So i have remote machine with simple .bat file:
C:\Program Files\Wireshark\tshark.exe -i 1 -w c:\file.pcap
This command start Tshark process and start sniffing
Now my problem is that i start this .bat file in several machines and in each machine the correct interface is different so with the commend Tshaek -D i can get all the interfaces with the index numbers but from here i need to know which interface is the one the connected to the internet.
And of course i need to do that inside my.bat file and this need to be my interface number (in my example the interface number is hard code and equal to 1)
Any suggestions ?
This is very hacky, but should do.
#echo off
for /f "tokens=2 delims=:" %%i in ('ipconfig ^|findstr "IPv4"') do (
ping -n 1 -S%%i google.com |findstr /i reply
if not errorlevel 1 for /f %%a in ('ipconfig ^| findstr /I /N "%%i"') do set cnt=%%a
)
set /a cnt-=5
for /f "tokens=1* delims=:" %%i in ('ipconfig ^|more +%cnt%') do set adap=%%i & goto runts
:runts
set adap=%adap:*adapter =%
for /f "usebackq delims=." %%i in (`""C:\Program Files\Wireshark\tshark.exe" -D | findstr /I "%adap%""`) do (
"C:\Program Files\Wireshark\tshark.exe" -i %%i -w c:\file.pcap
)
What we do is, run ipconfig and get all IPv4 addresses and use each as source to ping google.com. Using findstr we then match reply and then errorlevel 0 will determine whether the adapter was the active one.
Now we simply go up 5 lines to get the description of the adapter, then we findstr that adapter using tshark -D and simply run the full tshark command.
Note, this will be completely different if you use IPv6.
Related
I am trying to extract IP of source of Remote Desktop Connection using,
FOR /F "tokens=3 USEBACKQ" %%F IN (`netstat -n ^| find "3389" ^| find "ESTABLISHED" /c`) DO SET /A IP=%%F
ECHO %IP%
But this way the IP variable contains IP along with the port 192.168.174.129:47523.
How can I extract only the IP part?
I read about the substring functionality in batch but that requires the starting position aling with length but I can't be sure of starting position as last octet of IP might change from 129 to 29 or even 2.
Here's a quick example according to my comment, of using the appropriate delims. It additionally uses findstr.exe instead of find.exe, in order to use a single match string, instead of performing multiple pipes to the same utility.
#Echo Off
SetLocal EnableExtensions
Set "IP="
For /F "Tokens=4 Delims=: " %%G In ('%SystemRoot%\System32\NETSTAT.EXE -n 2^>NUL
^| %SystemRoot%\System32\findstr.exe /R
/C:":3389[ ][ ]*[^ ][^ ]*[ ][ ]*ESTABLISHED"') Do Set "IP=%%G"
If Not Defined IP GoTo :EOF
Echo %IP%
In this case, findstr.exe searches for, and returns, lines output from the NETSTAT.EXE -n command which contain the string :3389 immediately followed by a sequence of one or more space characters, then one or more none space characters, then one or more space characters, then the case sensitive string ESTABLISHED.
Please note however that ESTABLISHED is most likely a language dependent string, so this is unlikely to work universally.
FOR /F "tokens=3 USEBACKQ" %%F IN (`netstat -n ^| findstr "3389" ^| findstr "ESTABLISHED"`) DO (
for /f "delims=:" %%a in ("%%F") do set IP=%%a
)
echo %IP%
I replace find to findstr because find not search text in my machine. The second FOR with delims=: split 192.168.174.129:47523 in two parts. First part is IP address.
