#!/bin/sh

#
# Copyright (c) 1991 University of Southern California.
# All rights reserved.
#
# Redistribution and use in source and binary forms are permitted
# provided that the above copyright notice and this paragraph are
# duplicated in all such forms and that any documentation,
# advertising materials, and other materials related to such
# distribution and use acknowledge that the software was developed
# by the University of Southern California. The name of the University 
# may not be used to endorse or promote products derived from this 
# software without specific prior written permission.
# THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
# IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
# WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
#

#
# $Log: collect,v $
# Revision 1.4  1991/12/04  16:42:25  jamin
# add date to output filename.
#
# Revision 1.3  1991/11/28  19:00:14  jamin
# replace non-portable shift x with shift's.
# replace non-portable at now+duration with sleep.
# Thanks to Jeff Mogul.
#
# Revision 1.2  1991/11/22  06:57:13  jamin
# saved collected output to a file named <hostname>
#
# version 1.0	d.j.mitzel 9/24/91
# use tcpdump to collect all tcp SYN, FIN, and RST packets.  output is
# written to the file 'collect.out'.  the collect is automatically
# stopped after executing for the specified time duration (default = 1440
# minutes = 24 hrs).
#

USAGE="Usage: collect [-d duration_min] [-i interface]
	[-p host1 host2] localnet_number"
 
#
# initialize local variables
#
DURATION='1440'
OPTIONS=''
LOCALNET=''
PING_FILTER=''
HOSTNAME=`/bin/hostname`-`date | awk '{ printf("%s-%d-%d", $2, $3, $NF) }'`

#
# parse command line options
#
while [ $# -gt 1 ] ; do
    case $1 in
	-d)	DURATION="$2"
		shift; shift 
		;;
        -i)     OPTIONS="$OPTIONS -i $2"
                shift; shift
                ;;
        -p)     PING_FILTER="or (udp dst port discard and (src host $2 and dst host $3))"
                shift; shift; shift
                ;;
        *)      break
                ;;
    esac
done

#
# make sure only one parameter remains
# assume this parameter to be the local network number
#
if [ $# -ne 1 ] ; then
    echo $1 $2 $3 $4 
    echo $USAGE 1>&2
    exit 1
else
    LOCALNET=$1
fi

#
# specify the tcpdump filter command and execute in the background
#
tcpdump -w $HOSTNAME $OPTIONS \(\(tcp\[13\] \& 7 \!\= 0\) and \(not \(src and dst net $LOCALNET\)\)\) $PING_FILTER > $HOSTNAME.log &

#
# schedule the collect process to be automatically killed after the
# specified collect duration
#
sleep `expr 60 \* $DURATION`
kill $!
