Get Network Address using VBScript

January 10, 2018January 10, 2018 Daniel Adeniji Microsoft, Networking, Technical, VBScript

Background

Like everyone else took a boat load of CISCO Networking classes. Took night classes at the local community college.

Forgot about it.

But, then last week a Network Engineer asked me what is my network address and I just did not know.

Yes, I know how to issue ipconfig and get my IP Address and Subnet mask.

Or on Linux, issue ifconfig.

But, to think one step ahead and get the Network Address and CIDR, my mind just did not want to go down that step.

Code

Opportunity to code…

VBScript



REM *********************************************************************************************

'   1a) http://chris.wastedhalo.com/2014/05/more-binarybitwise-functions-for-vbscript/
    
'   2a) http://www.robvanderwoude.com/vbstech_network_ip.php

'   3a) http://powerasp.net/content/new/vbscript-constants.asp
    
REM *********************************************************************************************

option explicit

Dim strLog

Dim strIPAddress
Dim strIPSubnet
Dim strCIDR
Dim strNetworkAddress
    
Dim strAguments

Dim objAguments
Dim iNumberofArgs 


Const CHAR_PERIOD = "."
    
function getIPAddress

    REM *****************************************************************************
    REM Rob van der Woude's Scripting Page
    REM Win32_NetworkAdapterConfiguration
    REM http://www.robvanderwoude.com/vbstech_network_ip.php
    REM *****************************************************************************
    
    Const strQueryNAC = "select * from Win32_NetworkAdapterConfiguration where MACAddress > ''"
    Const WMISERVICE = "winmgmts://./root/CIMV2"

    Dim objWMISvc
    Dim  objRS
    
    set objWMISvc = GetObject(WMISERVICE)
    
    if objWMISvc is Nothing then
    
        strLog = "Unable to Get Object " & WMISERVICE

        WScript.Echo strLog

        WScript.Quit (-1)
    
    end if

    Set objRS  = objWMISvc.ExecQuery( strQueryNAC, "WQL", 48 )
    
    Dim objItem
    
    For Each objItem In objRS
    
        'IP Address
        If IsArray( objItem.IPAddress ) Then
        
            If UBound( objItem.IPAddress ) = 0 Then
            
                strIPAddress = objItem.IPAddress(0)
        
            Else
            
                strIPAddress = Join( objItem.IPAddress, "," )
            
            End If
        
        End If

    
        'IP Subnet
        If IsArray( objItem.IPSubnet ) Then
        
            If UBound( objItem.IPSubnet ) = 0 Then
            
                strIPSubnet = objItem.IPSubnet(0)
        
            Else
            
                strIPSubnet = Join( objItem.IPSubnet, "," )
            
            End If
        
        End If
        
    Next
    
    
    
end function

'*******************************************************************************
'*     bitMask(BitNumber)
'*         Returns a number with all bits set to 0 except for the specified bit
'*     http://chris.wastedhalo.com/2014/05/more-binarybitwise-functions-for-vbscript/
'*******************************************************************************
Function bitMask(pBit)

    If pBit < 32 Then 

        bitMask = 2 ^ (pBit - 1) 
    
    Else
    
        bitMask = "&H80000000"

    End If
    
End Function



Function Dec2Bin(pValue)

    '*************************************************************************************
    '*     Dec2Bin(AnyNumber)
    '*         Returns a string representing the number in binary.
    '*     http://chris.wastedhalo.com/2014/05/more-binarybitwise-functions-for-vbscript/
    '*************************************************************************************
    Dim TotalBits, i
    
    strLog = VarType(pValue)
    
    Select Case VarType(pValue)
        
        Case vbLong: 
            TotalBits = 32
 
        Case vbString: 
            TotalBits = 32
 
 
        Case vbInteger: 
            TotalBits = 16
        
        Case vbByte: 
            TotalBits = 8
        
        Case Else: 
        
            strLog = "In Function Dec2Bin:: Value passed is " & pValue & vbCrLf
            strLog = strLog + "VarType(pValue) :- " & CSTR(VarType(pValue)) & vbCrLf

            Wscript.Echo strLog
            
            Err.Raise 13 ' Not a supported type
    
            WScript.Quit
            
    End Select

    For i = TotalBits to 1 Step -1
    
        If pValue And bitMask(i) Then
        
            Dec2Bin = Dec2Bin + "1" 
        
        Else 
        
            Dec2Bin = Dec2Bin + "0"
        
        End if
        
    Next

End Function

Function countSpecficChar( strText, chChar)

    Dim iPos
    Dim iLen
    Dim iCharFound
    Dim iCount
    Dim chCharAtPos
    
    iPos = 1
    iCount = 0

    iLen = len(strText)
    
    for iPos = 1 to ILen

        'Get character at position
        chCharAtPos = mid(strText, iPos, 1)

        if (chCharAtPos = chChar) then
        
            iCount = iCount + 1
            
        end if
        
    Next
    
    countSpecficChar = iCount

End Function
    
function getCIDR(strIPSubnet)

