Network Listening

sudo tcpdump -i eth0 -n -vv udp port 546 or udp port 547 or icmp6 or udp port 5355 or udp port 137 or udp port 138 or udp port 5353 -w listener_$(date +"%b-%d-%Y").pcap
setvar LISTENER_FILE listener_*.pcap(N:A)

# Local Network Poisoning
NBTNS_RESULTS=$(tshark -r $LISTENER_FILE -Y "nbdgm" -T fields -e ip.src -E separator=, | sort -u | grep -v '^$' | awk -F"," '{print $1",NBT-NS,137-138/udp"}')
MDNS_RESULTS=$(tshark -r $LISTENER_FILE -Y "mdns" -T fields -e ip.src | sort -u | grep -v '^$' | awk '{print $1",mDNS,5353/udp"}')
LLMNR_RESULTS=$(tshark -r $LISTENER_FILE -Y "llmnr" -T fields -e ip.src | sort -u | grep -v '^$' | awk '{print $1",LLMNR,5355/udp"}')

# Combine NBT-NS, mDNS, and LLMNR results
LNP_RESULTS="${NBTNS_RESULTS}\n${MDNS_RESULTS}\n${LLMNR_RESULTS}"

# Combine line by IP
SORTED_LNP_RESULTS=$(echo $LNP_RESULTS | awk '
BEGIN{ FS=OFS="," }
     NR==1 {next}
     { for(i=2; i<=NF;i++)
       if (!seen[$1, $i, i]++)
           grp[$1, i]=(grp[$1, i]==""?"":grp[$1, i] ($i!=""?", ":"")) $i
       else
           grp[$1, i]= grp[$1, i]
     }

END{ for(x in grp) {
         split(x, tmp, SUBSEP);
         join[tmp[1]]=(join[tmp[1]]==""?"":join[tmp[1]] OFS) "\""grp[x]"\""
     }
     for (x in join) print x, join[x]
}' | sort -Vu)

# Remove your own IP form results
CLEAN_SORTED_LNP_RESULTS=$(echo $SORTED_LNP_RESULTS | grep -v $(hostname -I | cut -d' ' -f 1))

# Send the final results to a file
echo "IP(s),Protocol,Port\n$CLEAN_SORTED_LNP_RESULTS" > Network-Poisoning.csv

# IPv6 DHCP/ICMP
tshark -r $LISTENER_FILE -T fields -e ipv6.src -e eth.src -e dhcpv6.client_domain -e dhcpv6.vendorclass.enterprise -Y "dhcpv6" -E separator=, -E quote=d | sort -u | grep '"311"' | awk -F"," 'NR==1 {print "\"IPv6 Address\",\"MAC Address\",\"Hostname\""};{print $1","$2","$3}' > Unmanaged-IPv6.csv