Extensive searches found no solution in batch to parse netstat -bano (same switch as -nab, -bna, -anb, -nba, nabo, etc.) so all info from a given network connection is on the same line.
Netstat's -ban switches are used to:
-b = display executable
-a = display all connections and listening ports
-n = display addresses and ports in numerical form.
-o = display owning process ID for each connection (i.e., PID)
But netstat adds the file name to the next line, making processing the output very difficult. Extensive searches didn't find any answers in batch.
I created a way to parse it by looking for a ] (right bracket) as the last character on a line. If it is a ], then basically output the "combined" line, which now contains the executable.
My code is posted as an answer, but does an ugly job since it has to use files to handle the parsing instead of variables.
The previous version of this script was missing a backslash. Additionally the script would delete the output file. Creating the file as %computername%--NETSTAT.txt instead of NETSTAT--%computername%.txt fixes the problem.
#ECHO OFF
SetLocal
REM Method of finding last character-of-a-string-from-a-variable
REM http://stackoverflow.com/a/15662607/1569434
REM Get the script's path so all needed files can sit in the same folder
SET SCRIPTPATH=%~p0
CD %SCRIPTPATH%
REM Read and pass each line in file one at a time to sub 'FindEXE'
SET CONCATLINE=
SET HEADERROW=
SET /A LINECOUNT = 0
#echo LINECOUNT = %LINECOUNT%
del %SCRIPTPATH%\netstat*.txt /q 2>nul
netstat -bano>%SCRIPTPATH%\netstat0.txt
REM Copy all lines except those with "TIME_WAIT" into text file
FINDSTR /V /I /C:"TIME_WAIT" %SCRIPTPATH%\netstat0.txt>%SCRIPTPATH%\netstat1.txt
REM Delete first two lines, which are a header and a blank line
for /f "skip=2 delims=*" %%a in (%SCRIPTPATH%\netstat1.txt) do (echo %%a>>%SCRIPTPATH%\netstat2.txt)
REM Search for and process file based on matching text
REM This sub begins putting each netstat connection on one line
for /f "delims=*" %%A in (%SCRIPTPATH%\netstat2.txt) do call :FindTXT1 %%A
REM netstat3 will have all data from given connection on one line
SET /A LINECOUNT = 0
for /f "delims=*" %%A in (%SCRIPTPATH%\netstat3.txt) do call :FindTXT2 %%A
REM Keep only header and unique (i.e., those with "[::]") 'listening' connections
FINDSTR /I /C:"LISTENING" /C:"Local Address" %SCRIPTPATH%\netstat4.txt>%SCRIPTPATH%\netstat5.txt
FINDSTR /I /C:"[::]:" /C:"Local Address" %SCRIPTPATH%\netstat5.txt>%SCRIPTPATH%\netstat6.txt
MOVE /Y %SCRIPTPATH%\netstat6.txt %SCRIPTPATH%\%computername%--NETSTAT.txt
del %SCRIPTPATH%\netstat*.txt /q 2>nul
#echo off
echo done.
EndLocal
goto :EOF
:FindTXT1
REM We've got a line sent to us. Set variable to entire line using * (instead of %1)
SET CURRENTLINE=%*
SET /A LINECOUNT = %LINECOUNT% + 1
REM Add line feed after header row and return to main script
IF "%LINECOUNT%" == "1" (
SET HEADERROW=%CURRENTLINE%
#ECHO %CURRENTLINE%> %SCRIPTPATH%\netstat3.txt
goto :eof
)
REM Append a comma and CURRENTLINE to CONCATLINE. NOTE: Script expecting comma; don't use semi-colon
SET CONCATLINE=%CONCATLINE%,%CURRENTLINE%
REM When echo line, remove first char (comma, inserted above) using:
REM http://ss64.com/nt/syntax-substring.html
REM If last char is "]" then print, otherwise append
IF "%CURRENTLINE:~-1%"=="]" (
REM #echo right bracket=FOUND
#echo %CONCATLINE:~1%>>%SCRIPTPATH%\netstat3.txt
SET CONCATLINE=
) else (
REM #echo right bracket=NOT found
)
REM If line = "Can not obtain ownership information" then print, otherwise append
IF "%CURRENTLINE%"=="Can not obtain ownership information" (
REM #echo No Ownership=TRUE
#echo %CONCATLINE:~1%>>%SCRIPTPATH%\netstat3.txt
SET CONCATLINE=
)
goto :eof
:FindTXT2
REM We've got a line sent to us. Set variable to entire line using * (instead of %1)
SET CURRENTLINE=%*
SET /A LINECOUNT = %LINECOUNT% + 1
REM Add line feed after header row and return to main script
IF "%LINECOUNT%" == "1" (
SET HEADERROW=%CURRENTLINE%
#ECHO %CURRENTLINE%> %SCRIPTPATH%\netstat4.txt
goto :eof
)
REM If last char is "]" then search, otherwise append.
REM Without "DelayedExp...", variable sets to value from previous FOR loop
IF "%CURRENTLINE:~-1%"=="]" (
SetLocal ENABLEDELAYEDEXPANSION
REM IP6 EXEs result in 3 sets of [], so find and set var to last one, which is where EXE lives
FOR /f "tokens=1,2,3,4,5,6 delims=[]" %%a in ("%CURRENTLINE%") do (
SET BINNAME1=%%b
SET BINNAME2=%%f
IF "!BINNAME1!" == "::" (
REM #ECHO BINNAME1=!BINNAME1!>>%SCRIPTPATH%\netstat4.txt
SET BINNAME=!BINNAME2!
REM #echo %CURRENTLINE%;BINNAME=!BINNAME2!>>%SCRIPTPATH%\netstat4.txt
) else (
SET BINNAME=!BINNAME1!
REM #echo %CURRENTLINE%;BINNAME=!BINNAME1!>>%SCRIPTPATH%\netstat4.txt
)
#echo %CURRENTLINE%;BINNAME=!BINNAME!>>%SCRIPTPATH%\netstat4.txt
)
) else (
#echo %CURRENTLINE%>>%SCRIPTPATH%\netstat4.txt
SetLocal DISABLEDELAYEDEXPANSION
)
goto :eof
Created solution in batch to concatenate all output for a given connection so it's on one line. Save script (below) as a batch file and when run it will create a file called "NETSTAT--%computername%.txt" in the same folder as the script, where %computername% will be replaced with the hostname of computer it's run on.
#ECHO OFF
SetLocal
REM Method of finding last character-of-a-string-from-a-variable
REM http://stackoverflow.com/a/15662607/1569434
REM Get the script's path so all needed files can sit in the same folder
SET SCRIPTPATH=%~p0
CD %SCRIPTPATH%
REM Read and pass each line in file one at a time to sub 'FindEXE'
SET CONCATLINE=
SET HEADERROW=
SET /A LINECOUNT = 0
#echo LINECOUNT = %LINECOUNT%
del %SCRIPTPATH%\netstat*.txt /q 2>nul
netstat -bano>%SCRIPTPATH%\netstat0.txt
REM Copy all lines except those with "TIME_WAIT" into text file
FINDSTR /V /I /C:"TIME_WAIT" %SCRIPTPATH%\netstat0.txt>%SCRIPTPATH%\netstat1.txt
REM Delete first two lines, which are a header and a blank line
for /f "skip=2 delims=*" %%a in (%SCRIPTPATH%\netstat1.txt) do (echo %%a>>%SCRIPTPATH%\netstat2.txt)
REM Search for and process file based on matching text
REM This sub begins putting each netstat connection on one line
for /f "delims=*" %%A in (%SCRIPTPATH%\netstat2.txt) do call :FindTXT1 %%A
REM netstat3 will have all data from given connection on one line
SET /A LINECOUNT = 0
for /f "delims=*" %%A in (%SCRIPTPATH%\netstat3.txt) do call :FindTXT2 %%A
REM Keep only header and unique (i.e., those with "[::]") 'listening' connections
FINDSTR /I /C:"LISTENING" /C:"Local Address" %SCRIPTPATH%\netstat4.TXT>%SCRIPTPATH%\netstat5.TXT
FINDSTR /I /C:"[::]:" /C:"Local Address" %SCRIPTPATH%\netstat5.TXT>%SCRIPTPATH%\netstat6.TXT
MOVE /Y %SCRIPTPATH%\netstat6.txt %SCRIPTPATH%\NETSTAT--%computername%.txt
del %SCRIPTPATH%netstat*.txt /q 2>nul
#echo off
echo done.
EndLocal
goto :EOF
:FindTXT1
REM We've got a line sent to us. Set variable to entire line using * (instead of %1)
SET CURRENTLINE=%*
SET /A LINECOUNT = %LINECOUNT% + 1
REM Add line feed after header row and return to main script
IF "%LINECOUNT%" == "1" (
SET HEADERROW=%CURRENTLINE%
#ECHO %CURRENTLINE%> %SCRIPTPATH%\netstat3.txt
goto :eof
)
REM Append a comma and CURRENTLINE to CONCATLINE. NOTE: Script expecting comma; don't use semi-colon
SET CONCATLINE=%CONCATLINE%,%CURRENTLINE%
REM When echo line, remove first char (comma, inserted above) using:
REM http://ss64.com/nt/syntax-substring.html
REM If last char is "]" then print, otherwise append
IF "%CURRENTLINE:~-1%"=="]" (
REM #echo right bracket=FOUND
#echo %CONCATLINE:~1%>>%SCRIPTPATH%\netstat3.txt
SET CONCATLINE=
) else (
REM #echo right bracket=NOT found
)
REM If line = "Can not obtain ownership information" then print, otherwise append
IF "%CURRENTLINE%"=="Can not obtain ownership information" (
REM #echo No Ownership=TRUE
#echo %CONCATLINE:~1%>>%SCRIPTPATH%\netstat3.txt
SET CONCATLINE=
)
goto :eof
:FindTXT2
REM We've got a line sent to us. Set variable to entire line using * (instead of %1)
SET CURRENTLINE=%*
SET /A LINECOUNT = %LINECOUNT% + 1
REM Add line feed after header row and return to main script
IF "%LINECOUNT%" == "1" (
SET HEADERROW=%CURRENTLINE%
#ECHO %CURRENTLINE%> %SCRIPTPATH%\netstat4.txt
goto :eof
)
REM If last char is "]" then search, otherwise append.
REM Without "DelayedExp...", variable sets to value from previous FOR loop
IF "%CURRENTLINE:~-1%"=="]" (
SetLocal ENABLEDELAYEDEXPANSION
REM IP6 EXEs result in 3 sets of [], so find and set var to last one, which is where EXE lives
FOR /f "tokens=1,2,3,4,5,6 delims=[]" %%a in ("%CURRENTLINE%") do (
SET BINNAME1=%%b
SET BINNAME2=%%f
IF "!BINNAME1!" == "::" (
REM #ECHO BINNAME1=!BINNAME1!>>%SCRIPTPATH%\netstat4.txt
SET BINNAME=!BINNAME2!
REM #echo %CURRENTLINE%;BINNAME=!BINNAME2!>>%SCRIPTPATH%\netstat4.txt
) else (
SET BINNAME=!BINNAME1!
REM #echo %CURRENTLINE%;BINNAME=!BINNAME1!>>%SCRIPTPATH%\netstat4.txt
)
#echo %CURRENTLINE%;BINNAME=!BINNAME!>>%SCRIPTPATH%\netstat4.txt
)
) else (
#echo %CURRENTLINE%>>%SCRIPTPATH%\netstat4.txt
SetLocal DISABLEDELAYEDEXPANSION
)
goto :eof
Related
I would like to execute a ping and, after evaluating the output, return a single line like "0 - check_ping rta=1 loss=0".
0 and 1 being extracted from the ping, of course.
I came this far:
#setlocal enableextensions enabledelayedexpansion
#echo off
set ip=%1
set num=%2
for /f "tokens=* delims= " %%f in ('ping -n %num% %ip%') do (
set line=%%f
call :processLine
)
echo 0 myTestService loss=!loss! rta=%rta:~1,-2% further information for myTestService
GOTO:EOF
:processLine
for /f "tokens=1,2,3,4,5,6 delims==(%%" %%A in ("%line%") do (
if "%%A" == "Packets: Sent " (
set loss = %%E
echo DD%%E
echo Loss is [!loss!]
)
if "%%A" == "Minimum " (
set rta=%%D
echo RTA is [!rta:~1,-2!]
)
)
It doesn't work and I asume that it is because of some runtime problems. Obviously I am not a cmd expert, but I read that those for-loops can be tricky in regard of setting variables and accessing them later on.
Any help is greatly appreciated.
Warmest regards, freiraum
Here's an example which doesn't require delayed expansion, and, for efficiency, uses find.exe, to process only the lines from which you wish to extract substrings, and without calling a label:
#Echo Off
SetLocal EnableExtensions
If "%~2" == "" Exit /B
Set "loss="
For /F "Tokens=6,8 Delims== " %%G In ('%SystemRoot%\System32\PING.EXE -n %~2 %~1
^| %SystemRoot%\System32\find.exe ","') Do If Not Defined loss (Set "loss=%%H"
) Else Set "rta=%%G"
If Not Defined loss Exit /B
Echo 0 myTestService loss=%loss:~1,-1% rta=%rta:~,-2% further information for myTestService
The following code does what I want it to. There are still mistakes ("tokens=* delims= "), but these seem negligible - at least I hope so.
#setlocal enableextensions enabledelayedexpansion
#echo off
set ip=%1
set num=%2
for /f "tokens=* delims= " %%f in ('ping -n %num% %ip%') do (
call :processLine "%%f"
)
echo 0 myTestService loss=!loss:~1! rta=!rta:~0,-2! further information for myTestService
GOTO:EOF
:processLine
for /f "tokens=1,9,11 delims= " %%A in ("%~1") do (
if "%%A" == "Packets:" (
set loss=%%C
rem echo Loss is !loss:~1!
)
if "%%A" == "Minimum" (
set rta=%%B
rem echo RTA is !rta:~0,-2!
)
)
An example would be:
Folder 1:
a.pdf
b.pdf
Folder11
c.pdf
Folder 2:
a.pdf
b.pdf
Folder21:
c.pdf
printing all files between folders
And the cmd would have a way to find the file only putting part of the words?
Example
TEXT : ABC*.PDF
PRINT ABCDF.PDF
1. To loop over multiple files recursively:
FOR /f "tokens=*" %%F in ('dir /s /b *.pdf') DO echo "%%F"
dir /s /b *.pfd finds all pdfs (*.pdf), in all subdirectories (/s), in bare format - ie just the path name (/b)
DO echo "%%F" just echo's the result to the console.
"tokens=*" adds the whole line into %%F regardless of white spaces / other tokens
/F makes it run the ('dir ...') command
2. To print from command line use: From this question
AcroRd32.exe /t "C:\Folder\File.pdf" "Brother MFC-7820N USB Printer" "Brother MFC-7820N USB Printer" "IP_192.168.10.110"
Note: Path to AcroRd32.exe must be in your path environment variable
3. Putting it all together -- edit -- 'I've added taskkill to close acrord32 after printing
FOR /f "tokens=*" %%F in ('dir /s /b *.pdf') DO AcroRd32.exe /t "%%~F" "Brother MFC-7820N USB Printer" "Brother MFC-7820N USB Printer" "IP_192.168.10.110" & taskkill /IM AcroRd32.exe
i am trying to parse the output of another function which is output line by line. to understand the function, it returns several lines of parameter and numbers like "top=123456789" or "low=123456789" (without the quotations) -
i try to parse the lines now with
for /F "delims=" %%a in ('%%I ^| findstr top') do set updir=%%1
set "updir=%1:~4%"
echo. %updir%
i am trying to get the pure numbers by trimming the known keywords like top, which would need then to be set to a var to return (%~1% ???) to a calling function back (other batch file).
could anyone help me with this please? shure it would be better to trim right from "=".
UPDATE:
this is the code returning the lines from the script i linked. i tried several ways to parse the return but i seem to be blind or too stupid to see, all is going weird.
for /f "delims=" %%I in ('cscript /nologo /e:jscript "%~f0" "%URL%"') do (
rem process the HTML line-by-line
org echo(%%I
try1 (echo %%I|findstr top
try2 for /F "delims=" %%a in ('%%I ^| findstr top') do set updir=%%a
try2 echo. %updir%
try3 for /F "delims=" %%a in ('%%I') do findstr top
try3 echo. %2%
)
didn't work either
for /F "tokens=1,2delims==" %%a in ('%%I') do if %1 == top set updir=%%b
echo %updir%
i tried both delim version beneath (too the tokens/delims version) but i don't get it right.
UPDATE SOLUTION:
for the ones reading the question here some additional comment:
rem trim whitespace from beginning and end of line
for /f "tokens=*" %%x in ("%%~I") do set "line=%%x"
rem test that trimmed line matches "variable=number"
to find a single item like e.g. "top" you have to add "to" or adjust whole first token
echo !line! | findstr /i "^to[a-z]=[0-9]" >NUL && (
rem test was successful. Scrape number.
for /f "tokens=2 delims==" %%x in ("%%I") do set "value=%%x"
echo !value!
)
If all you wish to do is to is to skip all lines until you find one that matches "text=numerals", then scrape the numeric portion of that line, all you need to do is this:
for /f "delims=" %%I in ('cscript /nologo /e:jscript "%~f0" "%URL%"') do (
rem trim whitespace from beginning and end of line
for /f "tokens=*" %%x in ("%%~I") do set "line=%%x"
rem test that trimmed line matches "variable=number"
echo !line! | findstr /i "^[a-z]*=[0-9]*$" >NUL && (
rem test was successful. Scrape number.
for /f "tokens=2 delims==" %%x in ("%%I") do set "value=%%x"
)
)
I think that's right, anyway. I didn't test it.
