4 # Copyright © 2015-2019 Apple Inc.
8 # Collect network information.
11 PATH
=/bin
:/usr
/bin
:/sbin
:/usr
/sbin
13 # __SETUP_ROUTINES_BEGIN__
21 COLLECT_CONFIGURATION_FILES
="Y"
33 COLLECT_SENSITIVE_INFO
="Y"
40 REQUESTED_OUTDIR
="${i}"
51 if [ ${EUID} -ne 0 ]; then
64 cd "${REQUESTED_OUTDIR}"
68 # __SETUP_ROUTINES_END__
71 # __COMMAND_ROUTINES_BEGIN__
74 # mDNSResponder state dump
75 # /usr/bin/dns-sd -O -stdout will print the state of mDNSResponder to STDOUT
77 collect_state_dump_sensitive
() {
79 echo "`date +"%Y
-%m
-%d
%H
:%M
:%S
"`: collect_state_dump_sensitive" >> get
-network-info.txt
80 ${PRIV} /usr
/bin
/dns
-sd -O -stdout > mDNSResponder_state_dump.txt
2>&1
85 # network interface configuration
89 if [ ! -x /sbin
/ifconfig
]; then
93 echo "`date +"%Y
-%m
-%d
%H
:%M
:%S
"`: run_ifconfig" >> get
-network-info.txt
94 /sbin
/ifconfig
-a -L -b -m -r -v -v > ifconfig.txt
2>&1
96 /sbin
/ifconfig
-a > ifconfig.txt
2>&1
102 # network route configuration and statistics
106 if [ ! -x /usr
/sbin
/netstat
]; then
110 echo "`date +"%Y
-%m
-%d
%H
:%M
:%S
"`: run_netstat" >> get
-network-info.txt
111 echo "#" > netstat.txt
112 echo "# netstat -n -r -a -l" >> netstat.txt
113 echo "#" >> netstat.txt
114 /usr
/sbin
/netstat
-n -r -a -l >> netstat.txt
2>&1
116 echo "#" >> netstat.txt
117 echo "# netstat -A -a -l -n -v -W" >> netstat.txt
118 echo "#" >> netstat.txt
119 /usr
/sbin
/netstat
-A -a -l -n -v -W >> netstat.txt
2>&1
121 echo "#" >> netstat.txt
122 echo "# netstat -s" >> netstat.txt
123 echo "#" >> netstat.txt
124 /usr
/sbin
/netstat
-s >> netstat.txt
2>&1
126 echo "#" >> netstat.txt
127 echo "# netstat -rs" >> netstat.txt
128 echo "#" >> netstat.txt
129 /usr
/sbin
/netstat
-rs >> netstat.txt
2>&1
131 echo "#" >> netstat.txt
132 echo "# netstat -mmm" >> netstat.txt
133 echo "#" >> netstat.txt
134 /usr
/sbin
/netstat
-mmm >> netstat.txt
2>&1
136 echo "#" >> netstat.txt
137 echo "# netstat -i -n -d" >> netstat.txt
138 echo "#" >> netstat.txt
139 /usr
/sbin
/netstat
-i -n -d >> netstat.txt
2>&1
141 echo "#" >> netstat.txt
142 echo "# netstat -i -x R" >> netstat.txt
143 echo "#" >> netstat.txt
144 /usr
/sbin
/netstat
-i -x R
>> netstat.txt
2>&1
146 echo "#" >> netstat.txt
147 echo "# netstat -a -n -p mptcp" >> netstat.txt
148 echo "#" >> netstat.txt
149 /usr
/sbin
/netstat
-anp mptcp
>> netstat.txt
2>&1
151 echo "#" >> netstat.txt
152 echo "# netstat -s -p mptcp" >> netstat.txt
153 echo "#" >> netstat.txt
154 /usr
/sbin
/netstat
-s -p mptcp
>> netstat.txt
2>&1
156 echo "#" >> netstat.txt
157 echo "# netstat -g -n -s" >> netstat.txt
158 echo "#" >> netstat.txt
159 /usr
/sbin
/netstat
-g -n -s >> netstat.txt
2>&1
161 if [ -x /sbin
/ifconfig
]; then
164 echo "#" >> netstat.txt
165 echo "# netstat -s -I ${if}" >> netstat.txt
166 echo "#" >> netstat.txt
167 /usr
/sbin
/netstat
-s -I ${if} >> netstat.txt
2>&1
169 IF_INFO
=`/sbin/ifconfig -v ${if}`
170 `echo $IF_INFO | grep -q TXSTART`
171 if [ $?