    Dim objArr
    Dim strNumber
    Dim iNumber

    Dim strNumberBin
    

    Dim iNumberofOnes
    Dim iNumberofOnesTotal
    
    objArr = Split(strIPSubnet, ".")

    iNumberofOnesTotal = 0
    
    
    for each strNumber in objArr
    
        iNumber = CInt(strNumber)
        
        strNumberBin = Dec2Bin(iNumber)
        
        iNumberofOnes = countSpecficChar(strNumberBin, "1")
        
        iNumberofOnesTotal = iNumberofOnesTotal + iNumberofOnes
        
    next

    getCIDR = iNumberofOnesTotal
    
end function


function getNetworkAddress(strIPAddress, strIPSubnet)

    Dim objArrIPAddress
    Dim objArrIPSubnet

    Dim iIPAddress
    Dim iIPSubnet
    
    Dim strNetworkAddress

    Dim id
    
    Dim idLowerBound
    
    Dim idUpperBound
    
    Dim strLogicalAND
    
    strNetworkAddress = ""

    'Split Numbers into Array   
    objArrIPAddress = Split(strIPAddress, CHAR_PERIOD)
    objArrIPSubnet = Split(strIPSubnet, CHAR_PERIOD)

    id = 0
    
    'Get Number of Octets
    idLowerBound = LBOUND(objArrIPAddress)
    idUpperBound = UBOUND(objArrIPAddress) 

    'Transverse Numbers
    for id = idLowerBound to idUpperBound
    
        iIPAddress = CInt(objArrIPAddress(id))
        
        iIPSubnet = CInt(objArrIPSubnet(id))
        
        strLogicalAND = ( iIPAddress AND iIPSubnet )
        
        'If this is not the first number then add delimeter
        if (strNetworkAddress <> "") Then
        
            strNetworkAddress = strNetworkAddress + CHAR_PERIOD
        
        end if
        
        strNetworkAddress = strNetworkAddress + CSTR(strLogicalAND)
    
    next

    getNetworkAddress = strNetworkAddress
    
end function


'Get List of Arguments 
set objAguments = WScript.Arguments

iNumberofArgs = objAguments.Count

if (iNumberofArgs >0) and (iNumberofArgs <> 2)  Then

    set objAguments = Nothing

    Wscript.Echo "Expected two arguments IP Address & Subnet Mask"
    Wscript.Quit

elseif (iNumberofArgs =2) Then

    strIPAddress = objAguments(0)
    
    strIPSubnet = objAguments(1)
    
else

    call getIPAddress
    
end if


set objAguments = Nothing


strNetworkAddress = getNetworkAddress(strIPAddress, strIPSubnet)

strCIDR = getCIDR(strIPSubnet)

WScript.Echo "IP Address :- " & strIPAddress

WScript.Echo "IP Subnet  :- " & strIPSubnet

WScript.Echo "Network Address :- " & CSTR(strNetworkAddress)

WScript.Echo "CIDR :- " & CSTR(strCIDR)

Invocation

There are two type of invocation.

The first one is to pass along the IP Address and Subnet mask.

And, the other is not pass in any arguments and have the script query the system for its IP Address and subnet mask.

Automatic


cscript networkAddress.vbs

Manual



set _IPAddress=10.0.4.101
set _IPSubnet=255.255.255.128

cscript networkAddress.vbs %_IPAddress% %_IPSubnet%

Output

Source Control

GitHub

Link

Resolving IPV6 Network Addresses

June 1, 2017June 1, 2017 Daniel Adeniji Adam Brand, arp, Benjamin Perkins, Event ID - 1309, Event ID - 5138, Microsoft, netstat, Networking ( SQL Server ), Networking Tools, pathping, SQL Server, Technical, WinOS - Version, WinOS - Version - v2012 Cannot open database, IIS APPPOOL\DefaultAppPool, Login failed for user, w3wp.exe

Background

We experienced a big outage yesterday.

Cisco patches were applied, the big VMWare boxes came back up, NetApp Storage were restarted, database servers brought online, Application & Web Servers rounded up the corner mile.

Internet Information Server ( IIS) Web Server

But not so fast with the IIS Web Servers in our QA environment.

Core Services

The Web Server is running on Windows 2014.

And, the core IIS related Windows Services on that OS are:

IIS Admin Services
Activation
World Wide Web Publishing Service (W3svc)

And, for each Web Site the corresponding “Application Pool”.

Repeatedly restarted the Services in the sequence listed below:

Components Stop

IIS Admin Manager
- Application Pool
Control Panel / Services Applet
- World Wide Web Publishing Services ( W3SVC )
- Windows Process Activation Service ( WAS )
- IIS Admin Services ( IISAdmin )

Components Start

Control Panel / Services Applet
- IIS Admin Services ( IISAdmin )
- Windows Process Activation Service ( WAS )
- World Wide Web Publishing Services ( W3SVC )
IIS Admin Manager
- Application Pool

But, upon launching a browser and accessing the web site locally on the box itself, no smoke.

TroubleShooting

Event Viewer

Countless episode with Event Viewer yielded no redemptive clue.

