如何在Network Monitor 3.4命令行中使用长捕获过滤器 [英] how to use long capture filter with Network Monitor 3.4 command line
问题描述
我想从捕获中的子网列表中排除所有流量。这使得过滤器变得相当长且复杂。命令行上是否有任何选项可以引用描述此过滤器的文件,或者只能使用/ capture"my very long
过滤器"?命令?所以,我必须把整个事情变成一行?
I want to exclude all traffic from a list of subnets in my capture. This makes for a rather long and complex filter. Is there any option on the command line to refer to a file describing this filter or can one only use the /capture "my extremely long filter" command? So, I would have to make the entire thing into one line?
推荐答案
我想如果它超过2048或4096,会有一个命令行长度限制。 也许有办法用环境变量来解决它,但我认为总会有一个限制。 也许有一种更简单的方法来改变你的
过滤器? 你可以使用库中的子网示例来缩短过滤器。
I suppose if it's longer than 2048 or 4096, there will be a command line length limitation. Maybe there's a way to work around it with a environment variable, but I think there will always be a limit. Perhaps there's an easier way to right your filter? Can you use something like the subnet example in the library to shorten the filter.
另外,你认为你的过滤器会影响捕获速度。 过滤器越复杂,评估每个传入消息所需的时间就越长。 这意味着我们必须缓冲,如果消防过多,我们就不会捕获所有水:)
如果用户界面可以跟上,那么这应该不是问题,但有些火灾比其他人要大。 此外,还有一些驱动程序过滤器可以更快地过滤NMCap。
Also, do you think your filter will affect capturing speed. The more complex the filter, the longer it takes to evaluate each incoming message. That means we have to buffer, and if the firehose is too much, we don't catch all the water :) If the UI can keep up, then it shouldn't be a problem, but some firehoses are bigger than others. Plus, there driver filters which can filter faster for NMCap.
向前移动,消息分析器( http:/ /blogs.technet.com/blogs ),是网络监视器的替代品,它可以使用PowerShell执行相同类型的大多数功能。 我认为你的
在那里有更多的灵活性和可变长度。 另外,你可以编写花哨的东西。
Moving forward, Message Analyzer (http://blogs.technet.com/blogs), is the replacement for Network Monitor, which can do the same most of the same kinds of capabilities, but using powershell. I think you'd have more flexibility with variable lengths there. Plus you can script fancy things.
Paul
这篇关于如何在Network Monitor 3.4命令行中使用长捕获过滤器的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