-eq 0 ]; then
172 echo "#" >> netstat.txt
173 echo "# netstat -qq -I ${if}" >> netstat.txt
174 echo "#" >> netstat.txt
175 /usr
/sbin
/netstat
-qq -I ${if} >> netstat.txt
2>&1
178 `echo $IF_INFO | grep -q RXPOLL`
179 if [ $?
-eq 0 ]; then
180 echo "#" >> netstat.txt
181 echo "# netstat -Q -I ${if}" >> netstat.txt
182 echo "#" >> netstat.txt
183 /usr
/sbin
/netstat
-Q -I ${if} >> netstat.txt
2>&1
195 if [ ! -x /usr
/sbin
/ndp
]; then
199 echo "`date +"%Y
-%m
-%d
%H
:%M
:%S
"`: run_ndp" >> get
-network-info.txt
200 echo "#" > ndp
-info.txt
201 echo "# ndp -n -a" >> ndp
-info.txt
202 echo "#" >> ndp
-info.txt
203 /usr
/sbin
/ndp
-n -a >> ndp
-info.txt
2>&1
205 echo "#" >> ndp
-info.txt
206 echo "# ndp -n -p" >> ndp
-info.txt
207 echo "#" >> ndp
-info.txt
208 /usr
/sbin
/ndp
-n -p >> ndp
-info.txt
2>&1
210 echo "#" >> ndp
-info.txt
211 echo "# ndp -n -r" >> ndp
-info.txt
212 echo "#" >> ndp
-info.txt
213 /usr
/sbin
/ndp
-n -r >> ndp
-info.txt
2>&1
215 if [ -x /sbin
/ifconfig
]; then
218 echo "#" >> ndp
-info.txt
219 echo "# ndp -i ${if}" >> ndp
-info.txt
220 echo "#" >> ndp
-info.txt
221 /usr
/sbin
/ndp
-i ${if} >> ndp
-info.txt
2>&1
232 if [ ! -x /usr
/sbin
/arp
]; then
236 echo "`date +"%Y
-%m
-%d
%H
:%M
:%S
"`: run_arp" >> get
-network-info.txt
237 echo "#" > arp
-info.txt
238 echo "# arp -n -a" >> arp
-info.txt
239 echo "#" >> arp
-info.txt
240 /usr
/sbin
/arp
-n -a >> arp
-info.txt
2>&1
249 if [ ! -x /usr
/sbin
/ipconfig
]; then
253 echo "`date +"%Y
-%m
-%d
%H
:%M
:%S
"`: run_ipconfig" >> get
-network-info.txt
260 echo "#" >> ipconfig
-info.txt
261 echo "# INTERFACE ${if}" >> ipconfig
-info.txt
262 echo "#" >> ipconfig
-info.txt
264 echo "DHCPv4 information:" >> ipconfig
-info.txt
266 IPCONFIG_INFO
=`/usr/sbin/ipconfig getpacket ${if}`
267 if [ "${IPCONFIG_INFO}" != "" ]; then
268 echo "${IPCONFIG_INFO}" >> ipconfig
-info.txt
270 echo "not available" >> ipconfig
-info.txt
273 echo"" >> ipconfig
-info.txt
275 echo "DHCPv6 information:" >> ipconfig
-info.txt
277 IPCONFIG_INFO
=`/usr/sbin/ipconfig getv6packet ${if}`
278 if [ "${IPCONFIG_INFO}" != "" ]; then
279 echo "${IPCONFIG_INFO}" >> ipconfig
-info.txt
281 echo "not available" >> ipconfig
-info.txt
284 echo"" >> ipconfig
-info.txt
292 # IPsec configuration
296 if [ ! -x /usr
/sbin
/setkey
-o ! -x /usr
/bin
/perl
