# Parv's Case Download Utility (PCDU) ----- ``` ____ _ ____ ____ _ _ | _ \ __ _ _ ____ _( )___ / ___| _ \| | | | | |_) / _` | '__\ \ / /|// __|| | | | | | | | | | __/ (_| | | \ V / \__ \| |___| |_| | |_| | |_| \__,_|_| \_/ |___(_)____|____/ \___/ Parv's Case Download Utility (Parv's CDU) ``` TABLE OF CONTENTS ----------------- 1. Overview 2. Features 3. System Requirements 4. Installation 5. Usage 6. Configuration 7. File Organization 8. Troubleshooting 9. FAQ 10. Version History 11. Author & License ================================================================================ 1. OVERVIEW ================================================================================ Parv's Case Download Utility (PCDU) is a Windows batch script designed to automate the download of NetScaler case files from remote analysis servers. It efficiently retrieves: - Saved configurations (ns.conf) - Running configurations (ns_running_config.conf) - Packet captures (PCAP, CAP files) - SSL keys - HAR files - Screenshots and images - Log files and other case artifacts The tool organizes downloaded files into a structured directory format for easy analysis and review. ================================================================================ 2. FEATURES ================================================================================ ✓ Automatic Case File Discovery - Scans case directories for collector bundles - Identifies all relevant files automatically ✓ Selective Download - Downloads configs from inside collector bundles - Downloads captures/media from case root only - Excludes unnecessary files (support.tgz, full bundles) ✓ Smart Organization - configs/ - Configuration files - captures/ - PCAP, CAP, HAR, SSL keys - media/ - Screenshots and images - *.txt, *.log, *.xml - Root level files ✓ Performance Optimized - Single SSH scan for directory structure - Quiet mode transfers (no verbose output) - Filters authentication noise ✓ Comprehensive Logging - Detailed download log per case - Summary statistics - Error tracking ✓ Dual SCP Support - PuTTY (pscp.exe/plink.exe) - OpenSSH Client (scp/ssh) ================================================================================ 3. SYSTEM REQUIREMENTS ================================================================================ Operating System: - Windows 10 or later - Windows Server 2016 or later Required Software (ONE of the following): Option A - PuTTY Suite (Recommended): - pscp.exe (PuTTY Secure Copy) - plink.exe (PuTTY Link) Download: https://www.putty.org/ Option B - OpenSSH Client: - Built into Windows 10 (1809+) and Windows 11 - Enable via: Settings > Apps > Optional Features > OpenSSH Client Network Requirements: - SSH access to myanalysis.web.server.local - Valid user credentials - Port 22 outbound access Permissions: - Write access to %USERPROFILE%\Downloads\SJLNT\ ================================================================================ 4. INSTALLATION ================================================================================ STEP 1: Download PCDU ---------------------- Download the getlog.bat file to a convenient location: C:\Tools\PCDU\getlog.bat STEP 2: Install SCP Tool ------------------------- Option A - PuTTY (Recommended): 1. Download PuTTY installer from https://www.putty.org/ 2. Run installer (installs to C:\Program Files\PuTTY\ by default) 3. Add to PATH: - Right-click "This PC" > Properties - Advanced System Settings > Environment Variables - Edit "Path" under System Variables - Add: C:\Program Files\PuTTY\ - Click OK Option B - OpenSSH: 1. Open Settings > Apps > Optional Features 2. Click "Add a feature" 3. Find "OpenSSH Client" 4. Click Install 5. Restart terminal/command prompt STEP 3: Verify Installation ---------------------------- Open Command Prompt and run: pscp.exe OR scp You should see usage information (not "command not found"). STEP 4: (Optional) Create Desktop Shortcut ------------------------------------------- 1. Right-click Desktop > New > Shortcut 2. Location: C:\Windows\System32\cmd.exe /k C:\Tools\PCDU\getlog.bat 3. Name: PCDU - Case Downloader 4. Change icon if desired ================================================================================ 5. USAGE ================================================================================ BASIC USAGE ----------- Double-click getlog.bat or run from command prompt: getlog.bat You'll be prompted for: 1. Case Number (e.g., 909801482) 2. SSH Username (e.g., john.doe) 3. SSH Password (hidden input) COMMAND-LINE USAGE ------------------ Syntax: getlog.bat [CASE_NUMBER] [USERNAME] [PASSWORD] Examples: Interactive mode: getlog.bat Case number only (prompts for credentials): getlog.bat 909801482 Case + Username (prompts for password): getlog.bat 909801482 john.doe Fully automated (for scripts): getlog.bat 909801482 john.doe MyP@ssw0rd WORKFLOW -------- 1. Script connects to myanalysis.web.server.local via SSH 2. Verifies case directory exists 3. Scans for collector bundles and files (single SSH call) 4. Downloads configurations from collector bundles 5. Downloads captures/media from case root 6. Organizes files into structured folders 7. Generates download log 8. Displays summary 9. Optionally opens destination folder ================================================================================ 6. CONFIGURATION ================================================================================ REMOTE SERVER SETTINGS ---------------------- Edit these variables in getlog.bat if needed: Line ~45: set "REMOTE_SERVER=myanalysis.web.server.local" Line ~46: set "REMOTE_BASE_PATH=/upload/logs/cases" LOCAL DESTINATION ----------------- Default download location: %USERPROFILE%\Downloads\SJLNT\\ To change, edit line ~75: set "DEST=%USERPROFILE%\Downloads\SJLNT\%CASENO%" Example custom location: set "DEST=D:\CaseFiles\%CASENO%" FILE TYPE FILTERS ----------------- To add/remove file types, edit the find command around line ~185: Current filters: *.cap, *.pcap, *.pcapng - Packet captures *.sslkeys, *.keys - SSL key files *.har - HTTP Archive files *.xml - XML files *.jpg, *.jpeg, *.png, etc. - Image files *.txt, *.log, *.csv - Text/log files *.json - JSON files ================================================================================ 7. FILE ORGANIZATION ================================================================================ DIRECTORY STRUCTURE ------------------- After download, files are organized as follows: %USERPROFILE%\Downloads\SJLNT\\ │ ├── configs\ │ ├── ns.conf_collector_P_192.168.10.195__ │ ├── ns.conf_collector_S_192.168.10.196__ │ ├── ns_running_config.conf_collector_P__ │ └── ns_running_config.conf_collector_S__ │ ├── captures\ │ ├── nstrace.cap │ ├── nstrace.pcap │ ├── traffic.sslkeys │ └── browser_session.har │ ├── media\ │ ├── error_screenshot.png │ ├── config_page.jpg │ └── network_diagram.png │ ├── config.xml ├── case_notes.txt ├── troubleshooting.log └── download_.log FILE NAMING CONVENTIONS ----------------------- Configuration files from collector bundles are suffixed with collector name to prevent conflicts: Original: ns.conf Downloaded as: ns.conf_collector_

__ This allows you to distinguish between Primary and Secondary configs when multiple collector bundles exist. DOWNLOAD LOG ------------ Each case download generates a log file: download_.log Contains: - Timestamp - Connection details - Files found and downloaded - Errors (if any) - Summary statistics ================================================================================ 8. TROUBLESHOOTING ================================================================================ ISSUE: "pscp.exe not found" or "scp not found" SOLUTION: 1. Verify installation: - Run: where pscp.exe OR where scp 2. If not found, reinstall PuTTY or OpenSSH (see Section 4) 3. Ensure PATH is set correctly 4. Restart Command Prompt after PATH changes ISSUE: "SSH connection failed" SOLUTION: 1. Verify network connectivity: - Run: ping myanalysis.web.server.local 2. Check credentials are correct 3. Verify VPN connection (if required) 4. Check firewall allows outbound port 22 5. Try manual connection: - ssh username@myanalysis.web.server.local ISSUE: "Case directory not found" SOLUTION: 1. Verify case number is correct 2. Check case exists on server: - SSH manually: ssh username@smyanalysis.web.server.local - Navigate: cd /upload/ftp/ 3. Ensure case has been uploaded to analysis server ISSUE: "No collector bundles found" SOLUTION: - This is normal if case doesn't have collector bundles - Script will still download files from case root - Check if support bundle was uploaded ISSUE: Files downloading slowly SOLUTION: 1. Check network bandwidth 2. Large PCAP files may take time 3. Script uses optimized transfer mode 4. Consider downloading during off-peak hours ISSUE: "Unable to identify Keyboard-interactive authentication prompts" SOLUTION: - This is a cosmetic warning, usually safe to ignore - Script filters these messages in v1.0 - If persisting, update to latest version ISSUE: Download incomplete SOLUTION: 1. Check download log for errors 2. Verify disk space available 3. Re-run script (safe to run multiple times) 4. Check file permissions in destination folder ISSUE: Password prompt not working SOLUTION: 1. Password is hidden during input (normal behavior) 2. Type carefully and press Enter 3. If automated, pass as 3rd parameter (not secure!) 4. Consider SSH key authentication for automation ================================================================================ 9. FAQ ================================================================================ Q: Is it safe to run the script multiple times on the same case? A: Yes. The script will overwrite existing files. Useful for resuming interrupted downloads. Q: Can I automate this for multiple cases? A: Yes. Create a wrapper script: FOR %%C IN (909801482 101801843 101801844) DO ( getlog.bat %%C username password ) Q: Does it download the entire collector bundle? A: No. It selectively downloads only ns.conf and running config from inside bundles. Other files come from case root only. Q: What about support.tgz files? A: These are intentionally excluded to save time and bandwidth. Q: Can I change the destination folder? A: Yes. Edit the DEST variable (see Section 6). Q: Does this work with SFTP servers? A: No. Currently supports SCP/SSH only. SFTP support may be added in future. Q: Will this work on Linux or Mac? A: No. This is a Windows batch script. However, the logic can be adapted to bash scripts for Unix-like systems. Q: How do I update PCDU? A: Download the latest getlog.bat and replace the old file. Q: Is password stored anywhere? A: No. Password is stored only in memory during script execution and is not logged or saved to disk. Q: Can I use SSH keys instead of password? A: Yes, if using OpenSSH. Configure SSH keys in ~/.ssh/ and remove password prompts from script. Q: What if I have multiple collector bundles (Primary/Secondary)? A: Script downloads configs from all collectors found and names them accordingly. ================================================================================ 10. VERSION HISTORY ================================================================================ v1.0 - February 2026 -------------------- [+] Initial release [+] Auto-discovery of collector bundles [+] Selective config download from collectors [+] Case root file download (captures, media, logs) [+] Organized directory structure [+] Comprehensive logging [+] Dual SCP support (PuTTY/OpenSSH) [+] Performance optimization (single SSH scan) [+] Keyboard-interactive message filtering [+] Progress indicators and summary [+] ASCII art branding PLANNED FEATURES (Future Versions) ----------------------------------- [ ] Multi-case batch processing [ ] Resume capability for interrupted downloads [ ] SSH key authentication support [ ] Custom file type filters via config file [ ] Download only specific file types (flags) [ ] Compression of downloaded files [ ] Email notification on completion [ ] GUI version [ ] Linux/Mac bash script version [ ] Progress bars for large files [ ] Bandwidth limiting option ================================================================================ 11. AUTHOR & LICENSE ================================================================================ AUTHOR ------ Developed by: Parv Version: 1.0 Date: February 2026 LICENSE ------- This tool is provided "as-is" without warranty of any kind. You are free to: - Use this tool for personal or commercial purposes - Modify the code to suit your needs - Distribute modified or unmodified versions Please: - Give credit to the original author - Do not hold the author liable for any issues arising from use DISCLAIMER ---------- This tool is designed for authorized use only. Ensure you have proper authorization before connecting to remote servers and downloading case files. The author is not responsible for: - Unauthorized access to systems - Data loss or corruption - Network or system issues - Misuse of downloaded data ACKNOWLEDGMENTS --------------- Special thanks to: - PuTTY development team - OpenSSH project - NetScaler support community ================================================================================ Thank you for using Parv's Case Download Utility (PCDU)! ================================================================================