#!/bin/bash

# A wrapper for ngrep (http://ngrep.sourceforge.net/)
# It did the job I needed it to do.
# Some packets from within the article body may also match
# the regular expression.

# Basic usage:
# ./watchfeed.sh -d out -i eth0 -h news2.arglkargh.de

# NB: to watch all *incoming* feeds, use:
# ./watchfeed.sh -d out -i eth0 -h <localaddress>

while getopts "d:h:p:i:s:x:f:q" option; do
        case "${option}" in
				"d")	dir=$OPTARG;;
				"i")	if="$OPTARG";;
				"q")	quiet="-q";;
				"h")	peer="$OPTARG";;
				"p")	port="$OPTARG";;
				"s")	snaplen="$OPTARG";;
				"x")	regex="$OPTARG";;
				"f")	filter="$OPTARG";;
        esac
done

[ "$peer" == "" ] && {
	cat <<-_EOF_
		Usage: watchfeed -h <hostname> [-p <port>]
		  [-q ] [-d <in/out>] [-i <interface>]
		  [-s <snaplen>] [-x <regex>] [-f <packet match>]

		Basic usage:
		 ./watchfeed.sh -d out -i eth0 -h news2.arglkargh.de

		NB: to watch all *incoming* feeds, use:
		 ./watchfeed.sh -d out -i eth0 -h <localaddress>

	_EOF_

	exit 1;
};

if [ "$dir" == "in" ]; then
	dir1=src
	dir2=dst
else
	dir1=dst
	dir2=src
fi

[ "$if" == "" ] && if=eth0
[ "$port" == "" ] && port=119
[ "$snaplen" == "" ] && snaplen=512
[ "$regex" == "" ] && regex="(^|\r\n)(takethis|ihave|check|mode (reader|stream)|[0-9]{3})(\s.+)?\r\n"
[ "$filter" == "" ] && filter="($dir1 host $peer and dst port $port) or ($dir2 host $peer and src port $port)"

echo ngrep $quiet -s $snaplen -P \"\" -W byline -d $if -i "\"$regex\"" "\"$filter\""
ngrep $quiet -s $snaplen -P "" -W byline -d $if -i "$regex" "${filter}"