]; then
300 echo "`date +"%Y
-%m
-%d
%H
:%M
:%S
"`: run_setkey" >> get
-network-info.txt
302 echo "# setkey -D" >> ipsec.txt
303 echo "#" >> ipsec.txt
304 ${PRIV} /usr
/sbin
/setkey
-D \
305 | /usr
/bin
/perl
-l -n -e '
306 if (/^(\s+[AE]:\s+\S+\s+)"?(.*)"?\s*$/) {
307 printf "%s[redacted]%s\n", $1, $3;
314 echo "#" >> ipsec.txt
315 echo "# setkey -Pp -D" >> ipsec.txt
316 echo "#" >> ipsec.txt
317 ${PRIV} /usr
/sbin
/setkey
-Pp -D >> ipsec.txt
319 for CF
in /var
/run
/racoon
/*.conf
321 if [ ! -r "${CF}" ]; then
326 echo "#" >> ipsec.txt
327 echo "# ${CF}" >> ipsec.txt
328 echo "#" >> ipsec.txt
330 | /usr
/bin
/perl
-l -n -e '
331 if (/^(\s+shared_secret\s+use\s+)"?([^\s;"]+)"?(.*)/) {
332 printf "%s[redacted]%s\n", $1, $3;
342 # skywalk configuration and statistics
346 if [ ! -x /usr
/sbin
/skywalkctl
]; then
350 echo "`date +"%Y
-%m
-%d
%H
:%M
:%S
"`: run_skywalk" >> get
-network-info.txt
351 echo "#" > skywalk.txt
352 echo "# skywalkctl show" >> skywalk.txt
353 echo "#" >> skywalk.txt
354 /usr
/sbin
/skywalkctl show
>> skywalk.txt
2>&1
356 echo "#" >> skywalk.txt
357 echo "# skywalkctl flow -n" >> skywalk.txt
358 echo "#" >> skywalk.txt
359 /usr
/sbin
/skywalkctl flow
-n >> skywalk.txt
2>&1
361 echo "#" >> skywalk.txt
362 echo "# skywalkctl flow-route -n" >> skywalk.txt
363 echo "#" >> skywalk.txt
364 /usr
/sbin
/skywalkctl flow
-route -n >> skywalk.txt
2>&1
366 echo "#" >> skywalk.txt
367 echo "# skywalkctl flow-switch" >> skywalk.txt
368 echo "#" >> skywalk.txt
369 /usr
/sbin
/skywalkctl flow
-switch >> skywalk.txt
2>&1
371 echo "#" >> skywalk.txt
372 echo "# skywalkctl flow-owner" >> skywalk.txt
373 echo "#" >> skywalk.txt
374 /usr
/sbin
/skywalkctl flow
-owner >> skywalk.txt
2>&1
376 echo "#" >> skywalk.txt
377 echo "# skywalkctl flow-adv" >> skywalk.txt
378 echo "#" >> skywalk.txt
379 /usr
/sbin
/skywalkctl flow
-adv >> skywalk.txt
2>&1
381 echo "#" >> skywalk.txt
382 echo "# skywalkctl netstat -s" >> skywalk.txt
383 echo "#" >> skywalk.txt
384 /usr
/sbin
/skywalkctl netstat
-s >> skywalk.txt
2>&1
386 echo "#" >> skywalk.txt
387 echo "# skywalkctl netstat -s --global" >> skywalk.txt
388 echo "#" >> skywalk.txt
389 /usr
/sbin
/skywalkctl netstat
-s --global >> skywalk.txt
2>&1
391 echo "#" >> skywalk.txt
392 echo "# skywalkctl interface" >> skywalk.txt
