Script for Network Adapter Configuration Baselines

James TaralaAssurance

So in this series of blog articles so far we have identified a number of different baseline scripts written in PowerShell. We hope that auditors and others will be able to take this scripts, modify them for their own purposes and use them for baselining the systems that they are evaluating.

This week we found ourselves in the position of having to gather some information about both the MAC addresses and the logical (IP) addresses of the adapters on a set of machines. Unfortunately that meant we had to change our strategy from using simple WMI calls of the Win32 namespace. Since we’re dealing with Microsoft Windows machines, we thought, why not go to the grand-daddy of all network configuration utilities – NETSH? So this week we primarily will use NETSH to gather the information.

We didn’t do much parsing this week (we do have day jobs too), but to query the information on a system’s adapters, we would use the following script:

echo “The following is the list of adapters and MAC Addresses as supplied by WMI calls:”

 

Get-WmiObject win32_networkadapter | Select-Object Name,MACAddress

 

echo “The following is the IPv4 network configuration as supplied by the netsh command:”

 

netsh interface ip show config

 

echo “The following is the IPv6 network configuration as supplied by the netsh command:”

 

netsh interface ipv6 show interfaces

netsh interface ipv6 show subinterfaces

netsh interface ipv6 show dnsservers

netsh interface ipv6 show addresses

netsh interface ipv6 show global

netsh interface ipv6 show teredo

 

As always, this script, as well as others for baselining systems, can be found at http://www.enclavesecurity.com/scripts/.

There will be more NETSH scripts to come, but we figured we would show you the basics first. Enjoy!