filter tcp traffic

ChaosCypher · Mar 6, 2024 · dc2268f · dc2268f
1 parent f0de509
commit dc2268f
Showing 1 changed file with 48 additions and 39 deletions.
diff --git a/bidir-traffic-check.sh b/bidir-traffic-check.sh
@@ -1,67 +1,76 @@
 #!/usr/bin/env bash
 
-# add path to tcpdump (if empty defaults to $PATH)
-TCPDUMP_PATH=
+set -x
 
-# set the network interfaces to check (if empty defaults to all interfaces)
+# Path to tcpdump (defaults to $PATH if empty)
+TCPDUMP_PATH=
+# Automatically found network interfaces in 'up' status
+AUTO_INTERFACES=()
+# Network interfaces to check (defaults to all interfaces if empty)
 INTERFACES=()
-
-# set the network interface ignore array (useful when defaulting to all interfaces)
+# Network interface ignore list (useful when defaulting to all interfaces)
 IGNORE_INTERFACES=("lo" "docker0" "virbr0")
-
-# set return codes
+# Return codes
 OK=0
 ERROR=1
 WARNING=2
 UNKNOWN=3
-
-# makes sure were runnig with escalated privlidges
-function checkSudo () {
+# Check for root privileges
+function checkSudo() {
     if (( $(id -u) != 0 )); then
-        echo "ERROR - This must be run with root privlidges!"
+        echo "ERROR - This script must be run with root privileges!"
         return $ERROR
     fi
 }
-
-# populates an array of network interfaces
-function getInterfaces () {
-    if (( ${#INTERFACES[@]} < 1 )); then
+# Populate the network interfaces array
+function getInterfaces() {
+    if (( ${#INTERFACES[@]} == 0 )); then
         for iface in /sys/class/net/*; do
-            INTERFACES+=("$iface")
+            INTERFACES+=("${iface}")
         done
     fi
 }
-
-# removes network interfaces that are in the ignore array from the interfaces array
+# Remove ignored interfaces from the interfaces array
 function ignoreInterfaces() {
-    if (( ${#IGNORE_INTERFACES[@]} >= 1 )); then
-        for iface in "${IGNORE_INTERFACES[@]}"; do
-            INTERFACES=( "${INTERFACES[@]/*$iface/}" )
-        done
-    fi
+    for ignored_iface in "${IGNORE_INTERFACES[@]}"; do
+        INTERFACES=("${INTERFACES[@]/$ignored_iface}")
+    done
 }
-
-# finds interfaces marked as down and removes them from the interfaces array
-function removeDownInterfaces () {
+# Remove interfaces marked as 'down'
+function removeDownInterfaces() {
     for iface in "${INTERFACES[@]}"; do
-        if [[ -n "${iface}" ]]; then
-            if grep -q down "$iface/operstate"; then
-                INTERFACES=( "${INTERFACES[@]/*$iface/}" )
+        if [[ -n "$iface" && -f "/sys/class/net/$iface/operstate" ]]; then
+            if grep -q 'up' "/sys/class/net/$iface/operstate"; then
+                AUTO_INTERFACES+=("$iface")
             fi
         fi
     done
 }
-
-# function checkTraffic () {
-# }
-
-# function main () {
-#     checkSudo()
-# }
-
-# main()
-
+# Check for bi-directional traffic on interfaces
+function checkTraffic() {
+    for iface in "${AUTO_INTERFACES[@]}"; do
+        tcpdump -n -i "$iface" tcp -c 50 2> /dev/null | awk '{
+            src[NR]=$3;
+            dst[NR]=substr($5, 1, length($5)-1)
+        }
+        END {
+            for (i=1; i<=NR; i++) {
+                for (j=1; j<=NR; j++) {
+                    if (src[i] == dst[j] && src[i] != "") {
+                        if (dst[i] == src[j]) {
+                            print "Bi-Directional communication found on '"$iface"'\n" src[i]" -> "dst[i]"\n"src[j]" -> "dst[j];
+                            exit
+                        }
+                    }
+                }
+            }
+            print "Bi-Directional communication not found on '"$iface"'"
+        }'
+    done
+}
+# Main script execution
 checkSudo
 getInterfaces
 ignoreInterfaces
 removeDownInterfaces
+checkTraffic