Menu
Extensibility Solutions
  • Plug-Ins
  • Tools
  • Filters
  • Scripts
    • Developer Documentation
  • OmniEngine Plugin API
  • OmniPeek Plugin API
  • OmniScript Reference
  • Peek COM API Reference
  • Decoder Language Reference
  • ProtoSpecs XML Guidelines
  • Peek Reporting Framework
  • Automation Primer
  • Plug-in Primer
    • You must be a MyPeek member to download our extensibility solutions. Click here to learn more about the benefits of membership and find out how to sign up for free.
    You must have a valid maintenance contract to download this file.

    If you are not a LiveAction Maintenance Customer but would like to purchase a Maintenance contract for your LiveAction product please click here for sales information.

    Category : Scripts

    Submitted By : Savvius

    Downloaded : 147 Times

    Rating : Not Yet Rated

    View Comments (0)

    The OmniEngine Command Line (OCL) is an OmniScript based command line utility that manages captures on an OmniEngine that are configured to capture traffic for a specific IP Address.

    The OCL requires the OmniScript Library and the OmniPeek Console.

    Start Capture (-s):
    The utility names the Captures and corresponding filter with the IP Address specified in the Start monitor arguments. The utility first checks to see if the filter already exists. If not an new filter is created. Then it checks to see if the Capture already exists and will exit if it does. It creates a new capture with the name set to the IP Address and selects the corresponding filter. The Capture is created with the Start Capture flag set so that it immediately begins to capture packets.

    Stop Capture (-x):
    The utility will first checks to see if the Capture exists, and stops and deletes the Capture if it does. It then checks for the filter and deletes the filter if it exists. 

    MonitorIP - Monitor IP v1.0.0.0
Copyright (C) 2009 WildPackets, Inc.

MonitorIP
  -e        : The IP Address of the OmniEngine.
  [-p ]   : default is 6367
  [-t ]          : Authentication type either: 'Default' or 'Third Party'.
  [-d ]        : Domain of the credentials.
  [-n ]          : Account Name.
  [-w ]      : Account Password.
  [-s ]       : Start monitoring an IP Address. Requires -a
  [-a ]         : The adapter index. Use -la to list adapters.
  [-b ]          : Capture buffer size in megabytes. Default is 4MB.
  [-f ]          : Save To Disk filename template.
  [-r ]         : Restart - The number of hours to start a new file. Default is 24 hours
  [-m ]          : Save to Disk file size in megabytes. Default is Capture Buffer size or 64MB.
  [-x ]       : Stop monitoring an IP Address.
  [-la]                : List the adapters and quit.
  [-lc]                : List the captures and quit.
  [-lf]                : List the filters and quit.
  [-v ]         : Verboseness - 0: fewer messages to 3: more messages. Default is 0.
  [-?]                 : Display this message and quit.

    List the adapters on the OmniEngine at 192.168.1.100:
    MonitorIP -e 192.168.1.100 -la

    Create and start new Capture named "10.4.1.123" that will collect all the traffic from the specified IP Address:

    MonitorIP -e 192.168.1.100 -a 0 -s 10.4.1.123

    Stop and delete the Capture named "10.4.1.123":
    MonitorIP -3 192.168.1.100 -x 10.4.1.123

    Some neat tricks:

    If iplist.txt contains:
    10.4.1.123
    10.4.1.156
    10.4.1.201

    Then

    for /F %i in (iplist.txt) do monitorip.exe -e 192.168.1.222 -x %i

    will stop all three Captures.

    Notes:

    For the Start and Stop Capture options (-s and -x) the IP Address supplied becomes the name of the Capture and the Filter exactly as entered. This means that "001.002.003.004" does not match "1.2.3.4". But "-s 001.002.003.004" and "-s 1.2.3.4" will create two Captures and both will capture the traffic from the IP Address 1.2.3.4. And "-x 1.2.3.4" will not stop the Capture created by "001.002.003.004". Use the -lc option to view the list of Captures.

    The Display Help (-?), and List Adapters, Captures and Filter (-la, -lc, -lf) options take precedence, in that order, over the Start and Stop Capture options. You can take advantage of this if for instance a Stop Capture fails to find the Capture, from a Command Prompt: "C:>MonitorIP -e 9.8.7.6 -x 1.2.3.4" fails to find the capture. Press the up-arrow key to get: "C:>MonitorIP -e 9.8.7.6 -x 1.2.3.4", the cursor will be after the '4', add " -lc" and press enter to get the list of captures. The press the up-arrow key again, backspace to delete the "-lc" then use the arrow and backspace keys to enter the correct IP Address.

    You can use computer names to specify the Engine ID (-e localhost), but not for a Start or Stop Capture (-s or -x).

    Once a Capture has been created, you cannot modify the settings from the Monitor IP utility. One work around is to start a second capture on the same IP Address but with a leading zero in one of the class numbers. For instance if you need to change the settings of 1.2.3.4, start a new capture on 1.2.3.04 with the new settings and then stop (-x) the 1.2.3.4 capture. You will end up with some duplicate packets, but you will not lose any.

    The last Capture Template and Filter are saved in the current directory: temp_captmp.xml and temp_filters.xml.

    History

    Version 1.4.0.0
    - Updated for latest OmniScript Version 1.2.0.0
    - First release to MyPeek

    Comments

    There are no comments for this solutions