/
filter.sh
2 lines (2 loc) · 2.75 KB
/
filter.sh
1
2
#!/bin/bash
tshark -r $1 -w $2 -F pcap -Y "udp or dns or http or tcp or icmp or smtp and not (dns.qry.name == "User-PC") and not (dns.qry.name == "isatap") and not (dns.qry.name == "teredo.ipv6.microsoft.com") and not (dns.qry.name == "dns.msftncsi.com") and not (dns.qry.name == "User-PC.local") and not (dns.qry.name == "g.bing.com") and not (dns.qry.name == "1.0.0.127.dnsbugtest.1.0.0.127.in-addr.arpa") and not (dns.qry.name == "time.windows.com") and not (dns.qry.name == "174.133.231.146.in-addr.arpa") and not (dns.qry.name == "settings.data.microsoft.com") and not (dns.qry.name == "go.microsoft.com") and not (dns.qry.name == "wpad") and not (dns.qry.name == "wscont.apps.microsoft.com") and not (dns.qry.name == "watson.microsoft.com") and not (dns.qry.name == "ctldl.windowsupdate.com") and not (dns.qry.name == "dmd.metaservices.microsoft.com") and not (dns.qry.name == "ocsp.verisign.com") and not (dns.qry.name == "compatexchange.trafficmanager.net") and not (dns.qry.name == "ocsp.msocsp.com") and not (dns.qry.name == "www.microsoft.com") and not (dns.qry.name == "corppki") and not (dns.qry.name == "crl.microsoft.com") and not (dns.qry.name == "settings-win.data.microsoft.com") and not (dns.qry.name == "vortex-win.data.microsoft.com") and not (dns.qry.name == "tools.google.com") and not (dns.qry.name == "redirector.gvt1.com") and not (dns.qry.name == "r3---sn-uxoxu-woce.gvt1.com") and not (dns.qry.name == "mscrl.microsoft.com") and not (ip.src == 224.0.0.22) and not (ip.dst == 224.0.0.22) and not (ip.src == 224.0.0.252) and not (ip.dst == 224.0.0.252) and not (ip.src == 239.255.255.250) and not (ip.dst == 239.255.255.250) and not (ip.src == 146.231.133.175) and not (ip.dst == 146.231.133.175) and not (ip.src == 146.231.133.255) and not (ip.dst == 146.231.133.255) and not (ip.src == 224.0.0.251) and not (ip.dst == 224.0.0.251) and not (ip.src == 146.231.133.188) and not (ip.dst == 146.231.133.188) and not (ip.src == 207.46.194.14) and not (ip.dst == 207.46.194.14) and not (ip.src == 191.233.81.105) and not (ip.dst == 191.233.81.105) and not (ip.src == 191.232.139.253) and not (ip.dst == 191.232.139.253) and not (ip.src == 23.221.72.17) and not (ip.dst == 23.221.72.17) and not (ip.src == 65.52.108.154) and not (ip.dst == 65.52.108.154) and not (ip.src == 196.24.45.74) and not (ip.dst == 196.24.45.74) and not (ip.src == 134.170.30.221) and not (ip.dst == 134.170.30.221) and not (ip.src == 104.43.235.245) and not (ip.dst == 104.43.235.245) and not (ip.src == 65.55.252.71) and not (ip.dst == 65.55.252.71) and not (ip.src == 191.232.139.254) and not (ip.dst == 191.232.139.254) and not (ip.src == 23.101.187.68) and not (ip.dst == 23.101.187.68) and not (ip.src == 23.102.23.44) and not (ip.dst == 23.102.23.44) and not (ip.src == 196.24.45.73) and not (ip.dst == 196.24.45.73) "