From 974a6916491203007755d47a4f65515da285c3be Mon Sep 17 00:00:00 2001 From: petbau Date: Tue, 7 Sep 2021 08:36:25 +0000 Subject: [PATCH 01/14] feat(mwg): Add new file mwg.py Updating lists in MWG via this script --- mwg/mwg.py | 92 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 92 insertions(+) create mode 100644 mwg/mwg.py diff --git a/mwg/mwg.py b/mwg/mwg.py new file mode 100644 index 0000000..1c14cee --- /dev/null +++ b/mwg/mwg.py @@ -0,0 +1,92 @@ +#!/usr/bin/env python +# 20210907 petbau / https://github.com/mohlcyber/McAfee-Web-Gateway-List-Update + +import sys +import requests +import json +import xml.etree.ElementTree as xml + +MWG_URL = 'http://1.1.1.1' #url of the web gateway +MWG_PORT = '4711' #port of the web gateway +MWG_USER = 'admin' #username +MWG_PWD = 'password' #password +VERIFY = False #https verification + +def login(headers): + auth = {'userName': MWG_USER, + 'pass': MWG_PWD} + + res = requests.post(MWG_URL + ':' + MWG_PORT + '/Konfigurator/REST/login', headers=headers, params=auth, verify=VERIFY) + + if res.status_code == 200: + print('Successfull logged in') + else: + print('Something went wrong') + sys.exit(1) + + return res.cookies['JSESSIONID'] + +def get_list_id(headers, cookies, list): + params = {'name': list} + res = requests.get(MWG_URL + ':' + MWG_PORT + '/Konfigurator/REST/list', headers=headers, cookies=cookies, params=params, verify=VERIFY) + res_parse = xml.fromstring(res.content).find('entry/id') + + if res.status_code == 200: + print('The ID for the list {0} is: {1}'.format(list, res_parse.text)) + else: + print('Something went wrong') + sys.exit(1) + + return res_parse.text + +def insert_list(headers, cookies, list, list_id, value): + data = ''' + + + + {} + + + + + ''' + data = data.format(value) + + res = requests.post(MWG_URL + ':' + MWG_PORT + '/Konfigurator/REST/list/' + list_id + '/entry/0/insert', \ + headers=headers, cookies=cookies, data=data, verify=VERIFY) + + if res.status_code == 200: + print('Successfull added the IP/Domain {0} to the list {1}'.format(value, list)) + else: + print(res.content, 'Something Went Wrong') + return res + +def commit(headers, cookies): + res = requests.post(MWG_URL + ':' + MWG_PORT + '/Konfigurator/REST/commit', headers=headers, cookies=cookies, verify=VERIFY) + return res.content + +def logout(headers, cookies): + res = requests.post(MWG_URL + ':' + MWG_PORT + '/Konfigurator/REST/logout', headers=headers, cookies=cookies, verify=VERIFY) + + if res.status_code == 200: + print('Successfull Logged Out') + else: + print('Something Went Wrong') + return res + +if __name__ == "__main__": + + list = 'Global Block: Sites' #list to edit + value = sys.argv[1] + + headers = {'Content-Type': 'application/xml'} + + cookie = login(headers) + cookies = {'JSESSIONID': cookie} + + list_id = get_list_id(headers, cookies, list) + + insert = insert_list(headers, cookies, list, list_id, value) + commit = commit(headers, cookies) + + logout = logout(headers, cookies) From e0b64cca81756635c143eaa3417601d86a26b27d Mon Sep 17 00:00:00 2001 From: petbau Date: Mon, 25 Mar 2024 13:01:00 +0100 Subject: [PATCH 02/14] added postgresql scripts --- postgresql/pg_change_db_owner.sh | 98 +++++++++++++++++++++++++++++++ postgresql/pg_grant_read_to_db.sh | 75 +++++++++++++++++++++++ 2 files changed, 173 insertions(+) create mode 100644 postgresql/pg_change_db_owner.sh create mode 100644 postgresql/pg_grant_read_to_db.sh diff --git a/postgresql/pg_change_db_owner.sh b/postgresql/pg_change_db_owner.sh new file mode 100644 index 0000000..1814b72 --- /dev/null +++ b/postgresql/pg_change_db_owner.sh @@ -0,0 +1,98 @@ +#!/bin/sh +# +# The MIT License +# +# Copyright 2014-2017 Jakub Jirutka . +# +# Permission is hereby granted, free of charge, to any person obtaining a copy +# of this software and associated documentation files (the "Software"), to deal +# in the Software without restriction, including without limitation the rights +# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +# copies of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be included in +# all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +# THE SOFTWARE. + +# Credit: Based on http://stackoverflow.com/a/2686185/305019 by Alex Soto + + +usage() { + cat <<- EOF + usage: $0 options + + This script changes ownership for all tables, views, sequences and functions in + a database schema and also owner of the schema itself. + + Note: If you want to change the ownership of all objects, in the specified database, + owned by a database role, then you can simply use command "REASSIGN OWNED". + + OPTIONS: + -h Show this message + -d Database name + -o New owner name + -s Schema (defaults to public) + EOF +} + +pgexec() { + local cmd=$1 + psql --no-psqlrc --no-align --tuples-only --record-separator=\0 --quiet \ + --command="$cmd" "$DB_NAME" +} + +pgexec_echo() { + local cmd=$1 + psql --no-psqlrc --no-align --tuples-only --record-separator=\0 --quiet \ + --echo-queries --command="$cmd" "$DB_NAME" +} + + +DB_NAME='' +NEW_OWNER='' +SCHEMA='public' +while getopts 'hd:o:s:' OPTION; do + case $OPTION in + h) usage; exit 1;; + d) DB_NAME=$OPTARG;; + o) NEW_OWNER=$OPTARG;; + s) SCHEMA=$OPTARG;; + esac +done + +if [ -z "$DB_NAME" ] || [ -z "$NEW_OWNER" ]; then + usage + exit 1 +fi + +# Using the NULL byte as the separator as its the only character disallowed from PG table names. +IFS=\0 + +# Change owner of schema itself. +pgexec_echo "ALTER SCHEMA \"$SCHEMA\" OWNER TO \"$NEW_OWNER\";" + +# Change owner of tables and views. +for tbl in $(pgexec "SELECT table_name FROM information_schema.tables WHERE table_schema = '$SCHEMA';") \ + $(pgexec "SELECT table_name FROM information_schema.views WHERE table_schema = '$SCHEMA';"); do + pgexec_echo "ALTER TABLE \"$SCHEMA\".\"$tbl\" OWNER TO $NEW_OWNER;" +done + +# Change owner of sequences. +for seq in $(pgexec "SELECT sequence_name FROM information_schema.sequences WHERE sequence_schema = '$SCHEMA';"); do + pgexec_echo "ALTER SEQUENCE \"$SCHEMA\".\"$seq\" OWNER TO $NEW_OWNER;" +done + +# Change owner of functions and procedures. +for func in $(pgexec "SELECT quote_ident(p.proname) || '(' || pg_catalog.pg_get_function_identity_arguments(p.oid) || ')' \ + FROM pg_catalog.pg_proc p JOIN pg_catalog.pg_namespace n ON n.oid = p.pronamespace \ + WHERE n.nspname = '$SCHEMA';"); do + pgexec_echo "ALTER FUNCTION \"$SCHEMA\".$func OWNER TO $NEW_OWNER;" +done \ No newline at end of file diff --git a/postgresql/pg_grant_read_to_db.sh b/postgresql/pg_grant_read_to_db.sh new file mode 100644 index 0000000..171f162 --- /dev/null +++ b/postgresql/pg_grant_read_to_db.sh @@ -0,0 +1,75 @@ +#!/bin/sh +# +# The MIT License +# +# Copyright 2014-2017 Jakub Jirutka . +# +# Permission is hereby granted, free of charge, to any person obtaining a copy +# of this software and associated documentation files (the "Software"), to deal +# in the Software without restriction, including without limitation the rights +# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +# copies of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be included in +# all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +# THE SOFTWARE. + + +usage() { + cat <<- EOF + usage: $0 options + + This script grants read-only privileges to a specified role on all tables, views + and sequences in a database schema and