Solved

How to know the IP configuration of a windows machine is stactic or Dynamic in an AD environment by analysing the network traffic

Posted on 2015-01-14
27
281 Views
Last Modified: 2015-02-01
Hi,
I have a requirement to find out the Windows machines which have static IP configuration instead of DHCP by doing network packet analysis (By using Microsoft Netmon tool). There are thousands of client machines.
I need to know how can I get the list of machines which have static IP by doing protocol traffic analysis through the tool MS Netmon.
0
Comment
  • 11
  • 7
  • 3
  • +1
27 Comments
 
LVL 37

Accepted Solution

by:
Neil Russell earned 250 total points
ID: 40549386
Network traffic does not tell you if you are static or dhcp address.  

You would be far better off just doing a script to look at the NIC configuration of each machine on your network remotely.

Of course your DHCP server can tell you all of the IP addresses it has issued and are in use.
0
 

Author Comment

by:Bedanta Shanker Mishra
ID: 40549428
Hi Neilsr,
Thanks for the reply. Yes, I agree, from DHCP server lease log we can get the detail of free and used IP from the pool. But for thousands of machines it is obviously a tedious task and time consuming. From packet analysis by filtering and extracting the DHCP packets we can find out the list of clients which are using dynamic IP. However the script part is a better option. Do you have a such kind of script ! That will really help. I think a PS script will be a good one.
0
 
LVL 69

Assisted Solution

by:Qlemo
Qlemo earned 250 total points
ID: 40549487
For static IP addresses overlapping with the DHCP pool you get special entries in the lease table, as those are getting blocked by the DHCP server.
A list of AD computers minus DHCP lease computers should get you those machines potentially being static. I would then go and apply the aforementioned script to only those.
On the other hand, running a login script collecting IP info is a common approach.
0
3 Use Cases for Connected Systems

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, testing some more, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us.

 
LVL 37

Assisted Solution

by:Neil Russell
Neil Russell earned 250 total points
ID: 40549505
I'm off out in a bit but in essence what you want is starting with this...
$Computers = Get-ADComputer -Filter *
foreach ($Computer in $Computers)
{
$wmiInfo = Get-WmiObject -Class Win32_NetworkAdapterConfiguration -Filter IPEnabled=TRUE -ComputerName $Computer.name  -ErrorAction:SilentlyContinue
$wmiinfo
}

Open in new window


If you run that and observer its output, that will hopefully guide you in how to get what you want. OR qlemo can elaborate for you.
0
 

Author Comment

by:Bedanta Shanker Mishra
ID: 40549557
Thanks a lot Neilsr. Let me check out the script in my lab. I will post the output soon.

Thank you Qlemo.

Cheers :)
0
 

Author Comment

by:Bedanta Shanker Mishra
ID: 40549843
Neilsr,

I ran the above script on my lab DC. Below is my observations.

PS C:\Users\Administrator\Desktop> Get-ADComputer -Filter *


DistinguishedName : CN=cloudflexweb-PDC,OU=Domain Controllers,DC=logon,DC=ds,DC=cloudflexweb,DC=com
DNSHostName       : cloudflexweb-PDC.logon.ds.cloudflexweb.com
Enabled           : True
Name              : cloudflexweb-PDC
ObjectClass       : computer
ObjectGUID        : b7f5aa73-3c1b-4eca-952e-0d78ccb478c2
SamAccountName    : cloudflexweb-PDC$
SID               : S-1-5-21-1648877103-3137164350-3771869934-1000
UserPrincipalName :

DistinguishedName : CN=cloudflexwebCAP-CLIENTXP,CN=Computers,DC=logon,DC=ds,DC=cloudflexweb,DC=com
DNSHostName       : cloudflexwebCAP-ClientXP.logon.ds.cloudflexweb.com
Enabled           : True
Name              : cloudflexwebCAP-CLIENTXP
ObjectClass       : computer
ObjectGUID        : 4190af3a-0e1a-482b-af78-c029c9d8fda5
SamAccountName    : cloudflexwebCAP-CLIENTXP$
SID               : S-1-5-21-1648877103-3137164350-3771869934-1103
UserPrincipalName :

DistinguishedName : CN=cloudflexwebCAPCLIENTWIN8,CN=Computers,DC=logon,DC=ds,DC=cloudflexweb,DC=com
DNSHostName       : cloudflexwebCAPCLIENTWIN8.logon.ds.cloudflexweb.com
Enabled           : True
Name              : cloudflexwebCAPCLIENTWIN8
ObjectClass       : computer
ObjectGUID        : 97503804-0501-45a3-863e-d883d5b16b79
SamAccountName    : cloudflexwebCAPCLIENTWIN8$
SID               : S-1-5-21-1648877103-3137164350-3771869934-1109
UserPrincipalName :

