4 # Copyright © 2015-2020 Apple Inc.
8 # Collect network information.
11 PATH
=/bin
:/usr
/bin
:/sbin
:/usr
/sbin
13 # __SETUP_ROUTINES_BEGIN__
21 COLLECT_CONFIGURATION_FILES
="Y"
33 COLLECT_SENSITIVE_INFO
="Y"
40 REQUESTED_OUTDIR
="${i}"
51 if [ ${EUID} -ne 0 ]; then
64 cd "${REQUESTED_OUTDIR}"
68 # __SETUP_ROUTINES_END__
71 # __COMMAND_ROUTINES_BEGIN__
74 # mDNSResponder state dump
75 # /usr/bin/dns-sd -O -stdout will print the state of mDNSResponder to STDOUT
77 collect_state_dump_sensitive
() {
79 echo "`date +"%Y
-%m
-%d
%H
:%M
:%S
"`: collect_state_dump_sensitive" >> get
-network-info.txt
80 ${PRIV} /usr
/bin
/dns
-sd -O -stdout > mDNSResponder_state_dump.txt
2>&1
85 # network interface configuration
89 if [ ! -x /sbin
/ifconfig
]; then
93 echo "`date +"%Y
-%m
-%d
%H
:%M
:%S
"`: run_ifconfig" >> get
-network-info.txt
94 /sbin
/ifconfig
-a -L -b -m -r -v -v > ifconfig.txt
2>&1
96 /sbin
/ifconfig
-a > ifconfig.txt
2>&1
102 # network route configuration and statistics
106 if [ ! -x /usr
/sbin
/netstat
]; then
110 echo "`date +"%Y
-%m
-%d
%H
:%M
:%S
"`: run_netstat" >> get
-network-info.txt
111 echo "#" > netstat.txt
112 echo "# netstat -n -r -a -l" >> netstat.txt
113 echo "#" >> netstat.txt
114 /usr
/sbin
/netstat
-n -r -a -l >> netstat.txt
2>&1
116 echo "#" >> netstat.txt
117 echo "# netstat -A -a -l -n -v -W" >> netstat.txt
118 echo "#" >> netstat.txt
119 /usr
/sbin
/netstat
-A -a -l -n -v -W >> netstat.txt
2>&1
121 echo "#" >> netstat.txt
122 echo "# netstat -s" >> netstat.txt
123 echo "#" >> netstat.txt
124 /usr
/sbin
/netstat
-s >> netstat.txt
2>&1
126 echo "#" >> netstat.txt
127 echo "# netstat -rs" >> netstat.txt
128 echo "#" >> netstat.txt
129 /usr
/sbin
/netstat
-rs >> netstat.txt
2>&1
131 echo "#" >> netstat.txt
132 echo "# netstat -mmm" >> netstat.txt
133 echo "#" >> netstat.txt
134 /usr
/sbin
/netstat
-mmm >> netstat.txt
2>&1
136 echo "#" >> netstat.txt
137 echo "# netstat -i -n -d" >> netstat.txt
138 echo "#" >> netstat.txt
139 /usr
/sbin
/netstat
-i -n -d >> netstat.txt
2>&1
141 echo "#" >> netstat.txt
142 echo "# netstat -i -x R" >> netstat.txt
143 echo "#" >> netstat.txt
144 /usr
/sbin
/netstat
-i -x R
>> netstat.txt
2>&1
146 echo "#" >> netstat.txt
147 echo "# netstat -a -n -p mptcp" >> netstat.txt
148 echo "#" >> netstat.txt
149 /usr
/sbin
/netstat
-anp mptcp
>> netstat.txt
2>&1
151 echo "#" >> netstat.txt
152 echo "# netstat -s -p mptcp" >> netstat.txt
153 echo "#" >> netstat.txt
154 /usr
/sbin
/netstat
-s -p mptcp
>> netstat.txt
2>&1
156 echo "#" >> netstat.txt
157 echo "# netstat -g -n -s" >> netstat.txt
158 echo "#" >> netstat.txt
159 /usr
/sbin
/netstat
-g -n -s >> netstat.txt
2>&1
161 if [ -x /sbin
/ifconfig
]; then
164 echo "#" >> netstat.txt
165 echo "# netstat -n -s -I ${if}" >> netstat.txt
166 echo "#" >> netstat.txt
167 /usr
/sbin
/netstat
-n -s -I ${if} >> netstat.txt
2>&1
169 IF_INFO
=`/sbin/ifconfig -v ${if}`
170 `echo $IF_INFO | grep -q TXSTART`
171 if [ $?
