Sunday, May 18, 2008

The world of Windows traditional cmd line is full of cumbersome crap. Just extracting the (NBT bound) IP Address takes two lines of idiosyncratic backquotes, escaped pipes, two temp files, Finally a call to snort with BPF options:

@echo off

:: find the NBT tied IP Address
for /f "usebackq delims=:" %%i in (`ping -n 1 -l 8 %computername% ^| findstr Reply`) do @echo %%i > IPReplyString.txt

for /f "tokens=1-3" %%i in (IPReplyString.txt) do echo %%k > IP.txt

:: set the IP address to %localIP%
for /f %%i in (IP.txt) do set localIP=%%i

:: start Snort with BPF filters...
snort -l D:\SnortLogs -vdeX dst host %localIP% and !(port 53 or 80 or 110)

....

No comments: