Wiresshark Auto filter : 와이어샤크 자동실행 CMD 명령어, 와이어샤크 필터식 포함 자동실행

───────────────────────────── XTRM Media Server ───────────────────────────────────────────────────────────────────────────────────────────────────

path="C:\Program Files\Wireshark\Wireshark.exe"

set D=%DATE:-=%
set h=%TIME:~0,2%
set m=%TIME:~3,2%

C:\Windows\system32\timeout.exe /t 45

start /d "C:\Program Files\Wireshark\" /b Wireshark.exe -i "\Device\NPF_{B9815-D3-466-BE2-FE08BD}" -f "dst port 4444 or dst port 3333 or dst port 2222 or dst port 5000 or dst port 33 or dst port 32400 or dst port 80 or dst port 8888 and tcp[tcpflags] & (tcp-push) != 0 and tcp[tcpflags] & (tcp-ack) != 0 and dst net 192.168.0.0/24 and !src net 192.168.0.0/24" -l -b filesize:15360 -w "C:\_Wireshark_Capture\XTRM_%d%_.pcap" -k -Y "frame contains keyword || frame contains volume1 || frame contains volume2 || frame contains volume3 || frame contains volume4 || frame contains volume5 || urlencoded-form.key == path || urlencoded-form.key == folder_path || frame contains SYNO.VideoStation.Subtitle || frame contains SYNO.Core.Desktop.SessionData || frame contains song_rating"

exit

필터식

frame contains keyword || frame contains volume1 || frame contains volume2 || frame contains volume3 || frame contains volume4 || frame contains volume5 || urlencoded-form.key == path || urlencoded-form.key == folder_path || frame contains SYNO.VideoStation.Subtitle || frame contains SYNO.Core.Desktop.SessionData || frame contains song_rating

frame contains "keyword" || frame contains "volume1" || frame contains "volume2" || frame contains "volume3" || frame contains "volume4" || frame contains "volume5" || urlencoded-form.key == "path" || urlencoded-form.key == "folder_path" || frame contains "SYNO.VideoStation.Subtitle" || frame contains "SYNO.Core.Desktop.SessionData" || frame contains "set_playback_setting" || frame contains "SYNO.AudioStation.Song" || frame contains "main" || frame contains "Movie" || frame contains "TVShowEpisode"