Event Log – System

Event ID	Level	Source	Details
6038	Warning	LSA (LsaSrv)	Microsoft Windows Server has detected that NTLM authentication is presently being used between clients and this server. This event occurs once per boot of the server on the first time a client uses NTLM with this server. NTLM is a weaker authentication mechanism. Please check: Which applications are using NTLM authentication? Are there configuration issues preventing the use of stronger authentication such as Kerberos authentication? If NTLM must be supported, is Extended Protection configured? Details on how to complete these checks can be found at http://go.microsoft.com/fwlink/?LinkId=225699.
5010	Warning	WAS	A process serving application pool ‘DefaultAppPool’ failed to respond to a ping. The process id was ‘###’.
10149	Warning	Windows Remote Management	The WinRM service is not listening for WS-Management requests. User Action If you did not intentionally stop the service, use the following command to see the WinRM configuration: winrm enumerate winrm/config/listener

Event Log – Application

Event ID	Level	Source	Details
1309	Warning	ASP.NET 4.0.30319.0	Process name: w3wp.exe Account name: IIS APPPOOL\DefaultAppPoolException information: Exception type: ConfigurationErrorsException Exception message: Could not load file or assembly ‘Glimpse.AspNet’ or one of its dependencies. The system cannot find the file specified.Request information: Request URL: http://qa.labng.org/signalr/reconnect?transport=longPolling&messageId=d-28CDBFFE-B,0\|H,0\|D,0\|I,2&clientProtocol=1.4&connectionToken=isY0EAjbK7jdhS1Qj5lcKypIwZQshf1+UAPdV51M0q95Qe8PFjjlKd0whzr5zPitd9CJSongw3H5j3aGRK/m3VxRaHKxyKo2ZQKVFqqKvntLq5ir3WYBTRB5+VUlFwiw6auAYi1ztgxt8WTcj4Acx/56CDA=&connectionData=[{“name”:”messagehub”}]&tid=2&_=1496330342362 Request path: /signalr/reconnectThread account name: IIS APPPOOL\DefaultAppPoolThread information:Stack trace: at System.Web.Configuration.ConfigUtil.GetType(String typeName, String propertyName, ConfigurationElement configElement, XmlNode node, Boolean checkAptcaBit, Boolean ignoreCase) at System.Web.Hosting.PipelineRuntime.InitializeApplication(IntPtr appContext)
1309	Warning	ASP.NET 4.0.30319.0	Process information: Process name: w3wp.exe Account name: IIS APPPOOL\DefaultAppPool. Cannot open database “HRDB” requested by the login. The login failed. Login failed for user ‘LADBDOMAIN\IIS01$’. at System.Data.SqlClient.SqlInternalConnectionTds..ctor(DbConnectionPoolIdentity identity, SqlConnectionString connectionOptions, SqlCredential credential, Object providerInfo, String newPassword, SecureString newSecurePassword, Boolean redirectedUserInstance, at System.Data.SqlClient.SqlConnection.Open() at Hangfire.SqlServer.SqlServerStorage.CreateAndOpenConnection() at Hangfire.SqlServer.SqlServerStorage..ctor(String nameOrConnectionString, SqlServerStorageOptions options) at Hangfire.SqlServerStorageExtensions.UseSqlServerStorage(IGlobalConfiguration configuration, String nameOrConnectionString, SqlServerStorageOptions options) at HRDBv2.Startup.Configuration(IAppBuilder app)Thread information: Thread account name: IIS APPPOOL\DefaultAppPool Is impersonating: False Stack trace: at System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor) at System.Web.Hosting.PipelineRuntime.InitializeApplication(IntPtr appContext)
1076	Information	ASP.NET 4.0.30319.0	State server starts listening with 24 listeners

Networking

Internet Explorer

Knowing that we had problems with the Network earlier took to the Net and tried to access external hosts on the Net. No problem.

Network Diagnostic Tools

Knowing that this computer is not playing with me, finally took to the command line, knowing that I might as well get bruised up and have something to show the judge, so that she might as well call it even.

netstat

Netstat to the rescue. By a wide margin, netstat is my favorite command line network diagnostic tool.

netstat – SYN_SENT

From command line, issued “netstat –an | find “SYN_SENT” “.

thankfully, came back positive

Seeing that we have SYN_SENT to port 1433, I sensed that we have a SQL Server Connectivity issue.

By default SQL Server runs on Port 1433. But what host.

IP Address Resolution

I am really stuck here.

Yes, I know IPV4, but IPV6.

That is way after my time.

ping -6 -a

Back to the command line, issued “ping -6 -a <IPV6 Address>”

100% lost

No help!

pathping -6

Issued “pathping -6 <IPV6 Address>”

Thankfully, got back the hostname.

And, it is in fact the Hostname to our SQL Server.

References

Microsoft
- > IIS Windows Process Activation Service (WAS) > IIS Protocol Adapter > IIS Protocol Adapter Availability
  - Event ID 5138 — IIS Protocol Adapter Availability
    Link
- blogs.msdn.microsoft.com
  - Benjamin Perkins, MSFT
    - Troubleshooting badly behaving IIS application pools-adapter-availability-technet-id-51
      Link
outsystems.com
- Pedro Gonçalves
  - Application Pool shutdown due to IIS Protocol Adapter Availability (Technet ID 5138)
    Link
StackOverflow.com
- IIS: Web Application hangs periodically needs system reboot
  Link
ServerFault.com
- iis 7 stopping a listener channel
  Answered By: Adam Brand
  Link
Vision One IT Consulting
- Derek Brown
  - IIS errors when running 32-bit application pools on SBS 2008
    Link
Faizal K.Mohamed
- IIS error log code (sc-status and sc-substatus)
  Link

Heard

ServerFault.com

iis 7 stopping a listener channel

Link

Sumrak, Asked
iis 7 stopping a listener channel

Adam Brand, Answer
IIS pings a worker process periodically (by default, every 30 seconds) to make sure it is still responsive. It is possible that your worker process is too busy to respond to the ping, so IIS tries to terminate it. When IIS tries to terminate the process, it fails, because the process is still hanging on to areas of memory.

Go into IIS, click Application Pools, then right-click on your app pool and choose Advanced Settings. Under the Process Model heading, choose False next to Ping Enabled and see if that fixes the issue. Another option is to increase the Ping Maximum Response Time.

As for whether or not this signals a larger problem, I would say yes, it does. It doesn’t seem appropriate for that type of code to execute synchronously. You might want to consider passing the task off to a Windows service that will do an async callback, or investigate IIS’s async model (System.Threading). How to do that would probably be a better question for stackoverflow.

Dedicated

Thank you to pathping.

Dedicated to Microsoft/Networking.

Please read more :

Wikipedia
PathPing is a network utility supplied in Windows NT and beyond that combines the functionality of ping with that of tracert.
It provides details of the path between two hosts and Ping-like statistics for each node in the path based on samples taken over a time period, depending on how many nodes are between the start and end host.
The advantages of PathPing over ping and traceroute are that each node is pinged as the result of a single command, and that the behavior of nodes is studied over an extended time period, rather than the default ping sample of four messages or default traceroute single route trace. The disadvantage is that it takes a total of 25 seconds per hop to show the ping statistics.
Link
Windows 2000 TCP/IP > TCP/IP Troubleshooting > Overview of TCP/IP Troubleshooting Tools > Pathping
The PathPing tool is a route tracing tool that combines features of Ping and Tracert with additional information that neither of those tools provides. PathPing sends packets to each router on the way to a final destination over a period of time, and then computes results based on the packets returned from each hop. Since PathPing shows the degree of packet loss at any given router or link, you can pinpoint which routers or links might be causing network problems. A number of switches are available
Link

Summary

Lost my mind @ 11:30 PM.

Just because the IP Address was an IPV6.

Commuted over to the SQL Server box, noticed the SQL Server Instance was stopped, restarted it.

Now I can get on that last train!

Netbios Over TCP/IP – Yea Or Nay

April 12, 2017April 16, 2017 Daniel Adeniji Microsoft, NetBIOS over TCP/IP (NetBt), Network Bandwidth Monitoring, Network Connections, Technical, Win OS, Wireshark

Background

Had an insomnia night last week. And, so took to the laptop and wanted to troubleshoot an issue.

As part of that troubleshooting exercise I knew Network Traffic Pattern might be pertinent.

Wireshark

Network Traffic

Here is sample of some of what I noticed through capturing Network Traffic.

Image

Explanation

Noticed a lot of Name Resolution Traffic.

Inclusive of protocols that line up with Network Resolution issues are DNS & NBNS.

DNS stands for Domain Name Server and NBNS Stand for Netbios Name Server.

Netbios Name Server ( NBNS )

Though running Windows. it is no longer a Netbeui World.

Strictly TCP/IP.

Review Configuration

Let us review our Network Configuration on specific adapters.

As I am currently on wireless, let us focus on just the Wireless Adapter.

GUI

Here is how to do so through the GUI.

Wireless Network Connection 2

Advanced TCP/IP Settings – WINS

Image

Explanation

Currently, we are set to receive NetBIOS Settings from the DHCP Server; that appears to be the default MS Windows Setting.

Command Line Shell

And, here are a couple of options to do so via the Command Line Shell.

ipconfig

Script


ipconfig /all

Output

Explanation

NetBIOS over Tcpip is Enabled

WMI – Query – Win32_NetworkAdapterConfiguration

Script


set _hostname="."

set _propList="DHCP*,IPAddress,DefaultIPGateway,DNSDomainSuffixSearchOrder,DNSEnabledForWINSResolution,DNSServerSearchOrder,TcpipNetbiosOptions"

set _command="Get-WmiObject -Class Win32_NetworkAdapterConfiguration -Filter IPEnabled=TRUE -ComputerName %_hostname% | Select-Object -Property %_propList% "

powershell -Command %_command%

Output

Explanation

TcpipNetbiosOptions
- 0
  - Default Setting; and we remember default settings is to get the setting from the DHCP Server

WMI – Set – Win32_NetworkAdapterConfiguration

Let us use wmic and pass along the nicconfig verb; calling the SetTcpipNetbios method and sending along argument 2.

Remember 2 mean Netbeui disabled.

Please pass along the right index, as well.

Each NIC Card has an index and it is displayed when one queries the Network Configuration.

Script


REM - Use NetBIOS setting from the DHCP server
set _netBiosSettingDHCPServer=0

REM - Enable NetBIOS over TCP/IP
set _netbiosSettingEnabled=1    

REM - Disable NetBIOS over TCP/IP
set _netbiosSettingDisabled=2  

set _hostname="."
set _index=15

wmic nicconfig where index=%_index% call SetTcpipNetbios %_netbiosSettingEnabled%

Image

Confirmed Change

GUI

Image

Console

Image – ipconfig /all

Wireshark – Take 2

Network Traffic

Went back to Wireshark and took another trace.

Image

Explanation

Noticed a slew of NBNS Traffic targeted at our DNS Server.

BTW, our local DNS Server are set for “Recursion Desired“.

That way they can forward unresolved Name Resolution traffic to our ISP…Which will be most of the requests we get.

Remediation

Connected to each of our internal DNS Servers and disabled Netbeui Name Resolution on the NIC Cards, as well.

Windows DHCP

If we had a Windows DHCP Server, would have disabled that option on the DHCP Scope, as well.

Wireless Access Point ( WAP )

I doubt that our Wireless Access Point supports DHCP and so will skip that step for now.

References

Client Configuration
- Script
  - HOW TO DISABLE NETBIOS VIA COMMAND LINE ON WINDOWS
    Link
  - Configuring NetBIOS over TCP/IP
    Link
- Tim Dunn
  - Tim Dunn – Is NetBIOS over TCP/IP Enabled?
    Posted On :- 2011-June-29th
    Link
- Scripting Guy
  - Use PowerShell to Identify Your Real Network Adapter
    Posted On :- 2011-Oct-7th
    Link
- T.dejesus
  - Simple powershell help
    Posted On :- 2014-April-14th
    Link
- Dan Stolts, ITProGuru
  - Using PowerShell to Get or Set NetworkAdapterConfiguration-View and Change Network Settings Including DHCP, DNS, IP Address and More (Dynamic AND Static) Step-By-Step
    Link
- Q/A
  - Slow Cross-Domain login to StoreFront site
    Link
- Visual
  - Jim Boyce
    - Get IT Done: Improve network performance by disabling NetBIOS over TCP/IP
      Published On : -2002-Nov-5th
      Link
Server Configuration
- How to disable NetBIOS over TCP/IP by using DHCP server options
  Link

Auditing Home Network using MS Windows Based Tools

August 21, 2015August 21, 2015 Daniel Adeniji arp, Microsoft, Networking, Technical angry ip scanner, apr, ipconfig

Prelude

Here I am having gone crazy troubleshooting my home network. And, so let us write down the little bit I found out.

Tools

Address Resolution Protocol ( ARP )

Get all entries in the ARP Pool

Syntax:


arp -a

Output:

In ARP Pool, get entries for Specific Interface

As we are only interested in the local network, let us get a bit more specific and restrict our search to only our intranet IP Address.

Syntax:


  arp -a -N [IP-Address]

Sample:


  arp -a -N 10.0.4.100

Output:

In ARP Pool, using Specific Interface, perform network sweep

Let us do a network sweep; by adding -v

Syntax:


  arp -a -v -N [interface]

Sample:


  arp -a -v -N 10.0.4.100

Output:

Explanation:

When no host
- Physical Address :- 00-00-00-00-00-00
- Type – invalid
When internal host
- Physical Address :- MAC Address
- Type :- dynamic
When Internet host
- Physical Address :- MAC Address
- Type :- Static
Network broadcast
- Physical Address :- MAC Address – ff-ff-ff-ff-ff-ff
- Type :- Static

Ping -a

Syntax:


  ping -a [IP-Address]

Sample -1 :


  arp -a -N 10.0.4.6

Output:

Sample -2 :


  arp -a -N 10.0.4.7

Output:

Sample -3:


  arp -a -N 10.0.4.94

Output:

Explanation:

So here I am going crazy. How come I can’t figure out the hostname bearing 10.0.4.94

Angry IP Scanner

Downloaded Angry IP Scanner and Java’s JRE

Ran it and got this back.

So again, though we received back a ping’s response for 10.0.4.94, no corresponding hostname.

MAC Address Lookup

Took to the internet to find out who is the manufacturer for the MAC Address corresponding to the IP Address 10.0.4.94

Web Sites:

CheckMacAddress
http://www.techzoom.net/Tools/CheckMacAddress

CheckMacAddress

So entered our MAC Address, but got back a vendor that I am still not that familiar with; specifically Azurewave Technologies, Inc., TAIWAN

Wireless Access Point

Connected to our WAP and using the DHCP Client Table, here is what we received back:

Finally, we have a match for IPAddress 10.0.4.94 /MAC Address 6C…..

Our match is the ChromeCast device that my brother brought us to be able to view youtube videos on the TV.

Summary

No country for old men!

