'======================================================================================================== '======================================================================================================== ' ### Script: filtercap.vbs ' ### ScriptVersion: 42 ' ### Created: 09/21/04 ' ### Contact: tim@blackpondfarm.com ' ### Description: Filters Ethereal capture files to extract Time, IP and readable Data ' ### '======================================================================================================== '======================================================================================================== 'Option Explicit On Error Resume Next 'Set our variables Dim WshShell,Wshnetwork,Wshfile Dim strServer,systemroot,username Dim stroutputFile Dim Version,strScriptName Dim strMin,objArgs Dim INST,strOS,strSP,strOSv Dim strApp,strName,strVersion Dim strGroup,strUser Dim TargetString Dim RootDirectory, ServerComment, strPort,strVdir Dim Index,vdir,Path,AccessExecute,authanonymous,authbasic,authNTLM,DefaultDoc 'Set up our environment Set WshShell = WScript.CreateObject("WScript.Shell") Set Wshnetwork = wscript.CreateObject("Wscript.Network") Set Wshfile = wscript.CreateObject("Scripting.FileSystemObject") 'Set our script version Version = "1.1" strScriptName = Left(wscript.ScriptName, InStr(1, wscript.ScriptName, ".vbs", 1) - 1) 'Check to ensure we're using cscript If InStr(1, wscript.fullname, "cscript.exe", 1) = 0 Then If Err.number <> 0 Then Err.Clear temp = Wshshell.Run("cmd /c ""cscript //h:cscript //nologo //s""", 0, True) temp = MsgBox("The script has changed the default output " & _ "of Windows Scripting Host to the command prompt." & _ vbCrLf & "This is pop up is normal, just re-run the " & _ "script!", 0, "WSH default changed to cscript.") wscript.quit END IF 'Get our environment strServer = wshNetwork.ComputerName systemroot = Wshshell.ExpandEnvironmentStrings("%SYSTEMROOT%") username = Wshshell.ExpandEnvironmentStrings("%USERNAME%") 'Set our log directory, log file and delete log if it already exists strOutputFile = "c:\captures\" & strScriptName & ".log" If (Wshfile.fileexists(strOutputFile)) Then Wshfile.deletefile(strOutputFile) 'Run through all the subs and functions to complete our configurations FilterFile() wscript.quit 'end of script '======================================================================================================== '======================================================================================================== Function FilterFile() On error resume next Dim wshtempfile Dim Line,FullLine,Position,EndPosition 'Create temp file of captured data 'tethereal" -x -r goodrequest.cap >temp.txt 'Open the log file Set wshtempfile = wshfile.OpenTextFile("temp.txt", 1) If Err.Number <> 0 Then wscript.echo mid(strServer,3) & "," & Err.Description wscript.quit ELSE GetLine = FALSE Do While wshtempfile.AtEndOfStream <> true line = wshtempFile.ReadLine Proto = trim(mid(Line,48,8)) IF Left(Proto,4) = "HTTP" THEN 'have our firstline GetLine = TRUE n = 0 newline = "" wscript.echo "" wscript.echo line END IF IF LEFT(Line,1) = "0" THEN Position= 50 line = trim(mid(line,56,17)) IF GetLine = TRUE then newline = newline + Line END IF IF LEN(Line) < 3 THEN n = n + 1 'go until we hit end of data END IF IF n = 2 THEN IF LEN(NewLine) >5 THEN wscript.echo NewLine END IF GetLine = FALSE NewLine = "" n = 0 END IF 'IP ' strIP = Left(Line, Position-1) ' Position= instr(1, line, " ", 1) ' 'Date ' strDate = left(line,position-1) ' line = mid(line,position+1) loop END IF wshtempfile.Close wscript.DisconnectObject wshtempfile Set wshtempfile=nothing END Function '======================================================================================================== '======================================================================================================== Function screenout(text) Dim wsherrorlogfile On Error Resume Next If (Wshfile.fileexists(strOutputFile)) Then 'If our output file exists, open it, write our data, and close Set wsherrorlogfile = Wshfile.OpenTextFile(strOutputFile, 8) wsherrorlogfile.writeline (text) wscript.echo(text) wsherrorlogfile.Close wscript.DisconnectObject wsherrorlogfile Set wsherrorlogfile = Nothing If Err.number <> 0 Then Err.Clear Else 'File doesn't yet exist, create our output file and write our first line of text Set wsherrorlogfile = Wshfile.createtextfile(strOutputFile, 1) wsherrorlogfile.writeline (text) wscript.echo(text) wsherrorlogfile.Close wscript.DisconnectObject wsherrorlogfile Set wsherrorlogfile = Nothing If Err.number <> 0 Then Err.Clear End If End Function '======================================================================================================== '========================================================================================================