├── .github └── FUNDING.yml ├── LICENSE ├── README.md └── packet_capture.sh /.github/FUNDING.yml: -------------------------------------------------------------------------------- 1 | # These are supported funding model platforms 2 | 3 | github: # Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2] 4 | patreon: # Replace with a single Patreon username 5 | open_collective: # Replace with a single Open Collective username 6 | ko_fi: # Replace with a single Ko-fi username 7 | tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel 8 | community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry 9 | liberapay: # Replace with a single Liberapay username 10 | issuehunt: # Replace with a single IssueHunt username 11 | lfx_crowdfunding: # Replace with a single LFX Crowdfunding project-name e.g., cloud-foundry 12 | polar: # Replace with a single Polar username 13 | buy_me_a_coffee: # Replace with a single Buy Me a Coffee username 14 | thanks_dev: # Replace with a single thanks.dev username 15 | custom: ['https://t.me/FreakXray', 'freak_4L.t.me'] # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2'] 16 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2024 Freak 4L 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 |

Network Packet Capture & Analysis Script

5 | 6 |

Overview

7 |

This Bash script leverages the power of tshark for real-time network packet capture and analysis. Designed for network engineers and security professionals, it streamlines monitoring network traffic, detecting anomalies, and troubleshooting issues.

8 | 9 |

Key Features

10 | 16 | 17 |

Execute the Script

18 |

run the script directly using wget : 19 | 

wget "https://raw.githubusercontent.com/FReak4L/packet-capture/main/packet_capture.sh" -O packet_captrue.sh && sed -i 's/\r$//' packet_captrue.sh && bash packet_captrue.sh
20 | 21 | 22 |

How It Works

23 |
    24 |
  1. Start the Script: The command fetches the script and pipes it directly into bash for execution.
    2. 25 |
  2. User Inputs: You will be prompted to enter: 26 | 31 |
    3. 32 |
33 | 34 |

Logic & Calculations

35 | 45 | 46 |

Conclusion

47 |

With its intuitive interface and robust functionality, this packet capture script is an essential tool for diving deeper into network diagnostics and performance tuning. Whether you're troubleshooting connectivity issues, analyzing traffic patterns, or enhancing network security, this script is your go-to solution.

48 |

Harness the power of tshark and elevate your network management strategy today!

49 | 50 | 51 | 52 | 53 | -------------------------------------------------------------------------------- /packet_capture.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | #File name 3 | capture_file="capture.pcap" 4 | #Color 5 | RED='\033[0;31m' 6 | GREEN='\033[0;32m' 7 | YELLOW='\033[0;33m' 8 | BLUE='\033[0;34m' 9 | CYAN='\033[0;36m' 10 | NC='\033[0m' 11 | #Error Handle 12 | error_exit() { 13 | echo -e "${RED}Error: $1${NC}" 14 | exit 1 15 | } 16 | #install & check tshark 17 | if ! command -v tshark &> /dev/null; then 18 | echo "Installing tshark..." 19 | if ! sudo apt-get install -y tshark &> /dev/null; then 20 | error_exit "Failed to install tshark." 21 | fi 22 | fi 23 | 24 | clear 25 | 26 | read -p "Enter the network interface (e.g., eth0, wlan0): " iface 27 | 28 | if ! ip link show "$iface" &> /dev/null; then 29 | error_exit "Network interface '$iface' does not exist." 30 | fi 31 | #inputs 32 | read -p "Enter capture duration (seconds): " duration 33 | read -p "Enter max packets to capture: " max_packets 34 | #Del 35 | rm -f "$capture_file" 36 | #Start 37 | echo -e "${YELLOW}Starting to capture packets on interface '$iface' for $duration seconds...${NC}" 38 | if ! sudo tshark -i "$iface" -a duration:"$duration" -c "$max_packets" -w "$capture_file" &> /dev/null; then 39 | error_exit "Failed to capture packets." 40 | fi 41 | 42 | echo -e "\n${YELLOW}Analyzing captured packets...${NC}\n" 43 | 44 | # TCP Error Analysis 45 | echo -e "${CYAN}TCP Error Analysis:${NC}" 46 | 47 | tcp_errors=( 48 | "tcp.analysis.retransmission:Retransmission" 49 | "tcp.analysis.fast_retransmission:Fast Retransmission" 50 | "tcp.analysis.out_of_order:Out-of-Order" 51 | "tcp.analysis.spurious_retransmission:Spurious Retransmission" 52 | "tcp.analysis.duplicate_ack:Duplicate ACK" 53 | "tcp.analysis.zero_window_probe:Zero Window Probe" 54 | "tcp.analysis.zero_window:Zero Window" 55 | "tcp.analysis.keep_alive:Keep-Alive" 56 | ) 57 | 58 | total_errors=0 59 | total_packets=$(tshark -r "$capture_file" 2>/dev/null | wc -l) 60 | 61 | for error in "${tcp_errors[@]}"; do 62 | IFS=":" read -r filter name <<< "$error" 63 | count=$(tshark -r "$capture_file" -Y "$filter" 2>/dev/null | wc -l) 64 | total_errors=$((total_errors + count)) 65 | percentage=$(awk "BEGIN {printf \"%.2f\", ($count / $total_packets) * 100}") 66 | 67 | if (( $(echo "$percentage < 0.1" | bc -l) )); then 68 | status="${GREEN}[✓]${NC}" 69 | elif (( $(echo "$percentage < 1.0" | bc -l) )); then 70 | status="${YELLOW}[ ! ]${NC}" 71 | else 72 | status="${RED}[ X ]${NC}" 73 | fi 74 | 75 | printf "${status} %-25s: %d (%.2f%%)\n" "$name" "$count" "$percentage" 76 | sleep 0.5 77 | done 78 | 79 | # Health Checker 80 | echo -e "\n${CYAN}Network Health Assessment:${NC}" 81 | error_percentage=$(awk "BEGIN {printf \"%.2f\", ($total_errors / $total_packets) * 100}") 82 | if (( $(echo "$error_percentage < 1.0" | bc -l) )); then 83 | echo -e "${GREEN}[✓] The network appears to be relatively healthy.${NC}" 84 | elif (( $(echo "$error_percentage < 5.0" | bc -l) )); then 85 | echo -e "${YELLOW}[ ! ] The network has some issues that may need attention.${NC}" 86 | else 87 | echo -e "${RED}[ X ] The network has significant problems and requires immediate attention.${NC}" 88 | fi 89 | 90 | sleep 1 91 | 92 | #Tcp Quality 93 | echo -e "\n${CYAN}TCP Connection Quality:${NC}" 94 | syn_count=$(tshark -r "$capture_file" -Y "tcp.flags.syn==1 and tcp.flags.ack==0" 2>/dev/null | wc -l) 95 | synack_count=$(tshark -r "$capture_file" -Y "tcp.flags.syn==1 and tcp.flags.ack==1" 2>/dev/null | wc -l) 96 | rst_count=$(tshark -r "$capture_file" -Y "tcp.flags.reset==1" 2>/dev/null | wc -l) 97 | total_tcp=$(tshark -r "$capture_file" -Y "tcp" 2>/dev/null | wc -l) 98 | 99 | print_tcp_metric() { 100 | local name=$1 101 | local count=$2 102 | local percentage=$(awk "BEGIN {printf \"%.2f\", ($count / $total_tcp) * 100}") 103 | if (( $(echo "$percentage < 1" | bc -l) )); then 104 | status="${GREEN}[✓]${NC}" 105 | elif (( $(echo "$percentage < 5" | bc -l) )); then 106 | status="${YELLOW}[ ! ]${NC}" 107 | else 108 | status="${RED}[ X ]${NC}" 109 | fi 110 | printf "${status} %-15s: %d (%.2f%%)\n" "$name" "$count" "$percentage" 111 | } 112 | 113 | print_tcp_metric "SYN packets" $syn_count 114 | print_tcp_metric "SYN-ACK packets" $synack_count 115 | print_tcp_metric "RST packets" $rst_count 116 | 117 | sleep 1 118 | 119 | #Top ip 120 | echo -e "\n${CYAN}Top 5 Talkers:${NC}" 121 | tshark -r "$capture_file" -T fields -e ip.src -e ip.dst 2>/dev/null | 122 | sed 's/\t/\n/' | sort | uniq -c | sort -nr | head -n 5 | 123 | awk '{ printf "%-15s %s packets\n", $2, $1 }' 124 | 125 | sleep 1 126 | 127 | #Top Protocols 128 | echo -e "\n${CYAN}Protocol Distribution:${NC}" 129 | protocol_data=$(tshark -r "$capture_file" -T fields -e frame.protocols 2>/dev/null | 130 | sed 's/:/\n/g' | sort | uniq -c | sort -nr | head -n 5) 131 | 132 | total_packets=$(echo "$protocol_data" | awk '{sum += $1} END {print sum}') 133 | 134 | echo "$protocol_data" | while read count protocol; do 135 | percentage=$(awk "BEGIN {printf \"%.2f\", ($count / $total_packets) * 100}") 136 | if (( $(echo "$percentage > 50" | bc -l) )); then 137 | status="${RED}[ ! ]${NC}" 138 | elif (( $(echo "$percentage > 20" | bc -l) )); then 139 | status="${YELLOW}[ - ]${NC}" 140 | else 141 | status="${GREEN}[✓]${NC}" 142 | fi 143 | printf "${status} %-15s %s packets (%.2f%%)\n" "$protocol" "$count" "$percentage" 144 | done 145 | 146 | echo -e "\n${GREEN} @FreakXray Analysis complete.${NC}" 147 | --------------------------------------------------------------------------------