Wiresshark Auto filter : 와이어샤크 자동실행 CMD 명령어, 와이어샤크 필터식 포함 자동실행

Wiresshark Auto filter : 와이어샤크 자동실행 CMD 명령어, 와이어샤크 필터식 포함 자동실행

 

path="C:\Program Files\Wireshark\Wireshark.exe"

set D=%DATE:-=%
set h=%TIME:~0,2%
set m=%TIME:~3,2%

C:\Windows\system32\timeout.exe /t 45

start /d "C:\Program Files\Wireshark\" /b Wireshark.exe -i "\Device\NPF_{B9815-D3-466-BE2-FE08BD}" -f "dst port 4444 or dst port 3333 or dst port 2222 or dst port 80 or dst port 8888 and tcp[tcpflags] & (tcp-push) != 0 and tcp[tcpflags] & (tcp-ack) != 0 and dst net 192.168.0.0/24 and !src net 192.168.0.0/24" -l -b filesize:15360 -w "C:\_Wireshark_Capture\XTRM_%d%_.pcap" -k -Y "frame contains keyword || frame contains volume1 || frame contains volume2 || frame contains volume3 || frame contains volume4 || frame contains volume5 || urlencoded-form.key == path || urlencoded-form.key == folder_path || frame contains SYNO.VideoStation.Subtitle || frame contains SYNO.Core.Desktop.SessionData || frame contains song_rating"

exit

 

---

필터식 예시

 

frame contains keyword || frame contains volume1 || frame contains volume2 || frame contains volume3 || frame contains volume4 || frame contains volume5 || urlencoded-form.key == path || urlencoded-form.key == folder_path || frame contains SYNO.VideoStation.Subtitle || frame contains SYNO.Core.Desktop.SessionData || frame contains song_rating

 

또는

 

frame contains "keyword" || frame contains "volume1" || frame contains "volume2" || frame contains "volume3" || frame contains "volume4" || frame contains "volume5" || urlencoded-form.key == "path" || urlencoded-form.key == "folder_path" || frame contains "SYNO.VideoStation.Subtitle" || frame contains "SYNO.Core.Desktop.SessionData" || frame contains "set_playback_setting" || frame contains "SYNO.AudioStation.Song" || frame contains "main" || frame contains "Movie" || frame contains "TVShowEpisode"