Page 1 of 2 12 LastLast
Results 1 to 10 of 20

Thread: Exit codes and other things

  1. #1
    Junior Member
    Join Date
    Aug 2003
    Posts
    11

    Exit codes and other things

    Ok, I'm messing around with DOS and am trying to create a very simple Intrusion Detection System. I'm new with this stuff, so if something I say doesn't make sense, please just tell me.

    Basically, it runs Netstat, logs it, gives the user a list of options to stop or view the log, and if they don't choose an option in 5 seconds, it continues logging.

    @echo off
    goto net
    :net
    netstat>>log.txt
    choice /c:csv /n /t:c,5 Press S to stop or V to view the log.
    IF errorlevel 1 goto net
    IF errorlevel 2 goto stop
    IF errorlevel 3 goto view
    :stop
    echo You've stopped logging.
    :view
    start C:\Windows\log.txt

    I also wanted to add an FC to compare the log to normal traffic, and then use IF with errorlevel to determine if there is an intruder. But I am not sure of the exit codes for the FC command. Can someone please explain exit codes to me?
    Everything Turns Grey!

  2. #2
    Senior Member
    Join Date
    Jul 2003
    Posts
    813
    RTFM

    Is this a pure DOS or a shell that you're using? If it's a shell Win XP [and I assume other versions as well] has an extensive command referrence help. There's also Google that should turn up quite a number of results on that.

    No I don't know anything about the exit codes for the FC command. I just recommend you follow these steps before posting a question.
    /\\

  3. #3

  4. #4
    Senior Member
    Join Date
    Oct 2002
    Posts
    4,055
    Not to get off-topic, but NemorY: You are the king of Researching with Google .
    Space For Rent.. =]

  5. #5
    No I don't know anything about the exit codes for the FC command. I just recommend you follow these steps before posting a question.
    Wait, you want him to go somewhere else to get answers to his questions, instead of posting in the newbie questions section of our website?

    Geesh guys, either help the guy or ignore him, but don't be rude about it.

  6. #6
    Senior Member
    Join Date
    Jul 2003
    Posts
    813
    I wasn't being rude to him in any way, if anything I believe the people that come with questions that they refused to research on their own are rude. Now if I had known anything about this particular subject I would have most likely give him an idea, but I'd still tell him to RTFM. I mean I come to AO after I've tried researching a topic as much as possible... and if sometimes it still doesn't get through up there I might want to discuss it on IRC or on the forum and try to clear things out for myself.
    /\\

  7. #7
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885
    Your idea is a good one. In fact, so good that it has been done over and over already. A quick google search gives you a plethora of tools that provide realtime "Netstat" views.

    http://www.google.com/search?hl=en&l...+realtime+view

    If this is only for a proof of concept, then continue on, but for functionality, you have miles to go.
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  8. #8
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,785
    "Now if I had known anything about this particular subject I would have most likely give him an idea."

    hypronix please dont think im singleing in on you becase i think your reasoning is typical of the google my post count up crowd. but if you dont know anything about the subject then why are you posting?...memory?

    blithendell check out the 'interval' argument in netstat this will refresh the netstat output every <?> seconds until you ctrl-c. a nice example of this with a GUI added can be found in IPtools http://www.ks-soft.net/ip-tools.eng/
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  9. #9
    Senior Member
    Join Date
    Jul 2003
    Posts
    813
    IMO there was a lack of any knowledge regarding that part of what he wanted to do. Now if the question was anything along the lines of "I've tried this and it doesn't work" or "I don't get the hang of that" it would be more likely to get an extensive answer from members of the community.

    There was a chat a while back on UnError or SMDC-Network about why the answer to many question is RTFM, and the conclusion of that particular discussion was similar to the point that I was trying to make with my first post. We're not here to reinvent the wheel every time somebody needs a wagon.

    As well I did point out to some referrence that he could use in his task. Not much, I admit, but it was a starting point. I could have as well pasted here the manual but that clearly wouldn't be advantageous for him.

    I always had the impression that AO was a community not only there to help out with questions but to help its members to develop a basic skill set for when they encounter various problems. To make users aware of what the steps are when it comes down to learning something. By simply writing out code for somebody [starting from scratch] you're pretty much writing a tool that a script kiddie would use. No more, no less, since there is absolutely no theoretical understanding of the concepts involved on the part of the receiver.

    P.S. I am not trying to put down anybody's computer enthusiasm, either current thread posters or other casual readers. But if somebody considers themselves an enthusiast well... they should be more active when it comes to learning new things.
    /\\

  10. #10
    Now if the question was anything along the lines of "I've tried this and it doesn't work" or "I don't get the hang of that" it would be more likely to get an extensive answer from members of the community.
    I don't care how or what someone asks, if I know the answer then I will help. If I do not know the answer, then I will not help.

    There was a chat a while back on UnError or SMDC-Network about why the answer to many question is RTFM, and the conclusion of that particular discussion was similar to the point that I was trying to make with my first post. We're not here to reinvent the wheel every time somebody needs a wagon.
    Then since almost every single question posted on AO is documented somewhere on the net already, we should tell each and everyone of them to RTFM? Do you know how small that would make the entire AO forum as a whole, and how many people would -still- come back to ask us the question again, hoping someone can explain it better than a cryptic man page. I don't care how many times I have to answer a question, I will still answer it. My responce and help would be no different than them running the 'man' command.

    To make users aware of what the steps are when it comes down to learning something. By simply writing out code for somebody [starting from scratch] you're pretty much writing a tool that a script kiddie would use. No more, no less, since there is absolutely no theoretical understanding of the concepts involved on the part of the receiver.
    Rare are the times I see that happen on AO, and I mean very rare. People here almost always post explainations and examples to the question rather than simply coding it out for them. Learning is greatly encouraged here, as is obvious even in this post. However, explaining concepts that would take thirty seconds or so from someone here who already knows it, and put it into words that is understandable is just so much more efficient and kind than having someone RTFM, google, ask questions, get flamed, google more, get confused, and then maybe catch on a few days later.

    P.S. I am not trying to put down anybody's computer enthusiasm, either current thread posters or other casual readers. But if somebody considers themselves an enthusiast well... they should be more active when it comes to learning new things.
    Active or not isn't the point here. The parent poster took an active step of asking for the personal advice and knowlege of those already here. I've posted many topics of things I know full well I could google and RTFM, but why should I be forced to when I know I can gain much more insight and personal experience from those who have already done it first hand?

    A question is a question, which can be answered many ways. Choose the path of least resistance (even if that means posting it to a forum where you know people can explain it better than a manual) and do not force a common standard of prerequisits


    edit

    I guess my primary point is this: You teach people new to the security/programming world to read read read read read and study study study and to never hesitate to ask questions. Yet now when they ask questions we slap them for their newbiness and give then RTFM finger? Sounds like the debian community :P

    We all remember what it was like starting out and I'm sure the majority of us would have enjoyed having the chance to speak with someone who could explain a concept or security practice in a way that made more sense than man or doc pages.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •