Did a class with Laura Chappell a couple weeks ago, I put up a few notes over at.
https://packetpushers.net/wireshark-notes/
Good man!
BTW.. I want to set up some Ansible Playbooks for using wireshark. The idea I have is that you would query and set specific router IP's and interfaces to capture upon and start and stop captures simultaneously from one playbook / place. It can be annoying to stop, clear, restart captures in multiple places :)
That shouldn't be to hard with Ansible, but my Ansible skills suck.
My guess is you would need something like this (only with more variables for ACL lines and such)
# are comments
commands are taken from
https://www.cisco.com/c/en/us/support/docs/ios-nx-os-software/ios-embedded-packet-capture/116045-productconfig-epc-00.html
- name: START_CAPTURE
ios_config:
#Credentals
provider: "{{ provider }}"
authorize: yes
lines:
- monitor capture buffer BUF size 2048 max-size 1518 linear
- ip access-list extended BUF-FILTER
- permit ip host 192.168.1.1 host 172.16.1.1
- permit ip host 172.16.1.1 host 192.168.1.1
- monitor capture buffer BUF filter access-list BUF-FILTER
- monitor capture point ip cef POINT {{ interface}} both
- monitor capture point associate POINT BUF
- monitor capture point start POINT
- name: STOP_CAPTURE
ios_config:
#Credentals
provider: "{{ provider }}"
authorize: yes
lines:
- monitor capture point stop POINT
- show monitor capture buffer BUF dump
- monitor capture buffer BUF export tftp://{{tftp_server}}/{{cap_name}}.pcap
- no monitor capture point ip cef POINT {{ interface}} both
- no monitor capture buffer BUF
Here are the notes I have, they were more for me than for other people so beware of that.
STANDARD VARIABLES
{{ inventory_hostname}}
The refrence from the host file
Most files you need to mess with are in
/etc/ansible
Hosts are in "hosts"
a group is in [group-name]
Can be referenced by group name, IP, or FQDN (I think)
Account management
Creating Encrypted Files
To create a new encrypted data file, run the following command:
ansible-vault create dhimes.yml
Edit it
ansible-vault edit dhimes.yml
Run playbook with this
ansible-playbook site.yml --ask-vault-pass
Variables follow the Jinja2 format
• Define a variable: {{ butt }}
• When refrencing a variable in a yaml file use Quotes (" ")
• "Facts" a variable you discovered before execution (With Gather_Facts?)
○ Can be legnthy
• http://docs.ansible.com/ansible/playbooks_variables
# = Comment
A lot of these will be from http://jedelman.com/home/ansible-for-networking/
Sample Playbook
---
- hosts: desktop_test
#When Ansible connects to a device, it can gather some facts about the device automatically.
gather_facts: no
#Local means all work is done from the server, not on the client. Pretty much everything we do with network stuff will be "local".
connection: local
#pre_tasks aren't required, but can be used for a way to execute tasks before roles are applied
tasks:
#Will be displayed when the playbook is run
- name: OBTAIN LOGIN CREDENTIALS
include_vars: secrets.yaml
- name: DEFINE PROVIDER
set_fact:
provider:
host: "{{ inventory_hostname }}"
username: "{{ creds['username'] }}"
password: "{{ creds['password'] }}"
auth_pass: "{{ creds['auth_pass'] }}"
- name: SET ACL
ios_config:
provider: "{{ provider }}"
authorize: yes
lines:
- int fa0/0
- no ip access-group bob in
- no ip access-group bob out
- no ip access-list extended bob
Sample Hosts file named "hosts"
[AD_login_test]
10.250.8.75
10.250.8.76
[desktop_test]
10.27.20.184
Sample Accounts named "secrets.yaml"
---
creds:
username: Admin
password: cisco123
auth_pass:cisco123
______________________________________________
RUN COMMANDS AND STORE THEIR INFO IN A VARIABLE
- name: Pull_RUNNING_CONFIG
ios_command:
provider: "{{ provider }}"
authorize: yes
#Commands to run
commands : show run
#Set the output to the variable "running"
register : running
- name: Show_Run
debug:
#Print the variable
var: running.stdout
---------------------------------------------------------------------------------------
COPY VARIABLE TO A FILE
- name: put_into_file
copy:
content: "{{ running }}"
dest: ./{{ inventory_hostname }}.txt
~
Wow man thanks for that! I'll give it a go