-eq 0 ]; then
172 echo "#" >> netstat.txt
173 echo "# netstat -qq -I ${if}" >> netstat.txt
174 echo "#" >> netstat.txt
175 /usr
/sbin
/netstat
-qq -I ${if} >> netstat.txt
2>&1
178 `echo $IF_INFO | grep -q RXPOLL`
179 if [ $?
-eq 0 ]; then
180 echo "#" >> netstat.txt
181 echo "# netstat -Q -I ${if}" >> netstat.txt
182 echo "#" >> netstat.txt
183 /usr
/sbin
/netstat
-Q -I ${if} >> netstat.txt
2>&1
195 if [ ! -x /usr
/sbin
/ndp
]; then
199 echo "`date +"%Y
-%m
-%d
%H
:%M
:%S
"`: run_ndp" >> get
-network-info.txt
200 echo "#" > ndp
-info.txt
201 echo "# ndp -n -a" >> ndp
-info.txt
202 echo "#" >> ndp
-info.txt
203 /usr
/sbin
/ndp
-n -a >> ndp
-info.txt
2>&1
205 echo "#" >> ndp
-info.txt
206 echo "# ndp -n -p" >> ndp
-info.txt
207 echo "#" >> ndp
-info.txt
208 /usr
/sbin
/ndp
-n -p >> ndp
-info.txt
2>&1
210 echo "#" >> ndp
-info.txt
211 echo "# ndp -n -r" >> ndp
-info.txt
212 echo "#" >> ndp
-info.txt
213 /usr
/sbin
/ndp
-n -r >> ndp
-info.txt
2>&1
215 if [ -x /sbin
/ifconfig
]; then
218 echo "#" >> ndp
-info.txt
219 echo "# ndp -i ${if}" >> ndp
-info.txt
220 echo "#" >> ndp
-info.txt
221 /usr
/sbin
/ndp
-i ${if} >> ndp
-info.txt
2>&1
232 if [ ! -x /usr
/sbin
/arp
]; then
236 echo "`date +"%Y
-%m
-%d
%H
:%M
:%S
"`: run_arp" >> get
-network-info.txt
237 echo "#" > arp
-info.txt
238 echo "# arp -n -a" >> arp
-info.txt
239 echo "#" >> arp
-info.txt
240 /usr
/sbin
/arp
-n -a >> arp
-info.txt
2>&1
249 if [ ! -x /usr
/sbin
/ipconfig
]; then
253 echo "`date +"%Y
-%m
-%d
%H
:%M
:%S
"`: run_ipconfig" >> get
-network-info.txt
260 echo "#" >> ipconfig
-info.txt
261 echo "# INTERFACE ${if}" >> ipconfig
-info.txt
262 echo "#" >> ipconfig
-info.txt
264 echo "DHCPv4 information:" >> ipconfig
-info.txt
266 IPCONFIG_INFO
=`/usr/sbin/ipconfig getpacket ${if}`
267 if [ "${IPCONFIG_INFO}" != "" ]; then
268 echo "${IPCONFIG_INFO}" >> ipconfig
-info.txt
270 echo "not available" >> ipconfig
-info.txt
273 echo"" >> ipconfig
-info.txt
275 echo "DHCPv6 information:" >> ipconfig
-info.txt
277 IPCONFIG_INFO
=`/usr/sbin/ipconfig getv6packet ${if}`
278 if [ "${IPCONFIG_INFO}" != "" ]; then
279 echo "${IPCONFIG_INFO}" >> ipconfig
-info.txt
281 echo "not available" >> ipconfig
-info.txt
284 echo"" >> ipconfig
-info.txt
286 echo "IPv6 information:" >> ipconfig
-info.txt
288 IPCONFIG_INFO
=`/usr/sbin/ipconfig getra ${if}`
289 if [ "${IPCONFIG_INFO}" != "" ]; then
290 echo "${IPCONFIG_INFO}" >> ipconfig
-info.txt
292 echo "not available" >> ipconfig
-info.txt
295 echo"" >> ipconfig
-info.txt
303 # IPsec configuration
307 if [ ! -x /usr
/sbin
/setkey
-o ! -x /usr
/bin
/perl
]; then
311 echo "`date +"%Y