DistinguishedName : CN=cloudflexweb-DB,CN=Computers,DC=logon,DC=ds,DC=cloudflexweb,DC=com
DNSHostName       : cloudflexweb-DB.logon.ds.cloudflexweb.com
Enabled           : True
Name              : cloudflexweb-DB
ObjectClass       : computer
ObjectGUID        : 84d04bbd-f6f1-48fb-9af9-519d9ec79cd3
SamAccountName    : cloudflexweb-DB$
SID               : S-1-5-21-1648877103-3137164350-3771869934-1110
UserPrincipalName :

DistinguishedName : CN=THEHACKER-HP,CN=Computers,DC=logon,DC=ds,DC=cloudflexweb,DC=com
DNSHostName       : THEHACKER-HP.logon.ds.cloudflexweb.com
Enabled           : True
Name              : THEHACKER-HP
ObjectClass       : computer
ObjectGUID        : 3b133b26-2f4a-4803-b5cf-d9ddb800fc41
SamAccountName    : THEHACKER-HP$
SID               : S-1-5-21-1648877103-3137164350-3771869934-1112
UserPrincipalName :

Open in new window


After using your code with ps1 script :

PS C:\Users\Administrator\Desktop> .\StaticIP_Fetch.ps1


DHCPEnabled      : False
IPAddress        : {192.168.43.243, fe80::711e:9752:fbd2:7ee4}
DefaultIPGateway : {192.168.43.85}
DNSDomain        :
ServiceName      : E1G60
Description      : Intel(R) PRO/1000 MT Network Connection
Index            : 7

DHCPEnabled      : True
IPAddress        : {192.168.43.85, fe80::5d3:1bcd:f408:2bd7}
DefaultIPGateway : {192.168.43.1}
DNSDomain        :
ServiceName      : E1G60
Description      : Intel(R) PRO/1000 MT Network Connection #2
Index            : 10

DHCPEnabled      : False
IPAddress        : {192.168.43.244, fe80::f8a0:336:8302:a677}
DefaultIPGateway : {192.168.43.250, 192.168.43.85}
DNSDomain        :
ServiceName      : E1G60
Description      : Intel(R) PRO/1000 MT Network Connection #3
Index            : 13

DHCPEnabled      : True
IPAddress        : {192.168.43.201}
DefaultIPGateway : {192.168.43.243}
DNSDomain        : logon.ds.ge.com
ServiceName      : VMXNET
Description      : AMD PCNET Family PCI Ethernet Adapter - Packet Scheduler Miniport
Index            : 1

DHCPEnabled      : True
IPAddress        : {0.0.0.0}
DefaultIPGateway :
DNSDomain        :
ServiceName      : BthPan
Description      : Bluetooth Device (Personal Area Network)
Index            : 11

Open in new window


The top three NIC configurations are for the DC itself and the 4th one is for a XP client machine. looks fine :). For a large number of machines it will be better to format this output by keeping these 7 Objects [DHCPEnabled, IPAddress, DefaultIPGateway, DNSDomain, ServiceName, Description and Index] in a tabular form to get them export in to a CSV file. I am working on it. Your notion regarding this will be deeply appreciated .  Thanks again for your valuable support. Have a lovely day.
0
 
LVL 69

Expert Comment

by:Qlemo
ID: 40550022
.\StaticIP_Fetch.ps1 | Export-CSV -NoType StaticIP. csv

Open in new window

Is all you need to get the CSV file. The formatting you see is done by PowerShell as you didn't tell what to do with the result. In that case up to 3 properties are shown in a table, more in a list.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 40550091
You could also use Microsoft's  PSExec to run IPConfig on a list of remote computers, such as
  psexec @list.txt  ipconfig  >>C:\Temp\Output.txt
Where List.txt is a list of computer names, or IPs..
http://technet.microsoft.com/en-ca/sysinternals/bb897553.aspx
You could use the "find" command to limit the amount of information recorded.
0
 

Author Comment

by:Bedanta Shanker Mishra
ID: 40551919
Hi Qlemo,

I tried the "Export-CSV -NoType" through pipe but got the following error.

