Virani
Installation & Setup
Install various Perl requiremnets. This can be taken care of with command below.
cpanm Virani
Configure it.
For example on FreeBSD if you have daemonlogger set up something like below.
daemonlogger_enable="YES"
daemonlogger_flags="-f /usr/local/etc/daemonlogger.bpf -d -l /var/log/daemonlogger -t 120"
Then a basic config would be like below.
default_set='default'
allowed_subnets=["192.168.14.0/23", "127.0.0.1/8"]
[sets.default]
path='/var/log/daemonlogger'
regex='(?<timestamp>\d\d\d\d\d\d+)(\.pcap|(?<subsec>\.\d+)\.pcap)$'
strptime='%s'
For more information on the config file, see the POD for Virani.
Usage
A example grabbing port 53 traffic below can be done like the following.
virani -s 2023-02-27T11:00:18 -e 2023-02-27T11:31:18 -f 'port 53'
The help info for virani is as below. For more info check out the POD for the module Virani and the script Virani.
--help Print this.
-h Print this.
--version Print version.
-v Print version..
-r <remote> Remote URL or config file for remote info.
-a <apikey> API key for remote URL if needed.
-f <filter> Filter for use with tshark or tcpdump.
-t <type> tcpdump or tshark
Default :: tcpdump
-t <set> Set to use. If undef, uses whatever the default is.
Default :: undef
--config <config> Config file to use.
Default :: /usr/local/etc/virani.toml
-s <timestamp> Start timestamp. Any format supported by
Time::Piece::Guess is usable.
-e <timestamp> End timestamp. Any format supported by
Time::Piece::Guess is usable.
-w <output> The file to write the PCAP to.
Default :: out.pcap
--nc If cached, do not use it.
-k Do not check the SSL cert for HTTPS for remote.
LICENSE AND COPYRIGHT
This software is Copyright (c) 2023 by Zane C. Bowers-Hadley.
This is free software, licensed under:
The GNU Lesser General Public License, Version 2.1, February 1999