-%m
-%d
%H
:%M
:%S
"`: run_setkey" >> get
-network-info.txt
313 echo "# setkey -D" >> ipsec.txt
314 echo "#" >> ipsec.txt
315 ${PRIV} /usr
/sbin
/setkey
-D \
316 | /usr
/bin
/perl
-l -n -e '
317 if (/^(\s+[AE]:\s+\S+\s+)"?(.*)"?\s*$/) {
318 printf "%s[redacted]%s\n", $1, $3;
325 echo "#" >> ipsec.txt
326 echo "# setkey -Pp -D" >> ipsec.txt
327 echo "#" >> ipsec.txt
328 ${PRIV} /usr
/sbin
/setkey
-Pp -D >> ipsec.txt
330 for CF
in /var
/run
/racoon
/*.conf
332 if [ ! -r "${CF}" ]; then
337 echo "#" >> ipsec.txt
338 echo "# ${CF}" >> ipsec.txt
339 echo "#" >> ipsec.txt
341 | /usr
/bin
/perl
-l -n -e '
342 if (/^(\s+shared_secret\s+use\s+)"?([^\s;"]+)"?(.*)/) {
343 printf "%s[redacted]%s\n", $1, $3;
353 # skywalk configuration and statistics
357 if [ ! -x /usr
/sbin
/skywalkctl
]; then
361 echo "`date +"%Y
-%m
-%d
%H
:%M
:%S
"`: run_skywalk" >> get
-network-info.txt
362 echo "#" > skywalk.txt
363 echo "# skywalkctl show" >> skywalk.txt
364 echo "#" >> skywalk.txt
365 /usr
/sbin
/skywalkctl show
>> skywalk.txt
2>&1
367 echo "#" >> skywalk.txt
368 echo "# skywalkctl flow -n" >> skywalk.txt
369 echo "#" >> skywalk.txt
370 /usr
/sbin
/skywalkctl flow
-n >> skywalk.txt
2>&1
372 echo "#" >> skywalk.txt
373 echo "# skywalkctl flow-route -n" >> skywalk.txt
374 echo "#" >> skywalk.txt
375 /usr
/sbin
/skywalkctl flow
-route -n >> skywalk.txt
2>&1
377 echo "#" >> skywalk.txt
378 echo "# skywalkctl flow-switch" >> skywalk.txt
379 echo "#" >> skywalk.txt
380 /usr
/sbin
/skywalkctl flow
-switch >> skywalk.txt
2>&1
382 echo "#" >> skywalk.txt
383 echo "# skywalkctl flow-owner" >> skywalk.txt
384 echo "#" >> skywalk.txt
385 /usr
/sbin
/skywalkctl flow
-owner >> skywalk.txt
2>&1
387 echo "#" >> skywalk.txt
388 echo "# skywalkctl flow-adv" >> skywalk.txt
389 echo "#" >> skywalk.txt
390 /usr
/sbin
/skywalkctl flow
-adv >> skywalk.txt
2>&1
392 echo "#" >> skywalk.txt
393 echo "# skywalkctl netstat -s" >> skywalk.txt
394 echo "#" >> skywalk.txt
395 /usr
/sbin
/skywalkctl netstat
-s >> skywalk.txt
2>&1
397 echo "#" >> skywalk.txt
398 echo "# skywalkctl netstat -s --global" >> skywalk.txt
399 echo "#" >> skywalk.txt
400 /usr
/sbin
/skywalkctl netstat
-s --global >> skywalk.txt
2>&1
402 echo "#" >> skywalk.txt
403 echo "# skywalkctl interface" >> skywalk.txt
404 echo "#" >> skywalk.txt
405 /usr
/sbin
/skywalkctl interface
>> skywalk.txt
2>&1
407 echo "#" >> skywalk.txt
408 echo "# skywalkctl channel" >> skywalk.txt
409 echo "#" >> skywalk.txt
410 /usr
/sbin
/skywalkctl channel
>> skywalk.txt
2>&1
412 echo "#" >> skywalk.txt
413 echo "# skywalkctl provider -D" >> skywalk.txt
414 echo "#" >> skywalk.txt
415 /usr
/sbin
/skywalkctl provider
-D >> skywalk.txt
2>&1
417 echo "#" >> skywalk.txt
418 echo "# skywalkctl netns -a" >> skywalk.txt
419 echo "#" >> skywalk.txt
420 /usr
/sbin
/skywalkctl netns
-a >> skywalk.txt
2>&1
422 echo "#" >> skywalk.txt
423 echo "# skywalkctl memory" >> skywalk.txt
424 echo "#" >> skywalk.txt
425 /usr
/sbin
/skywalkctl memory
>> skywalk.txt
2>&1
430 # skywalk configuration and statistics
434 if [ ! -x /usr
/bin
/nettop
]; then
438 echo "`date +"%Y
-%m
-%d
%H
:%M
:%S
"`: run_nettop" >> get
-network-info.txt
439 echo "#" > nettop.txt
440 echo "# nettop -n -l 1" >> nettop.txt
441 echo "#" >> nettop.txt
442 /usr
/bin
/nettop
-n -l 1 >> nettop.txt
2>&1
447 # Network preferences
449 collect_configuration_files
() {
451 echo "`date +"%Y
-%m
-%d
%H
:%M
:%S
"`: collect_configuration_files" >> get
-network-info.txt
453 /Library
/Preferences
/com.apple.networkextension.plist \
454 /Library
/Preferences
/com.apple.networkextension.control.plist \
455 /Library
/Preferences
/com.apple.networkextension.necp.plist \
456 /Library
/Preferences
/com.apple.networkextension.cache.plist \
457 /Library
/Preferences
/com.apple.networkextension.uuidcache.plist \
458 /Library
/Preferences
/SystemConfiguration
/com.apple.nat.plist \
459 /Library
/Preferences
/SystemConfiguration
/com.apple.RemoteAccessServers.plist \
460 /Library
/Preferences
/SystemConfiguration
/com.apple.smb.server.plist \
461 /Library
/Preferences
/com.apple.mDNSResponder.plist \
462 /Library
/Preferences
/SystemConfiguration
/NetworkInterfaces.plist \
463 /Library
/Preferences
/SystemConfiguration
/preferences.plist \
466 if [ -e "${f}" ]; then
468 cat "${f}" > "${b}" 2>&1
472 if [ -e /etc
/resolv.conf
]; then
473 cat /etc
/resolv.conf
> etc
-resolv-conf.txt
2>&1
475 if [ -e /var
/run
/resolv.conf
]; then
476 cat /var
/run
/resolv.conf
> var
-run-resolv-conf.txt
2>&1
478 if [ -e /etc
/resolver
]; then
479 tar -c -H /etc
/resolver
> etc
-resolver.
tar 2>/dev
/null
480 elif [ -e /Library
/Preferences
/SystemConfiguration
/resolver
]; then
481 tar -c -H /Library
/Preferences
/SystemConfiguration
/resolver
> LPS
-resolver.
tar 2>/dev
/null
484 MIGRATION_FILES
=$
(/bin
/ls -1 \
485 /Library
/Preferences
/SystemConfiguration
/preferences
-pre-*.plist \
486 /Library
/Preferences
/SystemConfiguration
/NetworkInterfaces
-pre-*.plist \
488 if [ -n "${MIGRATION_FILES}" ]; then
489 MIGRATION_FILES
+=" /Library/Preferences/SystemConfiguration/preferences.plist"
490 MIGRATION_FILES
+=" /Library/Preferences/SystemConfiguration/NetworkInterfaces.plist"
491 tar -c -H ${MIGRATION_FILES} > migration.