PS C:\Users\Administrator\Desktop> .\StaticIP_Fetch.ps1 | Export-CSV -NoType StaticIP.csv
Export-Csv : Cannot bind argument to parameter 'InputObject' because it is null.
At line:1 char:34
+ .\StaticIP_Fetch.ps1 | Export-CSV <<<<  -NoType StaticIP.csv
    + CategoryInfo          : InvalidData: (:) [Export-Csv], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Microsoft.PowerShell.Commands.ExportCsvCommand

Export-Csv : Cannot bind argument to parameter 'InputObject' because it is null.
At line:1 char:34
+ .\StaticIP_Fetch.ps1 | Export-CSV <<<<  -NoType StaticIP.csv
    + CategoryInfo          : InvalidData: (:) [Export-Csv], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Microsoft.PowerShell.Commands.ExportCsvCommand

Export-Csv : Cannot bind argument to parameter 'InputObject' because it is null.
At line:1 char:34
+ .\StaticIP_Fetch.ps1 | Export-CSV <<<<  -NoType StaticIP.csv
    + CategoryInfo          : InvalidData: (:) [Export-Csv], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Microsoft.PowerShell.Commands.ExportCsvCommand

Open in new window


Could you please suggest any correction !

Hi Rob,
Thanks for your support.  PSExec is really a great tool. I used that before. But as per our current policy approval of this tool for execution is really a challenge ! That is why trying to get this done by script.
0
 

Author Comment

by:Bedanta Shanker Mishra
ID: 40552082
Modified Script :

$Computers = Get-ADComputer -Filter *
foreach ($Computer in $Computers)
{
$wmiInfo = Get-WmiObject -Class Win32_NetworkAdapterConfiguration -Filter IPEnabled=TRUE -ComputerName $Computer.name -ErrorAction:SilentlyContinue | format-list DHCPEnabled,IPaddress
$wmiinfo
}

Open in new window



OUTPUT:

PS C:\Users\Administrator\Desktop> .\StaticIP_Fetch.ps1


DHCPEnabled : False
IPaddress   : {192.168.43.243, fe80::711e:9752:fbd2:7ee4}

DHCPEnabled : True
IPaddress   : {192.168.43.85, fe80::5d3:1bcd:f408:2bd7}

DHCPEnabled : False
IPaddress   : {192.168.43.244, fe80::f8a0:336:8302:a677}





DHCPEnabled : True
IPaddress   : {192.168.43.201}

DHCPEnabled : True
IPaddress   : {0.0.0.0}

Open in new window


Can I get the above output in below format ?

DHCPEnabled                    IPaddress
       True                         {192.168.43.201}

So that it can be exported into CSV properly !
0
 
LVL 69

Expert Comment

by:Qlemo
ID: 40553197
Try with:
Get-ADComputer -Filter * | % {
  if (Test-Connection -Quiet $_.Name -Count 1) {
    Get-WmiObject -Class Win32_NetworkAdapterConfiguration -Filter IPEnabled=TRUE -ComputerName $_.name  -ErrorAction SilentlyContinu
  }
} | select PSComputername, DHCPEnabled, IPAddress | Export-Csv -noType StaticIP.csv

Open in new window

0
 

Author Comment

by:Bedanta Shanker Mishra
ID: 40556332
Hi Qlemo,

I got the output on CSV as below : IP is not reflecting on CSV !!!

PSComputername      DHCPEnabled      IPAddress
                                               FALSE           System.String[]
                                                TRUE           System.String[]
                                               FALSE           System.String[]
                                                TRUE           System.String[]
                                               FALSE           System.String[]
                                                TRUE           System.String[]
                                                TRUE           System.String[]


Without Export or On Console :

PS C:\Users\Administrator\Desktop> .\StaticIP_Fetch_New.ps1

                                                                         DHCPEnabled IPAddress
                                                                         ----------- ---------
                                                                               False {192.168.43.243}
                                                                                True {169.254.43.215}
                                                                               False {192.168.43.244}
                                                                                True {192.168.43.164, fe80::1ca9:88e5:a04b:50ac}
                                                                               False {169.254.185.151, fe80::2542:9658:bf55:b997}
                                                                                True {169.254.247.74, fe80::a94d:7b95:ddf0:f74a}
                                                                                True {192.168.43.200}

Open in new window


Any idea pls !!!
0
 

Author Comment

by:Bedanta Shanker Mishra
ID: 40556431
Yes, please re-open the question, Sorry, I closed before getting the absolute solution. Thank you.
0
 

Author Comment

by:Bedanta Shanker Mishra
ID: 40556445
Thanks, Qlemo. Also requesting you to have a look at the output !
0
 
LVL 69

Expert Comment

by:Qlemo
ID: 40556461
There is another issue, as PSComputerName seems to be available with PS 3, not PS 2 (hence it is empty in your output).
This script will (a) process the machines in alphabetical order, (b) provide (empty) output for machines not reached, and (c) create the proper CSV output. If an interface has more than one IP, which happens e.g. with IPv6, those IPs are listed comma-separated.
Get-ADComputer -Filter * | sort Name | % {
  if (Test-Connection -Quiet $_.Name -Count 1) {
    Get-WmiObject -Class Win32_NetworkAdapterConfiguration -Filter IPEnabled=TRUE -ComputerName $_.name -ErrorAction SilentlyContinue
  } else {
    New-Object PsObject -Property @{__Server = $_.Name; DHCPEnabled = $null; IPAddress = $null}
  }
 } | select @{n='ComputerName'; e={$.__Server}},
            DHCPEnabled,
            @{n='IPAddress'; e={$_.IPAddress -join ','}} |
   Export-CSV -NoType IPs.csv