But I suspect that this is not going to work as you intend, since what you are scraping will probably include HTML tags. We will probably not be able to help you scrape the HTML unless you pastebin the HTML source of an example page, and explain what you wish to scrape from that source example.
does this fit your needs?
for /F "delims=" %%a in ('type file.txt ^| findstr "top low"') do set /a %%a
set top
set low
echo %top%, %low%
Try this:
for /F "tokens=2delims==" %%a in ('findstr top file.txt') do set "updir=%%a"
echo.%updir%
According to your comment my new code:
#echo off &setlocal enabledelayedexpansion
set "string=%%I"
set "string=!string:*top=!"
for /f "delims== " %%z in ("!string!") do set "string=%%z"
echo !string!
.. output:
123456789
Edit2: "added.
Im attempting to get a block of text from a file I have already created and store that information into a new file. The text file id like to parse is set up like this:
HostName: xxxxxx
(8 or so lines of information)
HostName: xxxxxx
The largest problem I am having is that between the blocks of text I am specifically looking for the word "admin". I am able to find and return the line with the word admin in it, now I need to write a loop to grab the information above and below if the word admin is found within that block of text (I was going to use an empty line as the delimiter as thats consistent throughout my file).
Ive written a few for loops but none of them have given me what id like. Any help would be appreciated.
Thanks
The program below do what you want:
#echo off
setlocal EnableDelayedExpansion
rem Create the info removing empty lines
(for /F "delims=" %%a in ('schtasks /query /fo list /v') do echo %%a) > schtasks.txt
rem Add an additional "HostName:" line at end as delimiter
echo HostName: >> schtasks.txt
rem Create a vector of number of lines containing "HostName:"
set i=0
for /F "delims=:" %%a in ('findstr /N "HostName:" schtasks.txt') do (
set /A i+=1
set header[!i!]=%%a
)
rem Seek for the LINES containing "admin"
for /F "delims=:" %%a in ('findstr /N /I "administrator" schtasks.txt') do (
rem Seek for the NEXT section that contains "admin" line
for /L %%i in (1,1,%i%) do if %%a gtr !header[%%i]! set thisSection=%%i
rem Locate that section
set /A start=header[!thisSection!], nextSection=thisSection+1
set /A end=header[!nextSection!]-1
rem ... and show it
set line=0
for /F "delims=" %%a in (schtasks.txt) do (
set /A line+=1
if !line! geq !start! if !line! leq !end! echo %%a
)
echo ----------------------------------------------
)
del schtasks.txt
PS - Of course that MS-DOS/Windows Batch is a programming language!
Drag and drop .bat, it takes the files,
puts it in 2 lists and process both list simultanously.
I passed a path : X:\folder\folder number\begin.txt into %1
it's working fine if i have foldernumber
PUSHD %~dp0
:loop
IF ["%~f1"] EQU [""] goto :out
echo %~f1>>list
set /a count+=1
SHIFT
goto :loop
POPD
:out
if %count% LEQ 1 (copy list list1 && goto :START)
set /a count2=%count%/2
more /e +%count2% list > list2
set count=0
setlocal enabledelayedexpansion
for /F "eol=; tokens=* delims=," %%i in (list) do (
set /a count+=1
if !count! leq !count2! echo %%i >>list1
)
endlocal
:: Create the 2nd .bat for multiprocessing and start multiprocessing
more /e +88 mybat.bat > temp.bat
START "2nd Process mybat2" temp.bat
:start
for /f "eol=; tokens=* delims==," %%i in (list1) do call :SEARCH %%i
goto :END
:: 88th line here
for /f "eol=; tokens=* delims==," %%k in (list2) do call :SEARCH %%k
goto :END
:search
setlocal enabledelayedexpansion
for %%A in (jan feb mar apr mai etc...) DO (
findstr /m "%%A" "%~f1" > NUL
if !ERRORLEVEL! == 0 (
call :theend %~1 %%A
goto :EOF
)
)
endlocal
I get this error message "FINDSTR: Cannot open X:\folder\folder number\begin.txt"
Is there a way to fix this findstr problem?
thanks
To let us see if your file dropping is OK:
Can you create a batch file with these contents
echo %*
set /p dummy=press return
drop a file, with spaces in the name, onto it and post the results?