Last Updated
Sunday, 01 July, 2001
at
09:08 PM -0500
|
Last Updated |
The weekly Diary of a PC Geek |
NS.BAT is the main engine here - it captures the output from NETSTAT, allows you to add comment to the data file, and timestamps everything that goes out.
DTSTAMP.BAT is a little trick I've used for years to grab dates and times in various formats. I use a little file called ENTER.KEY which is created at the command line by typing "copy con enter.key" - press enter twice, CTRL-Z, and you're done. It functions as the "enter" key needed by the DOS Date and Time commands. DTSTAMP.BAT echoes the first line of the date and time commands to a batch file, which in Windows 98 and has as the first word of the line "Current" as in "Current Date Is" or "Current time is". In Windows NT and 2000, the date and time command displays "The current..."
THE.BAT is called by the two batch files DTSTAMP.BAT creates. These files cause the date and time to be dumped to the output file designated. In this particular case, I was using the output of the whole process as another batch file for filtering, so instead of a simple "DATE :" I put in the line "CALL ZDATE" (ZDATE.BAT being another batch file further along in the process).
After all of the data is captured, I pull the output into a word processor or something else, and replace all occurrences of <RETURN><SPACE><SPACE>TCP with <RETURN>CALL TCP and that allows the final processors to work - I turn the output from the NS.BAT file into another batch file - lines that don't start with CALL will attempt to execute commands like "UDP" or "BYTES" or "Unknown". These will generate errors on-screen, but can be useful in reducing the amount of data you've got to filter. In one case, I was looking through nearly three and a half megabytes of data; after running it through this filtering process, I had it down to about 1.2 Megs.
Hope you enjoy it... If you have any questions/comments, go ahead and e-mail me.
-------------------------------------------------------------------------------
NS.BAT
@echo off
REM NS.BAT
REM multi-purpose netstat.exe wrapper.
REM Thanks to Bob Walder for the inspiration
:FILECHECK
if %netout%!==! goto :newfile
REM Uses env variable netout for output. If
REM the variable doesn't exist, we'll give it
REM a default name.
if not exist %netout% goto :nofile
REM if file doesn't exist, but variable does
REM (only way we could get here), let's dump
REM a string into the file and see if it's
REM there. Could be a disk space issue...
goto :checkparm
REM if the variable exists, and the and the
REM file exists, All OK, go check the parameters
:NEWFILE
REM only way we get here is if variable is not
REM working. Then we set to a default.
set netout=c:\ns_out.txt
REM obviously, we get here, we need to test the
REM file existence. So go right into the file
REM check.
:NOFILE
REM Echo short string to file, and notice on-screen
echo TESTING FOR FILE EXISTENCE >> %netout%
echo Test string echoed; if this appears more than once, you need to press
echo CTRL-C
if not exist %netout% goto :newfile
REM Yes, it's a possible loop, which is why the
REM message is in there.
:CHECKPARM
REM Now, to check parameters.
REM lots of room to bullet-proof here, but I'm just
REM too lazy to check for all 48 permutations of
REM a, l, e, and n (upper and lowercase, remember).
if %1!==! goto :HELPOUT
REM no params, must be a call for help.
if %1!==a! goto :NSA
if %1!==A! goto :NSA
REM if A, a simple Netstat -a will do.
if %1!==an! goto :NSAN
if %1!==AN! goto :NSAN
REM if AN, -a numeric
if %1!==ae! goto :NSAE
if %1!==AE! goto :NSAE
REM AE is -a, then -e.
if %1!==aen! goto :NSAEN
if %1!==AEN! goto :NSAEN
REM you should be able to sing this by now.
if %1!==al! goto :NSALOOP
if %1!==AL! goto :NSALOOP
REM Aha! The Almighty Loop!
if %1!==ale! goto :NSAELOOP
if %1!==ALE! goto :NSAELOOP
if %1!==ael! goto :NSAELOOP
if %1!==AEL! goto :NSAELOOP
REM oh, I know, but ALE was more memorable than AEL
REM (though I know many who remember less with ALE).
if %1!==df! goto :DISPLAYFILE
if %1!==DF! goto :DISPLAYFILE
REM oh, just a sneaky little option...
:COMMHEAD
REM aha! If the parameter checks fail to this point,
REM it's got to be a comment (the neato trick).
