#!/usr/bin/env bash # Attributes TLS SNI values to language_server_windows_x64 remote IPs. # Linux/Bash equivalent of attribute-ls-sni.ps1. set -euo pipefail PCAP_PATH="" CONNECTIONS_CSV_PATH="" OUT_BASE="output/parity/official/ls_sni_attribution" TOP=50 RESOLVE_PTR=false show_usage() { cat <<'EOF' Usage: ./scripts/attribute-ls-sni.sh --pcap-path --connections-csv-path [options] Options: --pcap-path Required. Path to .pcapng file. --connections-csv-path Required. Path to connections CSV. --out-base Default: output/parity/official/ls_sni_attribution --top Default: 50 --resolve-ptr Resolve PTR for top IPs (requires network) EOF } while [[ $# -gt 0 ]]; do case "$1" in --pcap-path) PCAP_PATH="$2"; shift 2 ;; --connections-csv-path) CONNECTIONS_CSV_PATH="$2"; shift 2 ;; --out-base) OUT_BASE="$2"; shift 2 ;; --top) TOP="$2"; shift 2 ;; --resolve-ptr) RESOLVE_PTR=true; shift ;; *) echo "Error: unknown argument: $1" >&2; show_usage; exit 2 ;; esac done [[ -n "$PCAP_PATH" ]] || { echo "Error: --pcap-path is required." >&2; exit 1; } [[ -n "$CONNECTIONS_CSV_PATH" ]] || { echo "Error: --connections-csv-path is required." >&2; exit 1; } command -v tshark >/dev/null 2>&1 || { echo "Error: tshark is required. Please install wireshark-cli/tshark." >&2; exit 1; } command -v python3 >/dev/null 2>&1 || { echo "Error: python3 is required." >&2; exit 1; } OUT_DIR=$(dirname "$OUT_BASE") mkdir -p "$OUT_DIR" echo "PCAP: $PCAP_PATH" echo "CSV: $CONNECTIONS_CSV_PATH" # Run tshark to extract TLS SNI data TSHARK_OUT=$(mktemp) trap 'rm -f "$TSHARK_OUT"' EXIT echo "Running tshark extraction ..." tshark -r "$PCAP_PATH" -Y "tls.handshake.extensions_server_name" -T fields -E "separator=," -e frame.time_epoch -e ip.src -e ip.dst -e tls.handshake.extensions_server_name > "$TSHARK_OUT" 2>/dev/null echo "Processing data with Python ..." python3 - <