2

I'm trying to write a bash script in Ubuntu to install an app on an android emulator, send random commands to the app using 'monkey' and capture all the data with tcpdump. Code:

#!/bin/bash

#store all apks files in array
shopt -s nullglob
packageArray=(*.apk)


function getPackageName()
{
    myResult= aapt dump badging $1 | grep package | awk '{print $2}' | sed   s/name=//g | sed s/\'//g
}

#loop through array installing, testing and capturing data, and uninstalling
for i in "${packageArray[@]}";
do
    :
    myResult=$(getPackageName "$i")

echo "------------------INSTALLING-----------------"

sudo adb install $i
echo "*****************INSTALLED****************************"

echo "*****************TESTING****************************"

#-------THESE COMMANDS ARE THE TROUBLE-------

(sudo -i xterm -e "tcpdump src 10.0.2.11 -vvv >   /home/seed/Documents/autoTcpLogs/$myResult.pcap" &
sudo -i xterm -e "adb shell monkey -p $myResult -v 500")
echo "------------------DONE TESTING-----------------"

sudo adb uninstall $myResult
echo "*****************PACKAGE UNINSTALLED****************************"

done

The Problem: I need a good way for tcpdump to close once monkey has completed sending the 500 random commands. I've tried using the KILL command in a few different ways, but it doesn't seem to do the trick.

yalpsid eman
  • 3,064
  • 6
  • 45
  • 71
  • have you tried `killall -TERM tcpdump` ? – pah Aug 02 '16 at 20:31
  • Yeah, I've tried it after the monkey command. – yalpsid eman Aug 02 '16 at 20:40
  • See the answer. The PID of tcpdump is stored in a variable and used as `kill` argument. If it fails, update your question with the reason of the failure (save the kill command output somewhere and paste it here) – pah Aug 02 '16 at 20:41
  • Humm, nevermind, you're using `sudo` and the stored PID will be of `sudo`, not the `tcpdump` process. – pah Aug 02 '16 at 20:47
  • Definitely a good thought though, there might be some variation which will lead to success – yalpsid eman Aug 02 '16 at 20:50
  • yes, let me think a bit. I'll remove the answer for now and perform some testing. – pah Aug 02 '16 at 20:52
  • You could use `sudo blah &` and then `sudo kill $SUDO_PID` – Barmar Aug 02 '16 at 21:10
  • Will you have only one tcpdump running? Or there may be multiple tcpdumps running at any given time? – pah Aug 02 '16 at 21:10
  • @Barmar that will kill `sudo`, but not the `tcpdump` process. I also though that sudo would route the signal to the child process, but that, unfurtunatelly, doesn't occur. – pah Aug 02 '16 at 21:11
  • I think it should also kill all the children of sudo. I tried it with `sudo sleep 100 &` and it killed `sleep` as well. – Barmar Aug 02 '16 at 21:12
  • I will run tcpdump, run monkey (while tcpdump captures all the data being emitted from the emulator), and then close tcpdump. So only 1 at a time. – yalpsid eman Aug 02 '16 at 21:12
  • @Barmar yep, you're right. Also checked the manpage and clearly states that it relays some signals (including SIGTERM) to the child... but now the odd part is that my answer script should work regardless sudo being used or not... and that's not happening... I'm performing some debugs and will update it whenever I got a proper answer. – pah Aug 02 '16 at 21:23
  • As another solution, I just realized I could set tcpdump to only capture a specific amount of packets before exiting, which would ensure I get all the data I want w/o overlapping tcpdump files. Thanks for all the help! – yalpsid eman Aug 02 '16 at 21:59

1 Answers1

1

Consider the following example:

#!/bin/bash

sudo -- tcpdump > /dev/null &
SUDO_TCPDUMP_PID=$!
echo "Waiting 3 seconds"
sleep 3;
echo "3 seconds elapsed"
sudo -- setsid kill -TERM "${SUDO_TCPDUMP_PID}"

EDIT (read question comments): We need to use setsid to force the signal to be sent from a different session, otherwise sudo will not relay the signal (see sudo manpage).

The PID of sudo tcpdump ... (the sudo pid in this case) will be stored in the SUDO_TCPDUMP_PID variable, which will be used as kill argument:

$ ./tcp.sh
Waiting 3 seconds
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on wlp2s0, link-type EN10MB (Ethernet), capture size 262144 bytes
3 seconds elapsed
0 packets captured
2 packets received by filter
0 packets dropped by kernel
$
pah
  • 4,700
  • 6
  • 28
  • 37