REM up to 127 characters into a comment line in the
REM file.
echo ________________ >> %netout%
call dtstamp
SET LONGLINE=%1
SHIFT
:CH2
if %1!==! goto :WRITE
set LONGLINE=%LONGLINE% %1
shift
goto :CH2
:WRITE
echo CMNT %LONGLINE% >> %netout%
SET LONGLINE=%1
goto :DOOR
:DISPLAYFILE
cls
dir %netout%
echo CTRL-C NOW TO PREVENT DISPLAY OF %netout%
echo Any other key to continue...
Pause > NUL
type %netout% | more
goto :door
:NSA
echo ________________ >> %netout%
call dtstamp
echo +++ %0 %1 %2 %3 %4 %5 %6 %7 %8 %9 +++ >> %netout%
echo working...
netstat -a -p tcp >> %netout%
echo done.
goto :door
:NSAN
echo ________________ >> %netout%
call dtstamp
echo +++ %0 %1 %2 %3 %4 %5 %6 %7 %8 %9 +++ >> %netout%
echo working...
netstat -a -n -p tcp >> %netout%
echo done.
goto :door
:NSALOOP
if %2!==! goto :NOTIME
if %2!==0! goto :ZTIME
if %2!==1! goto :TIME
if %2!==2! goto :TIME
if %2!==3! goto :TIME
if %2!==4! goto :TIME
if %2!==5! goto :TIME
if %2!==6! goto :TIME
if %2!==7! goto :TIME
if %2!==8! goto :TIME
if %2!==9! goto :TIME
if %2!==10! goto :TIME
:ZTIME
echo ________________ >> %netout%
call dtstamp
echo +++ %0 %1 %2 %3 %4 %5 %6 %7 %8 %9 +++ >> %netout%
echo working...
netstat -a -p tcp >> %netout%
echo press CTRL-C to abort...
goto :ZTIME
:TIME
echo ________________ >> %netout%
call dtstamp
echo +++ %0 %1 %2 %3 %4 %5 %6 %7 %8 %9 +++ >> %netout%
echo working...
netstat -a -p tcp >> %netout%
echo done!
echo press CTRL-C to abort...
delay %2
goto :TIME
:NOTIME
echo ________________ >> %netout%
call dtstamp
echo +++ %0 %1 %2 %3 %4 %5 %6 %7 %8 %9 +++ >> %netout%
echo working...
netstat -a -p tcp >> %netout%
echo done!
echo press CTRL-C to abort...
delay 5
goto :NOTIME
:NSAE
echo ________________ >> %netout%
call dtstamp
echo +++ %0 %1 %2 %3 %4 %5 %6 %7 %8 %9 +++ >> %netout%
echo working...
netstat -a -p tcp >> %netout%
echo half done
netstat -e >> %netout%
echo done!
goto :door
:NSAEN
echo ________________ >> %netout%
call dtstamp
echo +++ %0 %1 %2 %3 %4 %5 %6 %7 %8 %9 +++ >> %netout%
echo working...
netstat -a -n -p tcp >> %netout%
echo half done
netstat -e >> %netout%
echo done!
goto :door
:NSAELOOP
if %2!==! goto :NOTIME2
if %2!==0! goto :ZTIME2
if %2!==1! goto :TIME2
if %2!==2! goto :TIME2
if %2!==3! goto :TIME2
if %2!==4! goto :TIME2
if %2!==5! goto :TIME2
if %2!==6! goto :TIME2
if %2!==7! goto :TIME2
if %2!==8! goto :TIME2
if %2!==9! goto :TIME2
if %2!==10! goto :TIME2
:ZTIME2
echo ________________ >> %netout%
call dtstamp
echo +++ %0 %1 %2 %3 %4 %5 %6 %7 %8 %9 +++ >> %netout%
echo working...
netstat -a -p tcp >> %netout%
echo working some more...
netstat -e >> %netout%
echo done!
echo press CTRL-C to abort...
goto :ZTIME2
:TIME2
echo ________________ >> %netout%
call dtstamp
echo +++ %0 %1 %2 %3 %4 %5 %6 %7 %8 %9 +++ >> %netout%
echo working...
netstat -a -p tcp >> %netout%
echo working some more...
