get-icmp.sh

#!/bin/bash

# catch icmp tgraffic on default route

IF=`ip route get 158.38.62.1 | perl -ne 'print $1 if / dev (\w+) /'`
if test "$IF" != ""
  then
    tomidnight=$((`date --date 'tomorrow 00:00' +%s`-`date +%s` - 1))
    /usr/sbin/tcpdump -i $IF -G $tomidnight -W 1 -w - icmp
fi