Open in new window

0
 

Author Comment

by:Bedanta Shanker Mishra
ID: 40556479
Great, let me check the script in lab :) Yes, on PS3 and PS4 PSComputerName is present (tested with PS4). Thank you...
0
 

Author Comment

by:Bedanta Shanker Mishra
ID: 40556553
Works like a charm. CSV output is proper. But a small issue still exists for PSComputerName !

PC with PS4 | Output :

PS C:\Users\VLAB\Desktop> .\StaticIP_Fetch_New.ps1

ComputerName                                      DHCPEnabled                                       IPAddress
------------                                      -----------                                       ---------

                                                  True                                              192.168.43.164,fe80::1ca9:88e5:a04b:50ac
                                                  True                                              192.168.43.200

Open in new window


PC with PS4 | Output Simple Cmdlet: :

PS C:\Users\VLAB\Desktop> Get-WmiObject -Class Win32_NetworkAdapterConfiguration -Filter IPEnabled=TRUE | select PSComputerName, DHCPEnabled, IP
Address

PSComputerName                                                                          DHCPEnabled IPAddress
--------------                                                                          ----------- ---------
VLAB-HP                                                                                   True {192.168.43.164, fe80::1ca9:88e5:a04b:50ac}
VLAB-HP                                                                                   True {192.168.43.200}

Open in new window


From the above output it is clear that  PSComputerName is available, but through script it is not giving the result. I checked by adding "PSComputerName" against "ComputerName" in script at "select @{n='ComputerName'; e={$.__Server}}", but that didn't work. It will be great to have your help on this.  Thanks a lot again !
0
 
LVL 69

Expert Comment

by:Qlemo
ID: 40556624
Strange.  __Server is available with WMI on PS 2, but let me perform some tests again...
0
 
LVL 69

Assisted Solution

by:Qlemo
Qlemo earned 250 total points
ID: 40556760
What a stupid mistake - I left out an underline ...
Get-ADComputer -Filter * | sort Name | % {
  if (Test-Connection -Quiet $_.Name -Count 1) {
    Get-WmiObject -Class Win32_NetworkAdapterConfiguration -Filter IPEnabled=TRUE -ComputerName $_.name -ErrorAction SilentlyContinue
  } else {
    New-Object PsObject -Property @{__Server = $_.Name; DHCPEnabled = $null; IPAddress = $null}
  }
 } | select @{n='ComputerName'; e={$_.__Server}},
            DHCPEnabled,
            @{n='IPAddress'; e={$_.IPAddress -join ','}} |
   Export-CSV -NoType IPs.csv

Open in new window

0
 

Author Comment

by:Bedanta Shanker Mishra
ID: 40558273
Thank you So much Qlemo :) This is the final output through CSV export  (The perfect One):

ComputerName                           DHCPEnabled      IPAddress
VLAB1AD-DB            
VLAB1AD-PDC                                    FALSE      192.168.43.243
VLAB1AD-PDC                                     TRUE      192.168.43.85
VLAB1AD-PDC                                    FALSE      192.168.43.244
VLABCLIENTWIN8            
VLAB-CLIENTXP                                     TRUE      192.168.43.211
VLAB-CLIENTXP                                     TRUE      0.0.0.0
VLAB-HP                                                     TRUE      192.168.43.164,fe80::1ca9:88e5:a04b:50ac
VLAB-HP                                                     TRUE      192.168.43.200

Cheers
Bedanta
0
 
LVL 69

Expert Comment

by:Qlemo
ID: 40573225
Best to split between multiple answers, because the solution takes a different approach than the original question.

Neilsr  http:#a40549386      100
Neilsr  http:#a40549505      150
Qlemo http:#a40549487      100
Qlemo http:#a40556760      150
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 40573918
Agreed with Qlemo two different questions answered really.
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Outsource Your Fax Infrastructure to the Cloud (And come out looking like an IT Hero!) Relative to the many demands on today’s IT teams, spending capital, time and resources to maintain physical fax servers and infrastructure is not a high priority.
David Varnum recently wrote up his impressions of PRTG, based on a presentation by my colleague Christian at Tech Field Day at VMworld in Barcelona. Thanks David, for your detailed and honest evaluation!
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question