sets them as default. + + OPTIONS: + -h Show this message + -d Database name + -u Role name + -s Schema (defaults to public) + EOF +} + +pgexec() { + local cmd=$1 + psql --no-psqlrc --no-align --tuples-only --record-separator=\0 --quiet \ + --echo-queries --command="$cmd" "$DB_NAME" +} + + +DB_NAME='' +ROLE='' +SCHEMA='public' +while getopts 'hd:u:s:' OPTION; do + case $OPTION in + h) usage; exit 1;; + d) DB_NAME=$OPTARG;; + u) ROLE=$OPTARG;; + s) SCHEMA=$OPTARG;; + esac +done + +if [ -z "$DB_NAME" ] || [ -z "$ROLE" ]; then + usage + exit 1 +fi + +pgexec "GRANT CONNECT ON DATABASE $DB_NAME TO $ROLE; +GRANT USAGE ON SCHEMA $SCHEMA TO $ROLE; +GRANT SELECT ON ALL TABLES IN SCHEMA $SCHEMA TO $ROLE; +GRANT SELECT ON ALL SEQUENCES IN SCHEMA $SCHEMA TO $ROLE; +ALTER DEFAULT PRIVILEGES IN SCHEMA $SCHEMA GRANT SELECT ON TABLES TO $ROLE; +ALTER DEFAULT PRIVILEGES IN SCHEMA $SCHEMA GRANT SELECT ON SEQUENCES TO $ROLE;" + +# Uncomment to also grant privileges on all functions/procedures in the schema. +# It's usually NOT what you want - functions can modify data! +#pgexec "GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA $SCHEMA TO $ROLE; +#ALTER DEFAULT PRIVILEGES IN SCHEMA $SCHEMA GRANT EXECUTE ON FUNCTIONS TO $ROLE;" \ No newline at end of file From d52ee646a7f4b0ad2d171903724948b55491b3c1 Mon Sep 17 00:00:00 2001 From: petbau Date: Tue, 25 Feb 2025 11:24:15 +0100 Subject: [PATCH 03/14] Schedule tcpdump at a specific time --- tcpdump-schedule/.gitkeep | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 tcpdump-schedule/.gitkeep diff --git a/tcpdump-schedule/.gitkeep b/tcpdump-schedule/.gitkeep new file mode 100644 index 0000000..e69de29 From 69df03bc836ca04f78e348a1fcd7176576fec9a9 Mon Sep 17 00:00:00 2001 From: petbau Date: Tue, 25 Feb 2025 11:26:05 +0100 Subject: [PATCH 04/14] Add new file tcpdump_getdata.sh --- tcpdump-schedule/tcpdump_getdata.sh | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 tcpdump-schedule/tcpdump_getdata.sh diff --git a/tcpdump-schedule/tcpdump_getdata.sh b/tcpdump-schedule/tcpdump_getdata.sh new file mode 100644 index 0000000..1ba2473 --- /dev/null +++ b/tcpdump-schedule/tcpdump_getdata.sh @@ -0,0 +1,7 @@ +DATE=$(date '+%Y-%m-%d_%H%M%S') +INTERFACE=eth0 +PATH=/var/tmp/ +FILENAME=tcpdump_$DATE.pcap + +#Execute tcpdump command +/usr/sbin/tcpdump -i $INTERFACE -s0 -w "$PATH/$FILENAME" \ No newline at end of file From 7c330ca4afacf1024fc18098c3930af00ecc3a2e Mon Sep 17 00:00:00 2001 From: petbau Date: Tue, 25 Feb 2025 11:29:47 +0100 Subject: [PATCH 05/14] Add new file tcpdump_stop.sh --- tcpdump-schedule/tcpdump_stop.sh | 1 + 1 file changed, 1 insertion(+) create mode 100644 tcpdump-schedule/tcpdump_stop.sh diff --git a/tcpdump-schedule/tcpdump_stop.sh b/tcpdump-schedule/tcpdump_stop.sh new file mode 100644 index 0000000..3e563ca --- /dev/null +++ b/tcpdump-schedule/tcpdump_stop.sh @@ -0,0 +1 @@ +/usr/bin/killall -9 tcpdump \ No newline at end of file From 6eb0f1a93ac31a6426827f7fc7e55e43dca5a70d Mon Sep 17 00:00:00 2001 From: petbau Date: Tue, 25 Feb 2025 11:31:23 +0100 Subject: [PATCH 06/14] Add new Ansible Playbook tcpdump.yaml --- tcpdump-schedule/tcpdump.yaml | 41 +++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) create mode 100644 tcpdump-schedule/tcpdump.yaml diff --git a/tcpdump-schedule/tcpdump.yaml b/tcpdump-schedule/tcpdump.yaml new file mode 100644 index 0000000..648e918 --- /dev/null +++ b/tcpdump-schedule/tcpdump.yaml @@ -0,0 +1,41 @@ +# Ansible Playbook +- hosts: all + + vars: + cap_file: packet_capture_{{ ansible_hostname }}_{{ ansible_date_time['epoch'] }}.pcap + + + vars_prompt: + - name: dur_in_sec + prompt: Please specify the runtime duration in sec + private: no + + - name: interface + prompt: Please specify the interface (e.g. eth0) + private: no + + - name: dest_folder + prompt: Please specify the destination folder (location on remote server e.g. /var/tmp/) + private: no + + - name: filter + prompt: Please specify the tcpdump filter (e.g. host 10.10.10.10). For no filter just press enter + default: "" + private: no + + + tasks: + - name: start tcpdump + command: sudo /usr/sbin/tcpdump -G {{ dur_in_sec }} -W 1 -i {{ interface }} -s 0 -w {{ dest_folder}}/{{ cap_file }} {{ filter }} + + - name: compress capture file + command: sudo gzip {{cap_file}} chdir={{ dest_folder}}/ + + - name: Change file permission + command: sudo chmod 755 {{ dest_folder}}/{{cap_file}}.gz + + - name: copy logs to /export/tmp/ansible/ + fetch: src={{ dest_folder}}/{{cap_file}}.gz dest=/export/tmp/ansible/ flat=yes + + - name: remove files from remote server + command: sudo rm -r {{ dest_folder}}/{{cap_file}}.gz \ No newline at end of file From 3d907a17e75e1a28c4f633d6f0ae1f485190c2ae Mon Sep 17 00:00:00 2001 From: petbau Date: Tue, 25 Feb 2025 11:32:47 +0100 Subject: [PATCH 07/14] Add new file README.md --- tcpdump-schedule/README.md | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 tcpdump-schedule/README.md diff --git a/tcpdump-schedule/README.md b/tcpdump-schedule/README.md new file mode 100644 index 0000000..94dd87f --- /dev/null +++ b/tcpdump-schedule/README.md @@ -0,0 +1,5 @@ +tcpdump scripts + +tcpdump_getdata.sh: Capture network traffic, stop with Ctrl-C +tcpdump_stop.sh: Stop the tcpdump command (e.g. when using crontab) +tcpdump.yml: Ansible Playbook which takes a tcpdump on the remote side(s) and copy it automatically to your server \ No newline at end of file From bb8b3aaf2e99306af833451c5b31e7fa8b1acbdf Mon Sep 17 00:00:00 2001 From: petbau Date: Tue, 25 Feb 2025 11:33:34 +0100 Subject: [PATCH 08/14] Edit README.md --- tcpdump-schedule/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tcpdump-schedule/README.md b/tcpdump-schedule/README.md index 94dd87f..085c7e0 100644 --- a/tcpdump-schedule/README.md +++ b/tcpdump-schedule/README.md @@ -1,4 +1,4 @@ -tcpdump scripts +# tcpdump scripts tcpdump_getdata.sh: Capture network traffic, stop with Ctrl-C tcpdump_stop.sh: Stop the tcpdump command (e.g. when using crontab) From 945956efe424898223126bddfd485e776c8c5817 Mon Sep 17 00:00:00 2001 From: petbau Date: Tue, 25 Feb 2025 11:33:52 +0100 Subject: [PATCH 09/14] Edit README.md --- tcpdump-schedule/README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tcpdump-schedule/README.md b/tcpdump-schedule/README.md index 085c7e0..e6a9649 100644 --- a/tcpdump-schedule/README.md +++ b/tcpdump-schedule/README.md @@ -1,5 +1,7 @@ # tcpdump scripts tcpdump_getdata.sh: Capture network traffic, stop with Ctrl-C + tcpdump_stop.sh: Stop the tcpdump command (e.g. when using crontab) + tcpdump.yml: Ansible Playbook which takes a tcpdump on the remote side(s) and copy it automatically to your server \ No newline at end of file From e5d5ae0566d95207ffa3c5180a9b5f3308662898 Mon Sep 17 00:00:00 2001 From: petbau Date: Tue, 25 Feb 2025 11:34:46 +0100 Subject: [PATCH 10/14] Edit README.md --- tcpdump-schedule/README.md | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/tcpdump-schedule/README.md b/tcpdump-schedule/README.md index e6a9649..d70c301 100644 --- a/tcpdump-schedule/README.md +++ b/tcpdump-schedule/README.md @@ -1,7 +1,12 @@ # tcpdump scripts -tcpdump_getdata.sh: Capture network traffic, stop with Ctrl-C +- tcpdump_getdata.sh: Capture network traffic, stop with Ctrl-C +- tcpdump_stop.sh: Stop the tcpdump command (e.g. when using crontab) +- tcpdump.yml: Ansible Playbook which takes a tcpdump on the remote side(s) and copy it automatically to your server -tcpdump_stop.sh: Stop the tcpdump command (e.g. when using crontab) +# crontab -tcpdump.yml: Ansible Playbook which takes a tcpdump on the remote side(s) and copy it automatically to your server \ No newline at end of file +This is the crontab for an example tcpdump which starts at 02:00am and stops at 02:05am. + +0 2 * * * bash /tmp/tcpdump_getdata.sh +5 2 * * * bash /tmp/tcpdump_stop.sh \ No newline at end of file From a9f2a8537052dc844f1ed4cccbd689ed27732ee5 Mon Sep 17 00:00:00 2001 From: petbau Date: Tue, 25 Feb 2025 11:35:03 +0100 Subject: [PATCH 11/14] Edit README.md --- tcpdump-schedule/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tcpdump-schedule/README.md b/tcpdump-schedule/README.md index d70c301..3d82c9b 100644 --- a/tcpdump-schedule/README.md +++ b/tcpdump-schedule/README.md @@ -8,5 +8,5 @@ This is the crontab for an example tcpdump which starts at 02:00am and stops at 02:05am. -0 2 * * * bash /tmp/tcpdump_getdata.sh -5 2 * * * bash /tmp/tcpdump_stop.sh \ No newline at end of file +- 0 2 * * * bash /tmp/tcpdump_getdata.sh +- 5 2 * * * bash /tmp/tcpdump_stop.sh \ No newline at end of file From 9dac42b3b4ce02f2e835e8373b27a78e3a5f8011 Mon Sep 17 00:00:00 2001 From: petbau Date: Tue, 25 Feb 2025 11:35:53 +0100 Subject: [PATCH 12/14] Edit README.md --- tcpdump-schedule/README.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/tcpdump-schedule/README.md b/tcpdump-schedule/README.md index 3d82c9b..62ea34b 100644 --- a/tcpdump-schedule/README.md +++ b/tcpdump-schedule/README.md @@ -8,5 +8,7 @@ This is the crontab for an example tcpdump which starts at 02:00am and stops at 02:05am. -- 0 2 * * * bash /tmp/tcpdump_getdata.sh -- 5 2 * * * bash /tmp/tcpdump_stop.sh \ No newline at end of file +``` +0 2 * * * bash /tmp/tcpdump_getdata.sh +5 2 * * * bash /tmp/tcpdump_stop.sh +``` \ No newline at end of file From e487d561472f02eed389a17da98a21c75a32b0f6 Mon Sep 17 00:00:00 2001 From: petbau Date: Tue, 25 Feb 2025 11:50:09 +0100 Subject: [PATCH 13/14] Edit tcpdump_getdata.sh --- tcpdump-schedule/tcpdump_getdata.sh | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/tcpdump-schedule/tcpdump_getdata.sh b/tcpdump-schedule/tcpdump_getdata.sh index 1ba2473..aa6bdeb 100644 --- a/tcpdump-schedule/tcpdump_getdata.sh +++ b/tcpdump-schedule/tcpdump_getdata.sh @@ -3,5 +3,7 @@ INTERFACE=eth0 PATH=/var/tmp/ FILENAME=tcpdump_$DATE.pcap -#Execute tcpdump command -/usr/sbin/tcpdump -i $INTERFACE -s0 -w "$PATH/$FILENAME" \ No newline at end of file +# Execute tcpdump command +# -W 5 = Limit 5 files +# -G 60 = Rotate every 60 seconds +/usr/sbin/tcpdump -i $INTERFACE -s0 -w "$PATH/$FILENAME" -W 5 -G 60 \ No newline at end of file From 9df96183f810eb424262960e5f634d18b2acf08c Mon Sep 17 00:00:00 2001 From: petbau Date: Tue, 25 Feb 2025 12:04:07 +0100 Subject: [PATCH 14/14] Edit tcpdump_getdata.sh --- tcpdump-schedule/tcpdump_getdata.sh | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/tcpdump-schedule/tcpdump_getdata.sh b/tcpdump-schedule/tcpdump_getdata.sh index aa6bdeb..9869945 100644 --- a/tcpdump-schedule/tcpdump_getdata.sh +++ b/tcpdump-schedule/tcpdump_getdata.sh @@ -1,9 +1,8 @@ -DATE=$(date '+%Y-%m-%d_%H%M%S') -INTERFACE=eth0 -PATH=/var/tmp/ -FILENAME=tcpdump_$DATE.pcap +INTERFACE=0.0 +PATH=/shared/tmp/pba +FILENAME=tcpdump-%Y-%m-%d_%H%M%S.pcap # Execute tcpdump command # -W 5 = Limit 5 files # -G 60 = Rotate every 60 seconds -/usr/sbin/tcpdump -i $INTERFACE -s0 -w "$PATH/$FILENAME" -W 5 -G 60 \ No newline at end of file +/usr/sbin/tcpdump -K -W 5 -G 60 -nni $INTERFACE -s0 -w "$PATH/$FILENAME" \ No newline at end of file