Question

我有一个批处理文件我尝试修改哪些构建了wireshark捕获，但明确排除了来自一系列IP地址的IP流量

正如您从下面的原始过滤器中看到的那样，我试图捕获来自2个子网的流量，但是如果构建一个＆，我真的想为每个添加到列表的IP做些什么＃39; ip src not %% IP %%和ip dst not %% IP %%＆＃39;对于每个IP（可能是15-20个IP地址）而不是必须按设备类型分解并依次迭代每个IP。我遇到了麻烦，因为我试图以不同的方式扩展和连接字符串。我的for循环没有扩展IP列表的字符串，net1和net2也没有被扩展 - 我想让它真的非常通用，因为它是我的东西希望使用多个不同的站点，所有站点都使用不同的子网和排除IP

SETLOCAL EnableExtensions EnableDelayedExpansion
set TSHARK="C:\Program Files (x86)\Wireshark\tshark"
set LOCATION = "E:\ISA_CAPTURE\"
set NAME = "ISA.pcapng"
set NET1 = 10.198.64
set NET2 = 10.198.63
set IP_LIST = 10.198.64.30 10.198.64 31,10.198.64.20 10.198.64.81
set "FILTER = net %NET1% and net %NET2% and not udp portrange 2530-2550 and"
for /f "tokens=* delims= " %%i in (%%IP_LIST%%) do set "FILTER=!FILTER! and   ip src not %%i and ip dst not %%i"
if not exist %LOCATION% mkdir %LOCATION%
%TSHARK% -i 1 -b filesize:50000 -b files:16000 -f %%FILTER%%" -w %LOCATION%%NAME%

原始版本看起来有点像这样 - 维护起来很糟糕。

if not exist %LOCATION% mkdir %LOCATION%
%TSHARK% -i 1 -b filesize:50000 -b files:16000 -f "net 10.28.57 and net 10.28.132 and ip src not 10.28.57.30 and ip dst not 10.28.57.30 and ip src not 10.28.57.32 and ip dst not 10.28.57.32 and ip src not 10.28.57.132 and ip dst not 10.28.57.132 and ip src not 10.28.57.133 and ip dst not 10.28.57.133 and ip src not 10.28.57.144 and ip dst not 10.28.57.144 and ip src not 10.28.57.146 and ip dst not 10.28.57.146 and ip src not 10.28.57.180 and ip dst not 10.28.57.180 and ip src not 10.28.57.183 and ip dst not 10.28.57.183 and ip src not 10.28.57.185 and ip dst not 10.28.57.185 and ip src not 10.28.206.26 and ip dst not 10.28.206.26 and not udp portrange 2530-2550" -w %LOCATION%%NAME%

Answer 1

通过格式化撤消 - 我重新输入了变量并忘记了我正在使用的语言。

SETLOCAL  EnableDelayedExpansion
set TSHARK="C:\Program Files (x86)\Wireshark\tshark"
set LOCATION=E:\ISA_CAPTURE\
set NAME=ISA.pcapng
set net1=net 10.198.64
set net2=net 10.198.63
set net3=net 10.198.1
set ip_list= 10.198.64.30 10.198.64.31,10.198.64.20 10.198.64.81
set "FILTER=(%net1% or %net2% or %net3%) and not udp portrange 2530-2550"
for %%i in (%ip_list%) do set "FILTER=!FILTER! and ip src not %%i and ip dst not %%i"
if not exist %LOCATION% mkdir %LOCATION%
%TSHARK% -i 5 -b filesize:50000 -b files:16000 -f "%FILTER%" -w %LOCATION%%NAME%

批处理文件 - 提取变量以构建复杂查询

1 个答案: