Link to home
Start Free TrialLog in
Avatar of Bedanta Shanker Mishra
Bedanta Shanker MishraFlag for India

asked on

How to know the IP configuration of a windows machine is stactic or Dynamic in an AD environment by analysing the network traffic

Hi,
I have a requirement to find out the Windows machines which have static IP configuration instead of DHCP by doing network packet analysis (By using Microsoft Netmon tool). There are thousands of client machines.
I need to know how can I get the list of machines which have static IP by doing protocol traffic analysis through the tool MS Netmon.
ASKER CERTIFIED SOLUTION
Avatar of Neil Russell
Neil Russell
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Bedanta Shanker Mishra

ASKER

Hi Neilsr,
Thanks for the reply. Yes, I agree, from DHCP server lease log we can get the detail of free and used IP from the pool. But for thousands of machines it is obviously a tedious task and time consuming. From packet analysis by filtering and extracting the DHCP packets we can find out the list of clients which are using dynamic IP. However the script part is a better option. Do you have a such kind of script ! That will really help. I think a PS script will be a good one.
SOLUTION
Avatar of Qlemo
Qlemo
Flag of Germany image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Thanks a lot Neilsr. Let me check out the script in my lab. I will post the output soon.

Thank you Qlemo.

Cheers :)
Neilsr,

I ran the above script on my lab DC. Below is my observations.

PS C:\Users\Administrator\Desktop> Get-ADComputer -Filter *


DistinguishedName : CN=cloudflexweb-PDC,OU=Domain Controllers,DC=logon,DC=ds,DC=cloudflexweb,DC=com
DNSHostName       : cloudflexweb-PDC.logon.ds.cloudflexweb.com
Enabled           : True
Name              : cloudflexweb-PDC
ObjectClass       : computer
ObjectGUID        : b7f5aa73-3c1b-4eca-952e-0d78ccb478c2
SamAccountName    : cloudflexweb-PDC$
SID               : S-1-5-21-1648877103-3137164350-3771869934-1000
UserPrincipalName :

DistinguishedName : CN=cloudflexwebCAP-CLIENTXP,CN=Computers,DC=logon,DC=ds,DC=cloudflexweb,DC=com
DNSHostName       : cloudflexwebCAP-ClientXP.logon.ds.cloudflexweb.com
Enabled           : True
Name              : cloudflexwebCAP-CLIENTXP
ObjectClass       : computer
ObjectGUID        : 4190af3a-0e1a-482b-af78-c029c9d8fda5
SamAccountName    : cloudflexwebCAP-CLIENTXP$
SID               : S-1-5-21-1648877103-3137164350-3771869934-1103
UserPrincipalName :

DistinguishedName : CN=cloudflexwebCAPCLIENTWIN8,CN=Computers,DC=logon,DC=ds,DC=cloudflexweb,DC=com
DNSHostName       : cloudflexwebCAPCLIENTWIN8.logon.ds.cloudflexweb.com
Enabled           : True
Name              : cloudflexwebCAPCLIENTWIN8
ObjectClass       : computer
ObjectGUID        : 97503804-0501-45a3-863e-d883d5b16b79
SamAccountName    : cloudflexwebCAPCLIENTWIN8$
SID               : S-1-5-21-1648877103-3137164350-3771869934-1109
UserPrincipalName :

DistinguishedName : CN=cloudflexweb-DB,CN=Computers,DC=logon,DC=ds,DC=cloudflexweb,DC=com
DNSHostName       : cloudflexweb-DB.logon.ds.cloudflexweb.com
Enabled           : True
Name              : cloudflexweb-DB
ObjectClass       : computer
ObjectGUID        : 84d04bbd-f6f1-48fb-9af9-519d9ec79cd3
SamAccountName    : cloudflexweb-DB$
SID               : S-1-5-21-1648877103-3137164350-3771869934-1110
UserPrincipalName :

DistinguishedName : CN=THEHACKER-HP,CN=Computers,DC=logon,DC=ds,DC=cloudflexweb,DC=com
DNSHostName       : THEHACKER-HP.logon.ds.cloudflexweb.com
Enabled           : True
Name              : THEHACKER-HP
ObjectClass       : computer
ObjectGUID        : 3b133b26-2f4a-4803-b5cf-d9ddb800fc41
SamAccountName    : THEHACKER-HP$
SID               : S-1-5-21-1648877103-3137164350-3771869934-1112
UserPrincipalName :

Open in new window


After using your code with ps1 script :

PS C:\Users\Administrator\Desktop> .\StaticIP_Fetch.ps1


DHCPEnabled      : False
IPAddress        : {192.168.43.243, fe80::711e:9752:fbd2:7ee4}
DefaultIPGateway : {192.168.43.85}
DNSDomain        :
ServiceName      : E1G60
Description      : Intel(R) PRO/1000 MT Network Connection
Index            : 7

DHCPEnabled      : True
IPAddress        : {192.168.43.85, fe80::5d3:1bcd:f408:2bd7}
DefaultIPGateway : {192.168.43.1}
DNSDomain        :
ServiceName      : E1G60
Description      : Intel(R) PRO/1000 MT Network Connection #2
Index            : 10

DHCPEnabled      : False
IPAddress        : {192.168.43.244, fe80::f8a0:336:8302:a677}
DefaultIPGateway : {192.168.43.250, 192.168.43.85}
DNSDomain        :
ServiceName      : E1G60
Description      : Intel(R) PRO/1000 MT Network Connection #3
Index            : 13

DHCPEnabled      : True
IPAddress        : {192.168.43.201}
DefaultIPGateway : {192.168.43.243}
DNSDomain        : logon.ds.ge.com
ServiceName      : VMXNET
Description      : AMD PCNET Family PCI Ethernet Adapter - Packet Scheduler Miniport
Index            : 1

DHCPEnabled      : True
IPAddress        : {0.0.0.0}
DefaultIPGateway :
DNSDomain        :
ServiceName      : BthPan
Description      : Bluetooth Device (Personal Area Network)
Index            : 11

Open in new window


The top three NIC configurations are for the DC itself and the 4th one is for a XP client machine. looks fine :). For a large number of machines it will be better to format this output by keeping these 7 Objects [DHCPEnabled, IPAddress, DefaultIPGateway, DNSDomain, ServiceName, Description and Index] in a tabular form to get them export in to a CSV file. I am working on it. Your notion regarding this will be deeply appreciated .  Thanks again for your valuable support. Have a lovely day.
.\StaticIP_Fetch.ps1 | Export-CSV -NoType StaticIP. csv

Open in new window

Is all you need to get the CSV file. The formatting you see is done by PowerShell as you didn't tell what to do with the result. In that case up to 3 properties are shown in a table, more in a list.
You could also use Microsoft's  PSExec to run IPConfig on a list of remote computers, such as
  psexec @list.txt  ipconfig  >>C:\Temp\Output.txt
Where List.txt is a list of computer names, or IPs..
http://technet.microsoft.com/en-ca/sysinternals/bb897553.aspx
You could use the "find" command to limit the amount of information recorded.
Hi Qlemo,

I tried the "Export-CSV -NoType" through pipe but got the following error.

PS C:\Users\Administrator\Desktop> .\StaticIP_Fetch.ps1 | Export-CSV -NoType StaticIP.csv
Export-Csv : Cannot bind argument to parameter 'InputObject' because it is null.
At line:1 char:34
+ .\StaticIP_Fetch.ps1 | Export-CSV <<<<  -NoType StaticIP.csv
    + CategoryInfo          : InvalidData: (:) [Export-Csv], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Microsoft.PowerShell.Commands.ExportCsvCommand

Export-Csv : Cannot bind argument to parameter 'InputObject' because it is null.
At line:1 char:34
+ .\StaticIP_Fetch.ps1 | Export-CSV <<<<  -NoType StaticIP.csv
    + CategoryInfo          : InvalidData: (:) [Export-Csv], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Microsoft.PowerShell.Commands.ExportCsvCommand

Export-Csv : Cannot bind argument to parameter 'InputObject' because it is null.
At line:1 char:34
+ .\StaticIP_Fetch.ps1 | Export-CSV <<<<  -NoType StaticIP.csv
    + CategoryInfo          : InvalidData: (:) [Export-Csv], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Microsoft.PowerShell.Commands.ExportCsvCommand

Open in new window


Could you please suggest any correction !

Hi Rob,
Thanks for your support.  PSExec is really a great tool. I used that before. But as per our current policy approval of this tool for execution is really a challenge ! That is why trying to get this done by script.
Modified Script :

$Computers = Get-ADComputer -Filter *
foreach ($Computer in $Computers)
{
$wmiInfo = Get-WmiObject -Class Win32_NetworkAdapterConfiguration -Filter IPEnabled=TRUE -ComputerName $Computer.name -ErrorAction:SilentlyContinue | format-list DHCPEnabled,IPaddress
$wmiinfo
}

Open in new window



OUTPUT:

PS C:\Users\Administrator\Desktop> .\StaticIP_Fetch.ps1


DHCPEnabled : False
IPaddress   : {192.168.43.243, fe80::711e:9752:fbd2:7ee4}

DHCPEnabled : True
IPaddress   : {192.168.43.85, fe80::5d3:1bcd:f408:2bd7}

DHCPEnabled : False
IPaddress   : {192.168.43.244, fe80::f8a0:336:8302:a677}





DHCPEnabled : True
IPaddress   : {192.168.43.201}

DHCPEnabled : True
IPaddress   : {0.0.0.0}

Open in new window


Can I get the above output in below format ?

DHCPEnabled                    IPaddress
       True                         {192.168.43.201}

So that it can be exported into CSV properly !
Try with:
Get-ADComputer -Filter * | % {
  if (Test-Connection -Quiet $_.Name -Count 1) {
    Get-WmiObject -Class Win32_NetworkAdapterConfiguration -Filter IPEnabled=TRUE -ComputerName $_.name  -ErrorAction SilentlyContinu
  }
} | select PSComputername, DHCPEnabled, IPAddress | Export-Csv -noType StaticIP.csv

Open in new window

Hi Qlemo,

I got the output on CSV as below : IP is not reflecting on CSV !!!

PSComputername      DHCPEnabled      IPAddress
                                               FALSE           System.String[]
                                                TRUE           System.String[]
                                               FALSE           System.String[]
                                                TRUE           System.String[]
                                               FALSE           System.String[]
                                                TRUE           System.String[]
                                                TRUE           System.String[]


Without Export or On Console :

PS C:\Users\Administrator\Desktop> .\StaticIP_Fetch_New.ps1

                                                                         DHCPEnabled IPAddress
                                                                         ----------- ---------
                                                                               False {192.168.43.243}
                                                                                True {169.254.43.215}
                                                                               False {192.168.43.244}
                                                                                True {192.168.43.164, fe80::1ca9:88e5:a04b:50ac}
                                                                               False {169.254.185.151, fe80::2542:9658:bf55:b997}
                                                                                True {169.254.247.74, fe80::a94d:7b95:ddf0:f74a}
                                                                                True {192.168.43.200}

Open in new window


Any idea pls !!!
Yes, please re-open the question, Sorry, I closed before getting the absolute solution. Thank you.
Thanks, Qlemo. Also requesting you to have a look at the output !
There is another issue, as PSComputerName seems to be available with PS 3, not PS 2 (hence it is empty in your output).
This script will (a) process the machines in alphabetical order, (b) provide (empty) output for machines not reached, and (c) create the proper CSV output. If an interface has more than one IP, which happens e.g. with IPv6, those IPs are listed comma-separated.
Get-ADComputer -Filter * | sort Name | % {
  if (Test-Connection -Quiet $_.Name -Count 1) {
    Get-WmiObject -Class Win32_NetworkAdapterConfiguration -Filter IPEnabled=TRUE -ComputerName $_.name -ErrorAction SilentlyContinue
  } else {
    New-Object PsObject -Property @{__Server = $_.Name; DHCPEnabled = $null; IPAddress = $null}
  }
 } | select @{n='ComputerName'; e={$.__Server}},
            DHCPEnabled,
            @{n='IPAddress'; e={$_.IPAddress -join ','}} |
   Export-CSV -NoType IPs.csv

Open in new window

Great, let me check the script in lab :) Yes, on PS3 and PS4 PSComputerName is present (tested with PS4). Thank you...
Works like a charm. CSV output is proper. But a small issue still exists for PSComputerName !

PC with PS4 | Output :

PS C:\Users\VLAB\Desktop> .\StaticIP_Fetch_New.ps1

ComputerName                                      DHCPEnabled                                       IPAddress
------------                                      -----------                                       ---------

                                                  True                                              192.168.43.164,fe80::1ca9:88e5:a04b:50ac
                                                  True                                              192.168.43.200

Open in new window


PC with PS4 | Output Simple Cmdlet: :

PS C:\Users\VLAB\Desktop> Get-WmiObject -Class Win32_NetworkAdapterConfiguration -Filter IPEnabled=TRUE | select PSComputerName, DHCPEnabled, IP
Address

PSComputerName                                                                          DHCPEnabled IPAddress
--------------                                                                          ----------- ---------
VLAB-HP                                                                                   True {192.168.43.164, fe80::1ca9:88e5:a04b:50ac}
VLAB-HP                                                                                   True {192.168.43.200}

Open in new window


From the above output it is clear that  PSComputerName is available, but through script it is not giving the result. I checked by adding "PSComputerName" against "ComputerName" in script at "select @{n='ComputerName'; e={$.__Server}}", but that didn't work. It will be great to have your help on this.  Thanks a lot again !
Strange.  __Server is available with WMI on PS 2, but let me perform some tests again...
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Thank you So much Qlemo :) This is the final output through CSV export  (The perfect One):

ComputerName                           DHCPEnabled      IPAddress
VLAB1AD-DB            
VLAB1AD-PDC                                    FALSE      192.168.43.243
VLAB1AD-PDC                                     TRUE      192.168.43.85
VLAB1AD-PDC                                    FALSE      192.168.43.244
VLABCLIENTWIN8            
VLAB-CLIENTXP                                     TRUE      192.168.43.211
VLAB-CLIENTXP                                     TRUE      0.0.0.0
VLAB-HP                                                     TRUE      192.168.43.164,fe80::1ca9:88e5:a04b:50ac
VLAB-HP                                                     TRUE      192.168.43.200

Cheers
Bedanta
Best to split between multiple answers, because the solution takes a different approach than the original question.

Neilsr  http:#a40549386      100
Neilsr  http:#a40549505      150
Qlemo http:#a40549487      100
Qlemo http:#a40556760      150
Agreed with Qlemo two different questions answered really.