tar 2>/dev
/null
498 collect_vpn_logs
() {
500 echo "`date +"%Y
-%m
-%d
%H
:%M
:%S
"`: collect_vpn_logs" >> get
-network-info.txt
503 /var
/log
/racoon.log \
506 if [ -e "${f}" ]; then
508 ${PRIV} cat "${f}" > "${b}".txt
2>&1
518 if [ ! -x /usr
/local
/bin
/neutil
]; then
522 echo "`date +"%Y
-%m
-%d
%H
:%M
:%S
"`: run_neutil" >> get
-network-info.txt
525 echo "# neutil policy dump" >> necp.txt
527 /usr
/local
/bin
/neutil policy dump
>> necp.txt
2>&1
529 echo "#" > network
-agents.txt
530 echo "# neutil agent dump" >> network
-agents.txt
531 echo "#" >> network
-agents.txt
532 /usr
/local
/bin
/neutil agent dump
>> network
-agents.txt
2>&1
534 # Generates a default-level log message containing the current file handles that UserEventAgent has
535 /usr
/local
/bin
/neutil session log
-file-handles
543 run_network_test
() {
545 if [ ! -x /usr
/local
/bin
/network_test
]; then
549 echo "`date +"%Y
-%m
-%d
%H
:%M
:%S
"`: run_network_test" >> get
-network-info.txt
550 /usr
/local
/bin
/network_test path_watcher
-dump > nw_path.txt
2>&1
555 # Network, DNS, Proxy, Reachability, Cache information
559 if [ ! -x /usr
/sbin
/scutil
]; then
563 echo "`date +"%Y
-%m
-%d
%H
:%M
:%S
"`: run_scutil" >> get
-network-info.txt
564 echo "#" > network
-information.txt
565 echo "# scutil -d -v --nwi" >> network
-information.txt
566 echo "#" >> network
-information.txt
567 /usr
/sbin
/scutil
-d -v --nwi >> network
-information.txt
2>&1
570 echo "" >> network
-information.txt
571 echo "#" >> network
-information.txt
572 echo "# scutil --nwi ${if}" >> network
-information.txt
573 echo "#" >> network
-information.txt
574 scutil
--nwi ${if} >> network
-information.txt
2>&1
577 echo "#" > dns
-configuration.txt
578 echo "# scutil -d -v --dns" >> dns
-configuration.txt
579 echo "#" >> dns
-configuration.txt
580 /usr
/sbin
/scutil
-d -v --dns >> dns
-configuration.txt
2>&1
582 echo "#" > proxy
-configuration.txt
583 echo "# scutil -d -v --proxy" >> proxy
-configuration.txt
584 echo "#" >> proxy
-configuration.txt
585 /usr
/sbin
/scutil
-d -v --proxy >> proxy
-configuration.txt
2>&1
587 echo "#" > reachability
-info.txt
588 echo '# scutil -d -v -r www.apple.com' >> reachability
-info.txt
589 echo "#" >> reachability
-info.txt
590 /usr
/sbin
/scutil
-d -v -r www.apple.com
>> reachability
-info.txt
2>&1
592 echo "#" >> reachability
-info.txt
593 echo '# scutil -d -v -r 0.0.0.0' >> reachability
-info.txt
594 echo "#" >> reachability
-info.txt
595 /usr
/sbin
/scutil
-d -v -r 0.0.0.0 >> reachability
-info.txt
2>&1
597 echo "#" >> reachability
-info.txt
598 echo '# scutil -d -v -r 169.254.0.0' >> reachability
-info.txt
599 echo "#" >> reachability
-info.txt
600 /usr
/sbin
/scutil
-d -v -r 169.254.0.0 >> reachability
-info.txt
2>&1
602 echo "#" > nc
-info.txt
603 echo '# scutil --nc list' >> nc
-info.txt
604 echo "#" >> nc
-info.txt
605 /usr
/sbin
/scutil
--nc list
>> nc
-info.txt
2>&1
607 /usr
/sbin
/scutil
-p --snapshot SCDynamicStore.plist
2>&1
616 if [ ! -x /sbin
/route
]; then
620 echo "`date +"%Y
-%m
-%d
%H
:%M
:%S
"`: run_route" >> get
-network-info.txt
621 echo "#" > route
-info.txt
622 echo '# route -n -v get www.apple.com' >> route
-info.txt
623 echo "#" >> route
-info.txt
624 /sbin
/route
-n -v get www.apple.com
>> route
-info.txt
2>&1
626 echo "#" >> route
-info.txt
627 echo '# route -n -v get 0.0.0.0' >> route
-info.txt
628 echo "#" >> route
-info.txt
629 /sbin
/route
-n -v get
0.0.0.0 >> route
-info.txt
2>&1
638 if [ ! -x /usr
/bin
/dig -o ! -f /etc
/resolv.conf
]; then
642 echo "`date +"%Y
-%m
-%d
%H
:%M
:%S
"`: run_dig" >> get
-network-info.txt
643 echo "#" > dig-info.txt
644 echo '# dig -t any -c any www.apple.com' >> dig-info.txt
645 echo "#" >> dig-info.txt
646 /usr
/bin
/dig +time=2 -t any
-c any www.apple.com
>> dig-info.txt
2>/dev
/null
655 if [ ! -x /bin
/hostname
]; then
659 echo "`date +"%Y
-%m
-%d
%H
:%M
:%S
"`: run_hostname" >> get
-network-info.txt
660 /bin
/hostname
> hostname.txt
2>&1
669 if [ ! -x /usr
/sbin
/lsof
]; then
673 echo "`date +"%Y
-%m
-%d
%H
:%M
:%S
"`: run_lsof" >> get
-network-info.txt
674 ${PRIV} /usr
/sbin
/lsof
+c
0 -X -n -O -P -T q
> lsof.txt
2>&1 &
676 # start a watchdog for lsof
679 while [ $WAIT_TIME -gt 0 ]
681 ${PRIV} kill -0 ${LSOF_PID} 2>/dev
/null
682 if [ $?