393 echo "#" >> skywalk.txt
394 /usr
/sbin
/skywalkctl interface
>> skywalk.txt
2>&1
396 echo "#" >> skywalk.txt
397 echo "# skywalkctl channel" >> skywalk.txt
398 echo "#" >> skywalk.txt
399 /usr
/sbin
/skywalkctl channel
>> skywalk.txt
2>&1
401 echo "#" >> skywalk.txt
402 echo "# skywalkctl provider -D" >> skywalk.txt
403 echo "#" >> skywalk.txt
404 /usr
/sbin
/skywalkctl provider
-D >> skywalk.txt
2>&1
406 echo "#" >> skywalk.txt
407 echo "# skywalkctl netns -a" >> skywalk.txt
408 echo "#" >> skywalk.txt
409 /usr
/sbin
/skywalkctl netns
-a >> skywalk.txt
2>&1
411 echo "#" >> skywalk.txt
412 echo "# skywalkctl memory" >> skywalk.txt
413 echo "#" >> skywalk.txt
414 /usr
/sbin
/skywalkctl memory
>> skywalk.txt
2>&1
419 # skywalk configuration and statistics
423 if [ ! -x /usr
/bin
/nettop
]; then
427 echo "`date +"%Y
-%m
-%d
%H
:%M
:%S
"`: run_nettop" >> get
-network-info.txt
428 echo "#" > nettop.txt
429 echo "# nettop -n -l 1" >> nettop.txt
430 echo "#" >> nettop.txt
431 /usr
/bin
/nettop
-n -l 1 >> nettop.txt
2>&1
436 # Network preferences
438 collect_configuration_files
() {
440 echo "`date +"%Y
-%m
-%d
%H
:%M
:%S
"`: collect_configuration_files" >> get
-network-info.txt
442 /Library
/Preferences
/com.apple.networkextension.plist \
443 /Library
/Preferences
/com.apple.networkextension.control.plist \
444 /Library
/Preferences
/com.apple.networkextension.necp.plist \
445 /Library
/Preferences
/com.apple.networkextension.cache.plist \
446 /Library
/Preferences
/com.apple.networkextension.uuidcache.plist \
447 /Library
/Preferences
/SystemConfiguration
/com.apple.nat.plist \
448 /Library
/Preferences
/SystemConfiguration
/com.apple.RemoteAccessServers.plist \
449 /Library
/Preferences
/SystemConfiguration
/com.apple.smb.server.plist \
450 /Library
/Preferences
/com.apple.mDNSResponder.plist \
451 /Library
/Preferences
/SystemConfiguration
/NetworkInterfaces.plist \
452 /Library
/Preferences
/SystemConfiguration
/preferences.plist \
455 if [ -e "${f}" ]; then
457 cat "${f}" > "${b}" 2>&1
461 if [ -e /etc
/resolv.conf
]; then
462 cat /etc
/resolv.conf
> etc
-resolv-conf.txt
2>&1
464 if [ -e /var
/run
/resolv.conf
]; then
465 cat /var
/run
/resolv.conf
> var
-run-resolv-conf.txt
2>&1
467 if [ -e /etc
/resolver
]; then
468 tar -c -H /etc
/resolver
> etc
-resolver.
