac_%Y%m")
maestro_day_idx = d.strftime("maestro_mac_%Y%m_idx")
begin
res = conn.exec("SELECT * FROM #{maestro_day};");
rescue
puts "table doesn't exit\n"
res = conn.exec("CREATE TABLE #{maestro_day} ( PRIMARY KEY(src_ip,src_mac,insert_time) , CHECK (insert_time >= '#{first_dom}' AND insert_time <= '#{last_dom}')) INHERITS (maestro_mac);")
res = conn.exec("CREATE INDEX #{maestro_day_idx} ON #{maestro_day} (src_ip,src_mac,insert_time);")
else
puts "table exits\n"
end
conn.close()
end
month=nil
cap = PacketFu::Capture.new(:iface => 'eth1.801', :start => true, :promisc => true, :filter => "dst host 172.16.16.49 and dst port 80")
cap.stream.each do |pkt|
packet = PacketFu::Packet.parse(pkt)
puts [packet.ip_saddr, packet.eth_saddr]
src_ip = packet.ip_saddr
src_mac = packet.eth_saddr
# //
# // muck with the date/time
# //
t = Time.parse(pkt)
insert_time = t.strftime("%Y-%m-%d %H:%M:%S")
tmp = t.strftime("%m")
# //
# // check for current table
# //
maestro_day = t.strftime("maestro_mac_%Y%m")
day = t.strftime("%Y-%m")
if tmp != month
puts "creating new table\n"
table(day)
end
month = t.strftime("%m")
# //
# // insert data and supress errors
# //
conn = PGconn.connect("localhost", 5432, '', '', "maestro", "dbusername", "dbpassword")
begin
res = conn.exec("INSERT INTO #{maestro_day} (src_ip,src_mac,insert_time)
VALUES('#{src_ip}','#{src_mac}','#{insert_time}');")
rescue
puts "skipping insert, duplicate found."
else
puts "inserting data, src_ip: #{src_ip}"
end
conn.close()
end
# ///////////////////////////////////////////////////////////////////////