Automatic Web Proxy Discovery and Client Configuration in MS Windows Environment

April 1, 2015October 7, 2017 Daniel Adeniji Automatic Configuration, Internet Properties, Microsoft, Networking, Technical, WPAD, WPAD WPAD

Background

For most of us that work in Corporate MS Windows Environment, our Internet Gateway \ Proxy configuration is pretty hidden.

At home, we either have direct connections to the Internet, have a gateway assigned to us by our ISP, or get on the Internet through our own Router or Wireless Access Point (WAP).

Corporate Environment

On the other hand, while at work in a Corporate Environment, when we do the following:

Access Control Panel
Access Internet Options
In the “Internet Properties” window, access the “Connections” tab
Within the “Local Access Networks (LAN) settings” group box, click the “LAN Settings” button
In the “Local Access Network (LAN) settings” window, you will be able to review your Proxy settings

Our available choices are

- Automatically detect settings
- Use automatic configuration script
- Use a single Proxy Server
- Access to configure proxy server based on traffic type ( HTTP/FTP, etc)

Inquiry Mind

So to put it subtly an Inquiry mind wants to know. Which server is proxy-ing our web traffic.

Well that is where WPAD comes in?

Honorable Mentions

Richard Hicks

His article “Configuring Web Proxy Automatic Discovery (WPAD) in Forefront Threat Management Gateway (TMG) 2010” knocks the topic out of the park. It stimulates my thinking, and notice that I did not say it stimulated my thinking.

Richard is a Microsoft’s Enterprise Security MVP; and he does that acknowledgement well.

Web Proxy Automatic Discovery

There are a couple of ways that a machine acquires its Internet’s Client Configuration

DHCP
- For machines that do not have fixed IP Addresses, the network’s DHCP server can return the Internet Proxy Server as part of the initial Network Configuration configuration. That is, when returning other Client Configuration data such as the Assigned IP Address, Gateway Address, and Subnet mask.
- As Richard’s article pointed out, for bigger networks with a stable of Proxy Servers, we are able to designate specific Proxy Servers on subnet basis. That is we specify Proxy Server T1 for Building A, and another Proxy Server, Proxy T1, for Building D.
DNS
- DNS Server Configuration
  - Create “A” DNS records for each Proxy Server
  - Create “C” records that point to the various “A” records.
  - The C records will bear the name WPAD
- Client Configuration/Requests
  - DNS Clients issues requests for WPAD
  - The DNS Server will return the IP Address for one of the “A” records

Which One are we using?

DHCP

I honestly can not say for sure whether we are getting Internet proxy configuration via DHCP.

I will have to use a Network Traffic Tool and review its requests and the response from the DHCP to answer affirmatively.

DNS

But, I can say that we are using DNS; solely or in addition

Query DNS for WPAD Records

Access Console
Issue DNS Query

Query Syntax

nslookup WPAD

Explanation:

When we use nslookup and issue WPAD query against our default DNS Server, we get back

DNS Server
- Server :- The name of the responding DNS Server
- Its IP Address
WPAD
- Name :- The name of the WPAD Server
- Addresses :- The A records IP Addresses
- Aliases :- The “C” records

Network Connections

Let us review our current network connections and see if we indeed have traffic going to our stated Proxy Server:

Syntax:
netstat -anb | find [Proxy-Server]

Sample:

netstat -anb | find "10.4."

Image:

Application

Configuration

Most Web Browsers have been coded to able to work with WPAD.

On the other hand, 3rd Vendors might not have augmented their applications likewise.

Notepad++

Here we configure Notepad++ with our Proxy Server, its IP Address and Port Number. And, later our Network username and password.

Plugin Manager Settings

Proxy Credentials:

Installation Failure

But, sadly our installation of our plugin failed.

Why you ask me:

To determine why our install failed, we have to dig a bit deeper and see if there are log files created by Notepad++.

Notepad++ developers are good ones and you know they are smart.

Here is where Update Log files are and where they are not:

C:\Program Files (x86)\Notepad++\plugins = No
C:\Users\[username]\AppData\Roaming\Notepad++\plugins\config\plugin_install_temp\plugin1 = Yes

Here is our Proxy Log:

The identifying error is:

Error Code: 407 Proxy Authentication Required. Forefront TMG requires authorization to fulfill the request. Access to the Web Proxy filter is denied. (12209).

Conclusion:

Yes, I wish we had a WIN
But, our corporate security is a bit complex
- We do not have traditional username/password, but smart badge and accompanying pin
- Yes, I have Internet access for my regular user tied into the Smart Badge
- But, it is very unlikely that I have Internet access on my Admin Account

Listening

Kenny Chesney & Kid Rock – LuckenBach Texas

Videos

~~Link~~
- Striked Through on 2017-Oct-6th
Link
- Published On :- 2013-Jan-7th
- Added On :- 2017-Oct-6th

At the end of the song there is an exchange between Kenny & Kid Rock; it reads

How they did it in 80 ….
If you listen to this song, you are listening to something real
Don’t listen to something else
At 4:00 O’Clock in the morning

Thank God, they get to stay up till 4 O’Clock in the morning, doing what they are happy doing.

And, as for me, thank Goodness for Richard Hicks and other MVPS.

I will take the advice of the singers here; as I am unlikely to listen to anyone else.

References

Security Vendors

Configuring Web Proxy Automatic Discovery (WPAD) for Forefront Threat Management Gateway
Link
SafeSquid – Configure WPAD through DNS Windows Server 2003/2008
Link

Additionally Information is needed to connect …

February 13, 2015February 13, 2015 Daniel Adeniji Microsoft, Network Connections, Networking, Technical Attempting to authenticate, Connect automatically when this network is in range

Warning

When I come in each morning and occasionally through the day, I get the message pasted below:

Image:

Text:

Additionally Information is needed to connect ….

Troubleshooting

Review Network Connections

Access Control Panel \ Network and Internet \ Network Connections

Our display looks like this:

On the Wireless Network Connection, we can see the message “Attempting to authenticate”.

Review Wireless Networks

Access Control Panel \ Network and Internet \ Manage Wireless Networks
Select the Wireless Network (that we are being prompted to connect to )
Review the Network

Manage Wireless Networks

Wireless Network Properties – Connection

Wireless Network Properties – Security

Problem Identification

The problem is the we are currently setup to auto connect to the Wireless Network.

As background, systems continually poll to see whether automatically configured Networks are nearby.

And, of course, it is once I come to work and dock my laptop each morning.

The auto-connect will happen in most cases. But, in our case, we are setup with two-factor authentication; smart card and pin.

And, that is the source of the message “Additional Information is needed ….”

Remediation

Un-check “Connect automatically when this network is in range”.

Technical: Microsoft – Windows – Networking – Netstat – Code Snippet in Powershell

May 16, 2014May 21, 2014 Daniel Adeniji Microsoft, netstat, Networking Tools, PowerShell, Technical

Technical: Microsoft – Windows – Networking – Netstat – Code Snippet in Powershell

Background

A day or so ago I noticed that I was using way too much network ports. Thankfully, was able to use the netstat.exe binary that is bundled with the OS and deduct that my problem was too many DNS Connections.

My trek is posted @ Technical: Microsoft – DNS – Network Port Allocation ( https://danieladeniji.wordpress.com/2014/05/15/technical-microsoft-dns-network-port-usage/).

Introduction

But, I thought it was a bit cumbersome to slice the data in interesting ways.

I hoped that I could find Cmdlets/API for doing so in Powershell. But, no go!

Yes, I can go down the same path as my old IBM OS/2 Ehlappi days, basically screen scraping. And, use Regular Expression to parse the lines read in.

But, who wants to try that these days of lazy programmers.

And, so upon finding ” Vasily Gusev & Richard Mueller – How to Convert Text Output of a Legacy Console Application to PowerShell Objects ( http://social.technet.microsoft.com/wiki/contents/articles/4244.how-to-convert-text-output-of-a-legacy-console-application-to-powershell-objects.aspx ) “, I knew I had stumbled on a nice well.

Code

#REQUIRES -Version 2.0
Param(
		  [switch]$detail
		, [string]$groupBy
	  )


<#  
.SYNOPSIS
    Netstat in PowerShell
.DESCRIPTION
    A little Netstat script in powershell.
	Supports both detailed and summary view.
.NOTES
    File Name      : netstat.ps1  
    Author         : Daniel Adeniji
    Prerequisite   : PowerShell V2 over Vista and upper.
    Copyright 2014 Daniel Adeniji
.LINK
    Script posted over:  
    http://danieladeniji.github.com


.PARAMETER detail
  Detail is a boolean
   Options are $true, $false


.PARAMETER groupBy
  When not in detail play and in summary view
    Options are ProcessName, PortState, LocalAddress, LocalPort, RemoteAddress, RemotePort


.EXAMPLE
    powershell ./netstat.ps1 -detail:$false

.EXAMPLE
    powershell ./netstat.ps1 -detail:$true

.EXAMPLE
	powershell ./netstat.ps1 -groupBy:RemotePort

#>

#Get ProcessList
$processList = Get-Process

function isNumeric ($x) {
    try {
        0 + $x | Out-Null
        return $true
    } catch {
        return $false
    }
}


function parseIPAddressPortIPV6
{
	<#
.SYNOPSIS
	  parse function; enhanced to support IPV6

.DESCRIPTION
	  parse function; enhanced to support IPV6

.EXAMPLE
	  parseIPAddressPortIPV6 $LocalAddressIPPort ([REF]$LocalAddressIP) ([REF]$LocalAddressPort )


.PARAMETER IPAddressPort
	    The IP Address Combination

.PARAMETER IPAddress
	   The IP Address.  Please pass reference as will be returned by function

.PARAMETER IPPort
	   The IP Port.  Please pass reference as will be returned by function

  #>
  
	param(    [string]$IPAddressPort
		, [ref]$IPAddress
		, [ref]$IPPort	
             )

	# get string length		
	$iStringLen = $IPAddressPort.Length
			
	# reverse string			
	#$IPAddressPortReversed = stringReverse($IPAddressPort)

	# find colon in string
	$iPosOfColonInString = $IPAddressPort.LastIndexOf(":")

	# if colon found
	if ($iPosOfColonInString -gt 0)
	{
	
		$IPAddress.Value = $IPAddressPort.Substring(0, $iPosOfColonInString)
			
		$IPPort.Value = $IPAddressPort.Substring($iPosOfColonInString+1, $iStringLen -$iPosOfColonInString -1)
	
	}
	else
	{
	
		$IPAddress.Value = ""
		$IPPort.Value = ""

	}
	

}

function get-NetStats
{

	#issue netstat
	$netstatOutput = netstat -a -n -o 
	
	
	$iNumberofOutputLines = $netstatOutput.length
	
	# remove first 4 lines
	$netstatOutput = $netstatOutput[4..$iNumberofOutputLines]	
	
	
	$netstatOutput | foreach {
			
			
		$LocalAddressIP = $null
		$LocalAddressPort = "LP" #$null
		$LocalAddressIPPortArray = $null
		$iLocalAddressIPPortArrayLength = 0	

		$RemoteAddressIP = $null
		$RemoteAddressPort = "RP" #$null	
		$RemoteAddressIPPortArray = $null
		$iRemoteAddressIPPortArrayLength = 0
		
		# get current line	
		$LineContents = $_
			
		# remove leading spaces
		$LineContentsPertinent = $LineContents.TrimStart()
			
		# based on spaces break line down into columns
		$connectionLineColumn = $LineContentsPertinent -split "\s+", 5
		
		$Protocol = $connectionLineColumn[0]
		
		$LocalAddressIPPort = $connectionLineColumn[1]
		$RemoteAddressIPPort = $connectionLineColumn[2]	
		
			
		# Adjust for missing PortState when port is not yet in use
		if (isNumeric($connectionLineColumn[3]) -eq $true)
		{
			$PortState = ""
			$ProcessPID = $connectionLineColumn[3]								
		}
		else
		{
			$PortState = $connectionLineColumn[3]
			$ProcessPID = $connectionLineColumn[4]								
		}			

		
		if ($LocalAddressIPPort)
		{
			parseIPAddressPortIPV6 $LocalAddressIPPort ([REF]$LocalAddressIP) ([REF]$LocalAddressPort )
        }

		
		if ($RemoteAddressIPPort)
		{
			parseIPAddressPortIPV6 $RemoteAddressIPPort ([REF]$RemoteAddressIP) ([REF]$RemoteAddressPort )
        }

		
		#get list of Processes that match our Port ID
		$procMatch = $processList | Where-Object -FilterScript {$_.Id -eq $ProcessPID} 
			
		#get process name that matches port
		ForEach ($Process in $procMatch)
		{
			$processName = $procMatch.Name	
		}
			
		# Convert raw data into an object
		New-Object -Type PSObject -Property @{
			
			Protocol = $Protocol
			
			LocalAddressIPPort = $LocalAddressIPPort
			LocalAddressIP = $LocalAddressIP		
			LocalAddressPort = $LocalAddressPort	
			
			RemoteAddressIPPort = $RemoteAddressIPPort	
			RemoteAddressIP = $RemoteAddressIP	
			RemoteAddressPort = $RemoteAddressPort
			
			PortState = $PortState
				
			ProcessPID = $ProcessPID
				
			ProcessName = $processName
				
			}

	}	# foreach 	
	

}	

#If detailed view, then show data
if ($detail -eq $true)
{
	Get-NetStats | Sort ProcessName | Format-Table Protocol, LocalAddressIPPort, LocalAddressIP, RemoteAddressIPPort, PortState, ProcessName -AutoSize
}
#else show summary data
else
{

	if ($groupBy -eq "PortState")
	{
		Get-NetStats | Group-Object -Property PortState | Sort Name | Format-Table Name, Count -AutoSize
	}
	elseif ($groupBy -eq "LocalAddress")
	{
		Get-NetStats | Group-Object -Property LocalAddressIP | Sort Name | Format-Table Name, Count -AutoSize
	}
	elseif ($groupBy -eq "LocalPort")
	{
		Get-NetStats | Group-Object -Property LocalAddressPort | Sort Name | Format-Table Name, Count -AutoSize
	}	
	elseif ($groupBy -eq "RemoteAddress")
	{
		Get-NetStats | Group-Object -Property RemoteAddressIP | Sort Name | Format-Table Name, Count -AutoSize

	}	
	
	elseif ($groupBy -eq "RemotePort")
	{
		Get-NetStats | Group-Object -Property RemoteAddressPort | Sort Name | Format-Table Name, Count -AutoSize

	}
	
	else
	{
		Get-NetStats | Group-Object -Property ProcessName | Sort Count -desc| Format-Table Name, Count -AutoSize
	}
	
}

Invocation

Example

 powershell ./netstat.ps1 -detail:$false

Output:

Example

 powershell ./netstat.ps1 -detail:$true

Output:

Repository

GitHub

The little Powershell applet is publicly available @ https://github.com/DanielAdeniji/NetstatPS.

Credits

Code Beautifier

Crediting hilite.me ( http://hilite.me/ )

References

Powershell