-eq 0 ]; then
683 # lsof is [still] gathering data...
685 WAIT_TIME
=$((WAIT_TIME - 1))
689 # lsof completed gathering data
693 if [ $WAIT_TIME -eq 0 ]; then
695 ${PRIV} kill ${LSOF_PID} 2>/dev
/null
706 if [ ! -x /usr
/sbin
/sysctl
]; then
710 echo "`date +"%Y
-%m
-%d
%H
:%M
:%S
"`: run_sysctl" >> get
-network-info.txt
711 ${PRIV} /usr
/sbin
/sysctl
-a > sysctl.txt
2>&1 &
717 # collect a packet capture if netdiagnose is available
719 if [ -x /usr
/local
/bin
/netdiagnose
]; then
720 echo "`date +"%Y
-%m
-%d
%H
:%M
:%S
"`: start_pcap" >> get
-network-info.txt
721 trap stop_pcap SIGINT
722 /usr
/local
/bin
/netdiagnose
-p "${REQUESTED_OUTDIR}" start sysdiagpcap
2>&1 1>/dev
/null
728 if [ ${PCAP_STARTED} -ne 0 ]; then
730 /usr
/local
/bin
/netdiagnose stop sysdiagpcap
2>&1 1>/dev
/null
731 echo "`date +"%Y
-%m
-%d
%H
:%M
:%S
"`: stop_pcap" >> get
-network-info.txt
735 collect_ndf_info
() {
740 collect_sensitive_info
() {
742 if [ "${COLLECT_PCAP}" == "Y" ]; then
746 collect_state_dump_sensitive
756 if [ "${COLLECT_NDF_INFO}" == "Y" ]; then
760 if [ "${COLLECT_SENSITIVE_INFO}" == "Y" ]; then
761 collect_sensitive_info
775 if [ "${COLLECT_CONFIGURATION_FILES}" == "Y" ]; then
776 collect_configuration_files
782 # __COMMAND_ROUTINES_END__
784 # __HELPER_ROUTINES_BEGIN__
788 echo "Usage: get-network-info [-c] [-n] [-s] <info-directory>"
789 echo " -c collects system configuration files"
790 echo " -n collects NDF information (lsof)"
791 echo " -P do not collect a packet capture"
792 echo " -s collects sensitive information (ARP/NDP/mDNS cache)"
793 echo " <info-directory> path to directory where all the information will be collected"
799 if [ "${REQUESTED_OUTDIR}" = "" ]; then
804 if [ ! -d ${REQUESTED_OUTDIR} ]; then
805 echo "${REQUESTED_OUTDIR} does not exist"
809 if [ ! -w ${REQUESTED_OUTDIR} ]; then
810 echo "${REQUESTED_OUTDIR} is write-protected"
816 # Collect most used command output to be used later
820 if [ ! -x /sbin
/ifconfig
]; then
824 IF_LIST
=`/sbin/ifconfig -l`
830 COLLECT_SENSITIVE_INFO
=""
831 COLLECT_CONFIGURATION_FILES
=""
837 # __HELPER_ROUTINES_END__
842 ARGS
=`getopt cnPs $*`