堆栈内存溢出
  简体   繁体   English

Tshark 在 powershell 上使用 foreach -parallel 循环在远程服务器上捕获

[英]Tshark captures on remote server with foreach -parallel loop on powershell

 原文  2022-09-16 15:34:39       powershell/ parallel.foreach/ tshark

问题描述

I'm traing to start 2 remote packet captures at same time on a winServer2016 with two nics, with tshark 3.4.5 and powershell 7.2.1.我正在训练在带有两个网卡的 winServer2016 上同时启动 2 个远程数据包捕获,使用 tshark 3.4.5 和 powershell 7.2.1。

The problem is that I can't found the correct sintax to pass variables to tshark...问题是我找不到正确的 sintax 将变量传递给 tshark ......

$ScriptPath = "E:\CC12\Scripts\TShark"
$dateForDirLogs = (Get-Date).ToString('yyyy-MM-dd-HH')
$dateForLogs = (Get-Date).ToString('yyyy-MM-dd-HH.mm')
$logDir = "$ScriptPath\Logs"

$MyServer = "SRV1"
$LogFile = "$logDir\$($MyServer)_$($dateForLogs).txt"

$MySession = New-PSSession $MyServer -ConfigurationName PowerShell.7.2.1
Invoke-Command -Session $MySession -ScriptBlock {
        $CptPathName = "E:\Captures\$using:dateForDirLogs"
        $JobLogFile = "$CptPathName\RmJobsLog.txt"
        $HName = $using:MyServer
        $CptFilePub = "$CptPathName\$($HName)_PUB_$using:dateForLogs.pcapng"
        $CptFilePri = "$CptPathName\$($HName)_PRI_$using:dateForLogs.pcapng"
        $TsharkBin = "C:\Program Files\Wireshark\tshark.exe"
        [string]$NicPub = & $TsharkBin -D | Select-String "Public"
        $ifNumPub = $NicPub.Split("\")[0]
        $NicPub = $NicPub.Replace($ifNumPub,'')
        $NicPub = $NicPub.Replace(' (Public)','')
        [string]$NicPri = & $TsharkBin -D | Select-String "Private"
        $ifNumPri = $NicPri.Split("\")[0]
        $NicPri = $NicPri.Replace($ifNumPri,'')
        $NicPri = $NicPri.Replace(' (Private)','')
        $FilterPub = "dst net 10.49.94.0/24"
        $FilterTimePub = 300
        $FilterSizePub = 307200
        $FilterPri = "dst net 10.56.128.0/25"
        $FilterTimePri = 300
        $FilterSizePri = 307200
        # echo variables
        $CptPathName
        $JobLogFile
        $HName
        $CptFilePub
        $CptFilePri
        $NicPub
        $NicPri
        $FilterPub
        $FilterPri
        
        $CptCMDs = @(
        "-i $NicPub -f $FilterPub -a duration:$FilterTimePub -w $CptFilePub"
        "-i $NicPri -f $FilterPri -a duration:$FilterTimePri -w $CptFilePri"
        )
        
        $CptCMDs | ForEach-Object -Parallel {
            $TsharkBin = "C:\Program Files\Wireshark\tshark.exe"
            & $TsharkBin $_
            } -ThrottleLimit 2
            
}

I've tried to quoting the "qoutes" like that, but doesn't works:我试图像这样引用“qoutes”,但不起作用:

$NicPub = "`"$NicPub`""

Seems that tshark reads the $CptCMDs as a single parameter the interface name.似乎 tshark 将$CptCMDs作为接口名称的单个参数读取。 Seems skips its commands switch...似乎跳过了它的命令开关......

This is the output, if I ran the script interactively:这是 output,如果我以交互方式运行脚本:

E:\Captures\2022-09-16-15
E:\Captures\2022-09-16-15\RmJobsLog.txt
SRV1
E:\Captures\2022-09-16-15\SRV1_PUB_2022-09-16-15.06.pcapng
E:\Captures\2022-09-16-15\SRV1_PRI_2022-09-16-15.06.pcapng
"\Device\NPF_{3578AB86-0318-4116-818C-87BC171F2B6F}"
"\Device\NPF_Loopback"
dst net 10.49.94.0/24
dst net 10.56.128.0/25
Capturing on ' \Device\NPF_{3578AB86-0318-4116-818C-87BC171F2B6F} -f dst net 10.49.94.0/24 -a duration:300 -w E:\Captures\2022-09-16-15\SRV1_PUB_2022-09-16-15.06.pcapng'
Capturing on ' \Device\NPF_{34234H86-5488-5546-212C-57867G57FR2Y} -f dst net 10.56.128.0/25 -a duration:300 -w E:\Captures\2022-09-16-15\SRV1_PRI_2022-09-16-15.06.pcapng'
tshark: The capture session could not be initiated on interface ' \Device\NPF_{3578AB86-0318-4116-818C-87BC171F2B6F} -f dst net 10.49.94.0/24) -a duration:300 -w E:\Captures\2022-09-16-15\SRV1_PUB_2022-09-16-15.06.pcapng' (Error opening adapter: The filename, directory name, or volume label syntax is incorrect.  (123)).
Please check that you have the proper interface or pipe specified.
0 packets captured
tshark: The capture session could not be initiated on interface ' \Device\NPF_{34234H86-5488-5546-212C-57867G57FR2Y} -f dst net 10.56.128.0/25 -a duration:300 -w E:\Captures\2022-09-16-15\SRV1_PRI_2022-09-16-15.06.pcapng' (Error opening adapter: The filename, directory name, or volume label syntax is incorrect.  (123)).
Please check that you have the proper interface or pipe specified.
0 packets capture

Can Anyone help me?谁能帮我?

1 个解决方案

解决方案1
 0  2022-09-16 17:41:43

Somehow the arguments would have to be split into a list like:不知何故,arguments 必须被分成如下列表:

$list1 = 1,2,3
$list2 = 4,5,6
$prog = 'echoargs'
$list1,$list2 | % { & $prog $_ } 


Arg 0 is <1>
Arg 1 is <2>
Arg 2 is <3>

Arg 0 is <4>
Arg 1 is <5>
Arg 2 is <6>

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 在PowerShell中foreach -parallel - foreach -parallel in PowerShell foreach - 与 powershell 7 并行 - foreach -parallel with powershell 7 PowerShell ForEach - 正在使用的并行文件 - PowerShell ForEach -parallel file in use 在 Powershell 中正确使用 ForEach -parallel? - Correct usage of ForEach -parallel in Powershell? 控制台上Powershell中的Foreach循环 - Foreach loop in Powershell on the console 嵌套的foreach循环powershell - nested foreach loop powershell Powershell - 变量和foreach循环 - Powershell - Variables and foreach loop Powershell ForEach循环失败 - Powershell ForEach Loop Failing 在Powershell中输出foreach循环 - Outputting foreach loop in Powershell PowerShell中的嵌套foreach循环 - Nested foreach loop in powershell
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM