?
Solved

Get the ip's which are assigned in the last 5 hrs

Posted on 2007-07-25
20
Medium Priority
?
296 Views
Last Modified: 2010-03-05
Hi,

Is there a script which can query with DHCP log files and tell me the last 5hrs ip that are leased and to whome.

Regards
Sharath
0
Comment
Question by:bsharath
  • 9
  • 8
  • 2
  • +1
20 Comments
 
LVL 23

Expert Comment

by:Malli Boppe
ID: 19571924
I dodn't think so
0
 
LVL 65

Expert Comment

by:RobSampson
ID: 19572460
I have a script that gets MAC addresses from a DHCP server for a given computer.  I will see if I can search everything based on a time frame.
Basically, it uses a
netsh dhcp server \\DHCPServer scope 192.168.20.0 show
command.

Regards,

Rob.
0
 
LVL 16

Expert Comment

by:speshalyst
ID: 19572943
Sharath,

this looks to be a good tool....

 DHCP Lease parser.. try it out..
http://sourceforge.net/projects/lease-parser/
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 11

Author Comment

by:bsharath
ID: 19573137
I have downloaded this file.

leaseparser-0.9-1.src.rpm

What is this and how can i use this file
0
 
LVL 65

Expert Comment

by:RobSampson
ID: 19580118
Hi Sharath, from the "netsh dhcp" command I can only get the following fields:
Type : N - NONE, D - DHCP B - BOOTP, U - UNSPECIFIED, R - RESERVATION IP
============================================================================
IP Address      - Subnet Mask    - Unique ID           - Lease Expires        -Type -Name  
============================================================================

Which means I can't tell when the lease was given out.  As the expiration is also a somewhat random value, we can't subtract the lease duration from the expiration date.

I'll see if I can find anything else.

Regards,

Rob.
0
 
LVL 11

Author Comment

by:bsharath
ID: 19580129
Ok Rob...
0
 
LVL 65

Expert Comment

by:RobSampson
ID: 19580644
Actually, now I'm not so sure that the lease expiration *is* random.....
I have discovered how to retrieve the lease duration value (in seconds) from the DHCP server, so I will see how I go with subtracting that from the lease expiration field.

Regards,

Rob.
0
 
LVL 16

Expert Comment

by:speshalyst
ID: 19580886
Sharath...

The DHCP parser.. is for LInux.. i was wrong...
0
 
LVL 11

Author Comment

by:bsharath
ID: 19587777
ANY HELP...
0
 
LVL 65

Accepted Solution

by:
RobSampson earned 2000 total points
ID: 19589917
Hi Sharath,

Here is another VBS file that took me quite a while to build......

Instructions are as follows:
1. Copy this script to text file with a VBS extension
2. Change the
    strDHCPServer = InputBox("Available DHCP Servers are:" & VbCrLf & _
    lines so that it shows the names of your available DHCP servers
3. Select Case strDHCPServer
    lines so that they read the correct Scope for each DHCP Server written in Step 2
4. Download PSExec and store it somewhere the script can access it
5. Change the
    strCommand = "cmd /c \\server\share\psexec.exe
    line so that points to the correct location for the script to call PSExec
6. There are two references to PSExec, make sure you change both
7. You can change the
    strOutputFile = "Results.csv"
    line if you want to store the results to another file.  It is written in a CSV format
8. Run the script, and see what results you get.

'================
Option Explicit

Dim objShell, strCommand, strDHCPServer, strDHCPScope
Dim objFSO, objInputFile, strSingleLine, strResults
Dim boolCorrectOption, lngLeaseDurationInSeconds, dteDate, intDay
Dim dteLeaseGiven, strInterval, intIntervalAmount
Dim strOutputFile, objOutputFile
Const intForReading = 1

strOutputFile = "Results.csv"

' FROM A DHCP SERVER'S COMMAND PROMPT USE
' netsh dhcp show server
' TO SEE ALL AVAILABLE DHCP SERVERS, THEN USE
' netsh dhcp server \\servername show scope
' TO SEE THE SCOPE IP ADDRESS OF THAT SERVER
strDHCPServer = InputBox("Available DHCP Servers are:" & VbCrLf & _
                  "DHCPServer1" & VbCrLf & _
                  "DHCPServer2" & VbCrLf & _
                  "DHCPServer3" & VbCrLf & _
                  "Enter the DHCP Server to search in:", "DHCP Server Name", "DHCPServer1")

Select Case strDHCPServer
      Case "DHCPServer1"
            strDHCPScope = "172.16.0.0"
      Case "DHCPServer2"
            strDHCPScope = "192.168.20.0"
      Case "DHCPServer3"
            strDHCPScope = "192.168.60.0"
      Case Else
            MsgBox strDHCPServer & " is not a known DHCP Server."
            WScript.Quit
End Select

strResults = ""
Set objShell = CreateObject("WScript.Shell")
strCommand = "cmd /c \\server\share\psexec.exe -accepteula -i -e \\" & strDHCPServer & " netsh dhcp server \\" & strDHCPServer & " scope " & strDHCPScope & " show clients 1 > C:\DHCPLeases.txt"
objShell.Run strCommand, 0, True
' Get the lease duration (in seconds):
'netsh dhcp server \\DHCPServerName scope 172.16.0.0 show optionvalue
' and read option-id 51
strCommand = "cmd /c \\server\share\psexec.exe -accepteula -i -e \\" & strDHCPServer & " netsh dhcp server \\" & strDHCPServer & " scope " & strDHCPScope & " show optionvalue > C:\OptionValues.txt"
objShell.Run strCommand, 0, True

Set objFSO = CreateObject("Scripting.FileSystemObject")

boolCorrectOption = False
Set objInputFile = objFSO.OpenTextFile("C:\OptionValues.txt", intForReading, False)
While Not objInputFile.AtEndOfStream
      strSingleLine = objInputFile.ReadLine
      If InStr(strSingleLine, "OptionId : 51") > 0 Then boolCorrectOption = True
      If InStr(strSingleLine, "Option Element Value") > 0 And boolCorrectOption = True Then
            lngLeaseDurationInSeconds = Mid(strSingleLine, InStrRev(strSingleLine, " ") + 1)
            boolCorrectOption = False
      End If
Wend
objInputFile.Close
Set objInputFile = Nothing

Set objInputFile = objFSO.OpenTextFile("C:\DHCPLeases.txt", intForReading, False)
While Not objInputFile.AtEndOfStream
      strSingleLine = objInputFile.ReadLine
      If InStr(Mid(strSingleLine, 57, 23), ":") > 0 Then
            dteDate = Trim(Mid(strSingleLine, 57, 23))
            intDay = Mid(dteDate, InStr(dteDate, "/") + 1, 2)
            If Right(intDay, 1) = "/" Then intDay = Left(intDay, 1)
            Select Case Left(dteDate, InStr(dteDate, "/") - 1)
                  Case 1 dteDate = intDay & "-" & "JAN-" & Mid(dteDate, InStrRev(dteDate, "/") + 1, 4) & Mid(dteDate, InStrRev(dteDate, "/") + 5)
                  Case 2 dteDate = intDay & "-" & "FEB-" & Mid(dteDate, InStrRev(dteDate, "/") + 1, 4) & Mid(dteDate, InStrRev(dteDate, "/") + 5)
                  Case 3 dteDate = intDay & "-" & "MAR-" & Mid(dteDate, InStrRev(dteDate, "/") + 1, 4) & Mid(dteDate, InStrRev(dteDate, "/") + 5)
                  Case 4 dteDate = intDay & "-" & "APR-" & Mid(dteDate, InStrRev(dteDate, "/") + 1, 4) & Mid(dteDate, InStrRev(dteDate, "/") + 5)
                  Case 5 dteDate = intDay & "-" & "MAY-" & Mid(dteDate, InStrRev(dteDate, "/") + 1, 4) & Mid(dteDate, InStrRev(dteDate, "/") + 5)
                  Case 6 dteDate = intDay & "-" & "JUN-" & Mid(dteDate, InStrRev(dteDate, "/") + 1, 4) & Mid(dteDate, InStrRev(dteDate, "/") + 5)
                  Case 7 dteDate = intDay & "-" & "JUL-" & Mid(dteDate, InStrRev(dteDate, "/") + 1, 4) & Mid(dteDate, InStrRev(dteDate, "/") + 5)
                  Case 8 dteDate = intDay & "-" & "AUG-" & Mid(dteDate, InStrRev(dteDate, "/") + 1, 4) & Mid(dteDate, InStrRev(dteDate, "/") + 5)
                  Case 9 dteDate = intDay & "-" & "SEP-" & Mid(dteDate, InStrRev(dteDate, "/") + 1, 4) & Mid(dteDate, InStrRev(dteDate, "/") + 5)
                  Case 10 dteDate = intDay & "-" & "OCT-" & Mid(dteDate, InStrRev(dteDate, "/") + 1, 4) & Mid(dteDate, InStrRev(dteDate, "/") + 5)
                  Case 11 dteDate = intDay & "-" & "NOV-" & Mid(dteDate, InStrRev(dteDate, "/") + 1, 4) & Mid(dteDate, InStrRev(dteDate, "/") + 5)
                  Case 12 dteDate = intDay & "-" & "DEC-" & Mid(dteDate, InStrRev(dteDate, "/") + 1, 4) & Mid(dteDate, InStrRev(dteDate, "/") + 5)
            End Select
                  
            dteLeaseGiven = DateAdd("s", -lngLeaseDurationInSeconds, dteDate)
            strInterval = "h"
            intIntervalAmount = 5
            If strResults = "" Then
                  'strResults = strResults & DateAdd(strInterval, -intIntervalAmount, Now) & " | " & dteLeaseGiven & " | " & DateDiff("s", DateAdd(strInterval, -intIntervalAmount, Now), dteLeaseGiven)
                  If DateDiff("s", DateAdd(strInterval, -intIntervalAmount, Now), dteLeaseGiven) > 0 Then
                        strResults = strResults & Trim(Left(strSingleLine, 16)) & "," & Left(Mid(strSingleLine, 85), InStr(Mid(strSingleLine, 85), ".") - 1) & "," & dteLeaseGiven
                  End If
            Else
                  'strResults = strResults & VbCrLf & DateAdd(strInterval, -intIntervalAmount, Now) & " | " & dteLeaseGiven & " | " & DateDiff("s", DateAdd(strInterval, -intIntervalAmount, Now), dteLeaseGiven)
                  If DateDiff("s", DateAdd(strInterval, -intIntervalAmount, Now), dteLeaseGiven) > 0 Then
                        strResults = strResults & VbCrLf & Trim(Left(strSingleLine, 16)) & "," & Left(Mid(strSingleLine, 85), InStr(Mid(strSingleLine, 85), ".") - 1) & "," & dteLeaseGiven
                  End If
            End If
      End If
Wend
objInputFile.Close
Set objInputFile = Nothing

objFSO.DeleteFile "C:\DHCPLeases.txt", True
objFSO.DeleteFile "C:\OptionValues.txt", True

If strResults = "" Then
      MsgBox "No Leases were given in the last " & intIntervalAmount & strInterval & " from " & strDHCPServer & "."
Else
      Set objOutputFile = objFSO.CreateTextFile(strOutputFile, True)
      objOutputFile.WriteLine "IP Address,Computer Name, Time Lease Given"
      objOutputFile.Write strResults
      objOutputFile.Close
      Set objOutputFile = Nothing
      MsgBox "The Leases given by " & strDHCPServer & " are: " & VbCrLf & strResults & VbCrLf, vbOKOnly, "Leases given by " & strDHCPServer
End If

Set objFSO = Nothing
'===============

Regards,

Rob.
0
 
LVL 11

Author Comment

by:bsharath
ID: 19589952
These 2 lines i am not able to follow

2. Change the
    strDHCPServer = InputBox("Available DHCP Servers are:" & VbCrLf & _
    lines so that it shows the names of your available DHCP servers
3. Select Case strDHCPServer
    lines so that they read the correct Scope for each DHCP Server written in Step 2

I have done the other changes.When i run the script it asks me for the DHCP server name it gives this box.

It says the server is not a DHCP server.But it is a DHCP server.i tried giving 4 server names for all the servers i get this message
0
 
LVL 65

Expert Comment

by:RobSampson
ID: 19589967
OK, for Step 2, you need to change:
strDHCPServer = InputBox("Available DHCP Servers are:" & VbCrLf & _
                  "DHCPServer1" & VbCrLf & _
                  "DHCPServer2" & VbCrLf & _
                  "DHCPServer3" & VbCrLf & _
                  "Enter the DHCP Server to search in:", "DHCP Server Name", "DHCPServer1")

and replace the DHCPServer1, DHCPServer2, and DHCPServer3 with the names of your DHCP servers, and add more if required.

For Step 3, you need to change:
Select Case strDHCPServer
      Case "DHCPServer1"
            strDHCPScope = "172.16.0.0"
      Case "DHCPServer2"
            strDHCPScope = "192.168.20.0"
      Case "DHCPServer3"
            strDHCPScope = "192.168.60.0"
      Case Else
            MsgBox strDHCPServer & " is not a known DHCP Server."
            WScript.Quit
End Select

and replace the DHCPServer1, DHCPServer2, and DHCPServer3 with the names of your DHCP servers, and also change the IP Addresses on each strDHCPScope = to match the scope that is controlled by each DHCP Server.  And add more here if required as well.

Regards,

Rob.
0
 
LVL 11

Author Comment

by:bsharath
ID: 19589985
Which is the place i need to change the date and time if i need a different type of report
0
 
LVL 11

Author Comment

by:bsharath
ID: 19589995
One more change.I can raise a new question for this.

Is there a way to modify this script to find only computers that is not from my domain and ip's have been leased.
Ex:
There are persons who come from vendors side with there laptops and plug in to our netwok.
If we can find such persond then we can scan there machines for virus immediately.
What i need is find all computers which has bee lease an ip in the past 12 hrs and not in the domain Development.
This can be computers in workgroup or any other domain.
0
 
LVL 65

Expert Comment

by:RobSampson
ID: 19590022
>> Which is the place i need to change the date and time if i need a different type of report

If you change the date and time format it will not output the correct thing because it will calculate the dates differently.  On the other hand, if you're referrring to the interval of time that you want to view leases of (seeing as you mentioned 12 hours), change the following two values:
            strInterval = "h"
            intIntervalAmount = 5

where, the strInterval is one of:
"yyyy" (Year)
"q" (Quarter)
"m" (Month)
"y" (Day of year)
"d" (Day)
"w" ( Weekday)
"ww" (Week of year)
"h" (Hour)
"n" (Minute)
"s" (Second)

>> Is there a way to modify this script to find only computers that is not from my domain and ip's have been leased

The script uses this part:
Left(Mid(strSingleLine, 85), InStr(Mid(strSingleLine, 85), ".") - 1)
to return the computer name of each computer, without the domain suffix, so we could check the domain suffix (if it exists) to see if any non-domain computers will show up easily.

Before I put in that functionality, can you place this line:
objShell.Run "notepad C:\DHCPLeases.txt", 1, True

above this line:
objFSO.DeleteFile "C:\DHCPLeases.txt", True

which will show you the text file in full from the DHCP Server.  Can you scan through that for any computer that you can see that is not part of your domain?

If so, what is the difference in the format from that of a computer on your domain?

Regards,

Rob.
0
 
LVL 11

Author Comment

by:bsharath
ID: 19590048
Now i get all the machine names with the domain to a file.So that i can sort and find them.At present the script shows me all computers for which ip has been leased in the last 5 hrs.Am i correct.
0
 
LVL 65

Expert Comment

by:RobSampson
ID: 19590445
Yes.  What the script does is dump *all* of the DHCP data to a file, and then it just filters the results of that file according to the 5 hours that is speicifed by strInterval, and intIntervalAmount.
So, by putting that line in that opens DHCPLeases.txt with Notepad, that is unfiltered, full list of DHCP leases.

And yes, at present, because strInterval is "h" (hours), and intIntervalAmount is 5, it filters to those that were given within the last five hours.

So, as I mentioned, in the full, unfiltered list, do you see any computers that are not part of your domain?
For example, for computers that are in your domain, you should have:
xxx.xx.x.x      - xxx.xxx.xxx.xxx    - 00-00-00-00-00-00   -8/9/2007 12:15:03 PM   -D-  COMPNAME.development.com

Where COMPNAME.development.com is the computer name.

I'm wondering how non-domain PCs show up.....would it just be COMPNAME?

Regards,

Rob.
0
 
LVL 11

Author Comment

by:bsharath
ID: 19590531
Yes just the name or the machinename.Domain name
0
 
LVL 11

Author Comment

by:bsharath
ID: 19590542
Thanks a lot...
0
 
LVL 65

Expert Comment

by:RobSampson
ID: 19590561
No problem....speak to you later....

Rob.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Welcome to my series of short tips on migrations. Whilst based on Microsoft migrations the same principles can be applied to any type of migration. My first tip Migration Tip #1 – Source Server Health can be found listed in my profile here: http:…
Have you considered what group policies are backwards and forwards compatible? Windows Active Directory servers and clients use group policy templates to deploy sets of policies within your domain. But, there is a catch to deploying policies. The…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
Suggested Courses

571 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question