I need to run a batch file only if it's connected to Wifi and specifically not Bluetooth LAN
I have this code but it returns this and still runs the code while an internet connection isn't present
Node - DEVICENAME
ERROR:
Description = Invalid query
Code:
#echo off
For /f "usebackq" %%A in (
`wmic path WIN32_NetworkAdapter where 'NetConnectionID="Wi-Fi"' get NetConnectionStatus`
) do if %%A equ 7 (goto end)
<code to run>
:end
You don't need a for loop:
wmic path WIN32_NetworkAdapter where 'NetConnectionID="Wi-Fi"' get NetConnectionStatus |find "7" >nul && goto :eof
echo code to run
If you want to make it more secure, instead of find "7" use findstr /rc:"^7 *$"
(your original approach fails because the = has to be escaped: ... where 'NetConnectionID^="Wi-Fi"' get ... and due to the unusual wmic output, there are CR in your %%A, which messes up the if syntax; You can see both issues with echo on (at least you can see that strange things happen))
The output of WMIC is also the reason for that strange findstr pattern, I used. (there are trailing spaces after the 7).
If you don't already know the name of the wireless interface connection, (which is a configurable property), then you could probably use something more like this:
#For /F Tokens^=6^ Delims^=^" %%G In ('%SystemRoot%\System32\wbem\WMIC.exe NIC
Where "Not NetConnectionID Is Null And NetConnectionStatus='2'" Get
NetConnectionID /Format:MOF 2^>NUL') Do #%SystemRoot%\System32\netsh.exe WLAN^
Show Interfaces 2>NUL | %SystemRoot%\System32\findstr.exe /E /L ": %%G" 1>NUL^
&& <code to run>
If your target systems are still using Windows 7, (which has a known issue locating some of the XSL files used in the /Format option), then the following alternative may work for you:
#For /F "Skip=1 Delims=" %%G In ('%SystemRoot%\System32\wbem\WMIC.exe NIC Where
"Not NetConnectionID Is Null And NetConnectionStatus='2'" Get NetConnectionID
2^>NUL') Do #For /F "Tokens=*" %%H In ("%%G") Do #%SystemRoot%\System32\netsh.exe^
WLAN Show Interfaces 2>NUL | %SystemRoot%\System32\findstr.exe /E /L ": %%H" 1>NUL^
&& <code to run>
You would obviously change your provided, and replicated above, <code to run>, to one or more actual valid commands
I am trying to extract the DHCP status and IP address from ipconfig /all and set it to a variable.
Can this be done?
It's easier using Netsh try this:
#echo off
setlocal enabledelayedexpansion
for /f "skip=2 tokens=* delims=" %%a in (
'netsh interface ipv4 show config name^="local area connection"'
) do (
set /a cnt+=1
if !cnt! equ 3 (
goto :break
) ELSE (echo(%%a
)
)
:break
Change local area connecton to suit your environment.
Well - I'm doing this with grep.
I don't know exactly what you need, but for example if you need the DHCP-server:
for /F %%i in ('ipconfig -all ^| grep "DHCP Server" ^| grep -Eo '[0-9][0-9.]+'') do set DHCPServer=%%i
and for the local IP:
for /F %%j in ('ipconfig ^| grep "IPv4" ^| grep -Eo '[0-9][0-9.]+'') do set IpAdress=%%j
Both commands are working inside a batch file.
I am very new to batch programming, I am trying to write a batch file that is a fake virus. I need to obtain the IP address from the previous command IPCONFIG into the variable VarIP. Can you help me?
My code:
echo off
echo Trying to hack your computer
ipconfig
echo Now hacking your IP
ping -t VarIP
echo on
pause
It's pretty simple to extract part of the output from any console command by using find to eliminate the lines in the output that you do not want, then using the for command to extract a portion of the line found by find:
#echo off
setlocal ENABLEDELAYEDEXPANSION
for /f "tokens=2 delims=:" %%i in ('ipconfig ^| find /i "IPv4 Address"') do (set VarIP=%%i&set VarIP=!VarIP: =!)
ping -t !VarIP!
endlocal
Hopefully you are just creating a practical joke on a friend and aren't up to anything more nefarious.
Another Version without "Tokens" for NT :
setlocal enabledelayedexpansion
for /f "delims=" %%a in ('ipconfig ^| find /i "IPv4 Address"') do (set VarIP=!%%a%!)
ping -t %VarIP%
This is a useful method to get IP info:
#echo off
for /f "tokens=2,3 delims={,}" %%a in ('"WMIC NICConfig where IPEnabled="True" get IPAddress /value | find "I" "') do echo IPv4 %%~a IPV6 %%~b
pause
I am not really a programmer. I am a newbie.
Can you guys please help me with a windows batch file that will run a computer test?
Detect any hard drives then run a chkdisk on them
Detect any usb port
Detect any flash drive plug in the pc
Check the display pixels
I have started with this to detect the USB but somehow getting some errors
#echo off
setlocal EnableDelayedExpansion
set PNPDeviceID=4002FDCCE0E4D094
set Q='wmic diskdrive where "interfacetype='USB' and PNPDeviceID like '%%%PNPDeviceID%%%'" assoc /assocclass:Win32_DiskDriveToDiskPartition'
echo %Q%
for /f "tokens=2,3,4,5 delims=,= " %%a in (%Q%) do (
set hd=%%a %%b, %%c %%d
call :_LIST_LETTER !hd!)
goto :_END
:_LIST_LETTER
(echo %1 |find "Disk ") >nul|| goto :_EOF
for /f "tokens=3 delims==" %%a in ('WMIC Path Win32_LogicalDiskToPartition ^|find %1') do set TMP_letter=%%a
set Part_letter=%TMP_letter:~1,2%
echo %Part_letter% %1
goto :_EOF
:_END
:_EOF
:: *** end
pause
Here is a batch script that does almost everything you need.
Checkdisk will run against any local fixed drives. You can have it run in a new window (chkdskAsync=true) or have it run inside the program (chkdskAsync=false). Additionally, specify the chkdsk flags using the chkdskLaunchArguments= variable.
#ECHO OFF
CLS
SETLOCAL ENABLEDELAYEDEXPANSION
:: Use these lines to specify how CHKDSK and Notepad will run
:: ===============================================
SET chkdskLaunchArguments=/F /R
SET chkdskAsync=true
SET launchNotepad=true
:: ===============================================
COPY /Y NUL C:\Users\public\data.txt >nul 2>&1
ECHO Getting drive(s) information
FOR /F "tokens=*" %%A IN ('wmic logicaldisk get caption^, description^, providername^, volumename') DO (
ECHO.%%A>>C:\Users\public\data.txt
)
FOR /F "tokens=1,2 skip=1" %%A IN ('wmic logicaldisk get caption^, drivetype') DO (
IF %%B EQU 3 (
IF "!chkdskAsync!" EQU "true" (
START CMD /C CHKDSK %%A %chkdskLaunchArguments%
) ELSE (
CHKDSK %%A %chkdskLaunchArguments%
)
)
)
ECHO Getting resolution information
FOR /F "tokens=*" %%A IN ('wmic path Win32_VideoController get CurrentHorizontalResolution^,CurrentVerticalResolution') DO (
ECHO.%%A>>C:\Users\public\data.txt
)
ECHO Information gathered ... saved to C:\Users\public\data.txt
ECHO Showing results.
IF "!launchNotepad!" EQU "true" (
START /WAIT notepad.exe /A C:\Users\public\data.txt
)
ENDLOCAL
EXIT
When it is complete it saves everything to C:\Users\Public\data.txt. It will also launch the file in notepad (if launchNotepad=true is set to ... true).
The output looks like so:
Caption Description ProviderName VolumeName
A: Network Connection \\somefileserver.domain\ New Volume
C: Local Fixed Disk
E: Removable Disk someuser Drive
H: Network Connection \\somefileserver.domain\users$\someuser Data Share and User Home Dirs
P: Network Connection \\somefileserver.domain\Data Data Share and User Home Dirs
S: Network Connection \\somefileserver.domain\share
CurrentHorizontalResolution CurrentVerticalResolution
1920 1080
NOTE: Make sure to run this as an administrator. If you want chkdsk to run
Unfortunately, there isn't a way to grab all USB devices other than storage. Hope this helps!
I didn't realize this question is 4 years old. Going to leave my answer for posterity and anyone digging for answers.
I would recommend trying
chkdsk volume=C:\ D:\ E:\ F:\
to check the disks each as a separate volume