netstat -e >> %netout%
echo done!
echo press CTRL-C to abort...
delay %2
goto :TIME2
:NOTIME2
echo ________________ >> %netout%
call dtstamp
echo +++ %0 %1 %2 %3 %4 %5 %6 %7 %8 %9 +++ >> %netout%
echo working...
netstat -a -p tcp >> %netout%
echo half-way there...
netstat -e >> %netout%
echo Done!
echo press CTRL-C to abort...
c:\windows\batch\delay 5
goto :NOTIME2
:HELPOUT
echo ns a will output the netstat -a command to the
%netout% file
echo ns al will start a loop of the netstat -a command
echo optional is a time between 0 and 10 seconds to start the loop
echo ns ae will output the netstat -a -e command
echo ns ale (or ael) will loop the ae command, again with a configurable time delay
echo ns comments will be echoed to the %netout% file for logging.
echo please note the environmental variable netout
must be set to a valid
echo file location.
:DOOR
.
-------------------------------------------------------------------------------
END NS.BAT NS.BAT NS.BAT NS.BAT NS.BAT NS.BAT NS.BAT END
-------------------------------------------------------------------------------
.
.
-------------------------------------------------------------------------------
START DTSTAMP.BAT DTSTAMP.BAT DTSTAMP.BAT DTSTAMP.BAT START
-------------------------------------------------------------------------------
.
rem @echo off
date < enter.key | find "current" > DstempXX.bat
call DSTEMPXX
Time < enter.key | find "current" > TstempXX.BAT
call TSTEMPXX
if exist dstempxx.bat del dstempxx.bat
if exist tstempxx.bat del tstempxx.bat
.
-------------------------------------------------------------------------------
END DTSTAMP.BAT DTSTAMP.BAT DTSTAMP.BAT DTSTAMP.BAT
DTSTAMP.BAT DTSTAMP.BAT DTSTAMP.BAT END
-------------------------------------------------------------------------------
.
.
-------------------------------------------------------------------------------
START THE.BAT THE.BAT THE.BAT THE.BAT THE.BAT THE.BAT
THE.BAT START
-------------------------------------------------------------------------------
.
rem @echo off
if %2!==date! goto :DSTAMP
if %2!==time! goto :TSTAMP
goto :NOPARM
:DSTAMP
echo CALL ZDATE : %4 %5 {+}>> %netout%
goto :DOOR
:TSTAMP
echo TIME : %4 %5 >> %netout%
goto :DOOR
:NOPARM
echo CURRENT.BAT to be called by output from date and timestamp.
echo Copied to The.Bat under NT.
:DOOR
.
-------------------------------------------------------------------------------
END THE.BAT THE.BAT THE.BAT THE.BAT THE.BAT THE.BAT THE.BAT END
-------------------------------------------------------------------------------
.
.
-------------------------------------------------------------------------------
START ZDATE.BAT ZDATE.BAT ZDATE.BAT ZDATE.BAT ZDATE.BAT ZDATE.BAT ZDATE.BAT START
-------------------------------------------------------------------------------
.
@echo off
echo [ >> Mined.dat
set LONGLINE=%0
:Head
if %1!==! goto :Door
set LONGLINE=%LONGLINE% %1
shift
goto :head
:Door
echo %LONGLINE% >> mined.dat
.
-------------------------------------------------------------------------------
END ZDATE.BAT ZDATE.BAT ZDATE.BAT ZDATE.BAT ZDATE.BAT ZDATE.BAT ZDATE.BAT END
-------------------------------------------------------------------------------
.
.
-------------------------------------------------------------------------------
START TCP.BAT TCP.BAT TCP.BAT TCP.BAT TCP.BAT TCP.BAT TCP.BAT START
-------------------------------------------------------------------------------
.
@echo off
set LONGLINE=%0
:Head
if %1!==! goto :Door
if %1!==client_name:printer! goto :out
if %1!==client_name:nbsession! goto :out
set LONGLINE=%LONGLINE% %1
shift
goto :head
:Door
echo %LONGLINE% >> mined.dat
:OUT
.
-------------------------------------------------------------------------------
END TCP.BAT TCP.BAT TCP.BAT TCP.BAT TCP.BAT TCP.BAT TCP.BAT END
-------------------------------------------------------------------------------