tar 2>/dev
/null
475 collect_vpn_logs
() {
477 echo "`date +"%Y
-%m
-%d
%H
:%M
:%S
"`: collect_vpn_logs" >> get
-network-info.txt
480 /var
/log
/racoon.log \
483 if [ -e "${f}" ]; then
485 ${PRIV} cat "${f}" > "${b}".txt
2>&1
495 if [ ! -x /usr
/local
/bin
/neutil
]; then
499 echo "`date +"%Y
-%m
-%d
%H
:%M
:%S
"`: run_neutil" >> get
-network-info.txt
502 echo "# neutil policy dump" >> necp.txt
504 /usr
/local
/bin
/neutil policy dump
>> necp.txt
2>&1
506 echo "#" > network
-agents.txt
507 echo "# neutil agent dump" >> network
-agents.txt
508 echo "#" >> network
-agents.txt
509 /usr
/local
/bin
/neutil agent dump
>> network
-agents.txt
2>&1
511 # Generates a default-level log message containing the current file handles that UserEventAgent has
512 /usr
/local
/bin
/neutil session log
-file-handles
520 run_network_test
() {
522 if [ ! -x /usr
/local
/bin
/network_test
]; then
526 echo "`date +"%Y
-%m
-%d
%H
:%M
:%S
"`: run_network_test" >> get
-network-info.txt
527 /usr
/local
/bin
/network_test path_watcher
-dump > nw_path.txt
2>&1
532 # Network, DNS, Proxy, Reachability, Cache information
536 if [ ! -x /usr
/sbin
/scutil
]; then
540 echo "`date +"%Y
-%m
-%d
%H
:%M
:%S
"`: run_scutil" >> get
-network-info.txt
541 echo "#" > network
-information.txt
542 echo "# scutil -d -v --nwi" >> network
-information.txt
543 echo "#" >> network
-information.txt
544 /usr
/sbin
/scutil
-d -v --nwi >> network
-information.txt
2>&1
547 echo "" >> network
-information.txt
548 echo "#" >> network
-information.txt
549 echo "# scutil --nwi ${if}" >> network
-information.txt
550 echo "#" >> network
-information.txt
551 scutil
--nwi ${if} >> network
-information.txt
2>&1
554 echo "#" > dns
-configuration.txt
555 echo "# scutil -d -v --dns" >> dns
-configuration.txt
556 echo "#" >> dns
-configuration.txt
557 /usr
/sbin
/scutil
-d -v --dns >> dns
-configuration.txt
2>&1
559 echo "#" > proxy
-configuration.txt
560 echo "# scutil -d -v --proxy" >> proxy
-configuration.txt
561 echo "#" >> proxy
-configuration.txt
562 /usr
/sbin
/scutil
-d -v --proxy >> proxy
-configuration.txt
2>&1
564 echo "#" > reachability
-info.txt
565 echo '# scutil -d -v -r www.apple.com' >> reachability
-info.txt
566 echo "#" >> reachability
-info.txt
567 /usr
/sbin
/scutil
-d -v -r www.apple.com
>> reachability
-info.txt
2>&1
569 echo "#" >> reachability
-info.txt
570 echo '# scutil -d -v -r 0.0.0.0' >> reachability
-info.txt
571 echo "#" >> reachability
-info.txt
572 /usr
/sbin
/scutil
-d -v -r 0.0.0.0 >> reachability
-info.txt
2>&1
574 echo "#" >> reachability
-info.txt
575 echo '# scutil -d -v -r 169.254.0.0' >> reachability
-info.txt
576 echo "#" >> reachability
-info.txt
577 /usr
/sbin
/scutil
-d -v -r 169.254.0.0 >> reachability
-info.txt
2>&1
579 echo "#" > nc
-info.txt
580 echo '# scutil --nc list' >> nc
-info.txt
581 echo "#" >> nc
-info.txt
582 /usr
/sbin
/scutil
--nc list
>> nc
-info.txt
2>&1
584 /usr
/sbin
/scutil
-p --snapshot SCDynamicStore.plist
2>&1
593 if [ ! -x /sbin
/route
]; then
597 echo "`date +"%Y
-%m
-%d
%H
:%M
:%S
"`: run_route" >> get
-network-info.txt
598 echo "#" > route
-info.txt
599 echo '# route -n -v get www.apple.com' >> route
-info.txt
600 echo "#" >> route
-info.txt
601 /sbin
/route
-n -v get www.apple.com
>> route
-info.txt
2>&1
603 echo "#" >> route
-info.txt
604 echo '# route -n -v get 0.0.0.0' >> route
-info.txt
605 echo "#" >> route
-info.txt
606 /sbin
/route
-n -v get
0.0.0.0 >> route
-info.txt
2>&1
615 if [ ! -x /usr
/bin
/dig -o ! -f /etc
/resolv.conf
]; then
619 echo "`date +"%Y
-%m
-%d
%H
:%M
:%S
"`: run_dig" >> get
-network-info.txt
620 echo "#" > dig-info.txt
621 echo '# dig -t any -c any www.apple.com' >> dig-info.txt
622 echo "#" >> dig-info.txt
623 /usr
/bin
/dig +time=2 -t any
-c any www.apple.com
>> dig-info.txt
2>/dev
/null
632 if [ ! -x /bin
/hostname
]; then
636 echo "`date +"%Y
-%m
-%d
%H
:%M
:%S
"`: run_hostname" >> get
-network-info.txt
637 /bin
/hostname
> hostname.txt
2>&1
646 if [ ! -x /usr
/sbin
/lsof
]; then
650 echo "`date +"%Y
-%m
-%d
%H
:%M
:%S
"`: run_lsof" >> get
-network-info.txt
651 ${PRIV} /usr
/sbin
/lsof
+c
0 -X -n -O -P -T q
> lsof.txt
2>&1 &
653 # start a watchdog for lsof
656 while [ $WAIT_TIME -gt 0 ]
658 ${PRIV} kill -0 ${LSOF_PID} 2>/dev
/null
659 if [ $?
-eq 0 ]; then
660 # lsof is [still] gathering data...
662 WAIT_TIME
=$((WAIT_TIME - 1))
666 # lsof completed gathering data
670 if [ $WAIT_TIME -eq 0 ]; then
672 ${PRIV} kill ${LSOF_PID} 2>/dev
/null
683 if [ ! -x /usr
/sbin
/sysctl
]; then
687 echo "`date +"%Y
-%m
-%d
%H
:%M
:%S
"`: run_sysctl" >> get
-network-info.txt
688 ${PRIV} /usr
/sbin
/sysctl
-a > sysctl.txt
2>&1 &
694 # collect a packet capture if netdiagnose is available
696 if [ -x /usr
/local
/bin
/netdiagnose
]; then
697 echo "`date +"%Y
-%m
-%d
%H
:%M
:%S
"`: start_pcap" >> get
-network-info.txt
698 trap stop_pcap SIGINT
699 /usr
/local
/bin
/netdiagnose
-p "${REQUESTED_OUTDIR}" start sysdiagpcap
2>&1 1>/dev
/null
705 if [ ${PCAP_STARTED} -ne 0 ]; then
707 /usr
/local
/bin
/netdiagnose stop sysdiagpcap
2>&1 1>/dev
/null
708 echo "`date +"%Y
-%m
-%d
%H
:%M
:%S
"`: stop_pcap done" >> get
-network-info.txt
712 collect_ndf_info
() {
717 collect_sensitive_info
() {
719 if [ "${COLLECT_PCAP}" == "Y" ]; then
723 collect_state_dump_sensitive
733 if [ "${COLLECT_NDF_INFO}" == "Y" ]; then
737 if [ "${COLLECT_SENSITIVE_INFO}" == "Y" ]; then
738 collect_sensitive_info
752 if [ "${COLLECT_CONFIGURATION_FILES}" == "Y" ]; then
753 collect_configuration_files
759 # __COMMAND_ROUTINES_END__
761 # __HELPER_ROUTINES_BEGIN__
765 echo "Usage: get-network-info [-c] [-n] [-s] <info-directory>"
766 echo " -c collects system configuration files"
767 echo " -n collects NDF information (lsof)"
768 echo " -P do not collect a packet capture"
769 echo " -s collects sensitive information (ARP/NDP/mDNS cache)"
770 echo " <info-directory> path to directory where all the information will be collected"
776 if [ "${REQUESTED_OUTDIR}" = "" ]; then
781 if [ ! -d ${REQUESTED_OUTDIR} ]; then
782 echo "${REQUESTED_OUTDIR} does not exist"
786 if [ ! -w ${REQUESTED_OUTDIR} ]; then
787 echo "${REQUESTED_OUTDIR} is write-protected"
793 # Collect most used command output to be used later
797 if [ ! -x /sbin
/ifconfig
]; then
801 IF_LIST
=`/sbin/ifconfig -l`
807 COLLECT_SENSITIVE_INFO
=""
808 COLLECT_CONFIGURATION_FILES
=""
814 # __HELPER_ROUTINES_END__
819 ARGS
=`getopt cnPs $*`