fiveworlds

TCP/IP Wireless properties script Windows

Recommended Posts

fiveworlds    67

Is it possible to set wireless properties via a script in C/Batch/Powershell. For example I travel in and out to college and when I am at home I connect to my windows server domain with a static ip address and dns server. In college I connect to the wifi using dhcp with a non-static ip address.

Share this post


Link to post
Share on other sites
fiveworlds    67

Cool I got it running in c++

 

 

// WirelessPropertiesConfig.cpp : Defines the entry point for the console application.
//
#include "stdafx.h"
#include <iostream>
#include <string>
#include <stdio.h>
using namespace std;
void connect(string ssid, string command) {
 char buff[512];
 buff[0] = 0;
 bool exists = false;
 string cmd = "netsh wlan show profile | findstr " + ssid;
 FILE *fpipe = _popen(cmd.c_str(), "rt");
 if (fpipe == NULL)
  cout << "Failed to open" << endl;
 exists = fgets(buff, sizeof(buff), fpipe) != NULL;
 _pclose(fpipe);
 cmd = command;
 if (exists)
  fpipe = _popen(cmd.c_str(), "rt");
 _pclose(fpipe);
}
int main()
{
 connect("eduroam","netsh interface ip set address \"Wi-Fi\" dhcp");
 connect("home", "netsh interface ip set address \"Wi-Fi\" static 192.168.1.70 255.255.255.0 192.168.1.255");
 cin.get();
}

Not sure if there is a better way of doing.

 if (exists)
  fpipe = _popen(cmd.c_str(), "rt");

It requires admin privileges so I just set that in the manifest file but there is probably a way to code that properly.

 

Share this post


Link to post
Share on other sites
Sensei    604

Clear entire buffer with

char buff[512] = { 0 };

instead of:

char buff[512];
buff[0] = 0;

This would be better:

void connect(string ssid, string command) {

 string cmd = "netsh wlan show profile | findstr " + ssid;
 FILE *fpipe = _popen(cmd.c_str(), "rt");
 if (fpipe != NULL)
 {
  char buff[512] = { 0 };
  bool exists = fgets(buff, sizeof(buff), fpipe) != NULL;
  _pclose(fpipe);
  if (exists) // Maybe do some quasi-parsing with strstr()?
  {
   cmd = command;
   fpipe = _popen(cmd.c_str(), "rt");
   if( fpipe != NULL )
   {
    _pclose(fpipe);
   }
   else
   {
    // inform about issue
   }
  }
  else
  {
   // inform about issue
  }
 }
 else
 {
  cout << "Failed to open" << endl;
 }
}

ps. Typical reason why somebody wants static IP address at home, or work, is that there is set up port forwarding on router/firewall. So every time the same computer gets exactly the same IP, the same as set in port forwarding configuration. But DHCP could be configured on router, to check MAC address of machine trying to connect to router, and assign all the time the same IP, even though computer has in its own local settings DHCP enabled. Google for "dhcp static mapping" (perhaps with "router [brand/model name]")

Edited by Sensei

Share this post


Link to post
Share on other sites
fiveworlds    67
Typical reason why somebody wants static IP address at home, or work, is that there is set up port forwarding on router/firewall.

 

 

Yes or assigning administrative priviliges to an ipaddress. For instance only allowing a certain ip to remote desktop into my server.

 

But DHCP could be configured on router, to check MAC address of machine trying to connect to router, and assign all the time the same IP, even though computer has in its own local settings DHCP enabled​

 

 

Consider the case that you have to reset the router. Then anybody could be set any ip. Also consider that I can set to discard any packets coming from unassigned ip addresses.

Share this post


Link to post
Share on other sites
pzkpfw    165

Consider the case that you have to reset the router. Then anybody could be set any ip. Also consider that I can set to discard any packets coming from unassigned ip addresses.

What then stops someone else getting the IP you want before you've connected with your fixed-at-the-client IP? Have you restricted the IP range that DHCP in your router will auto-assign?

 

 

On my router I've got a particular PC set to have certain fixed IP address, via the MAC address as in post #4, so I can route port 80 traffic to it; i.e. it's a web server. Had to do similar for some laser scanners to avoid having to keep changing the IP address the software was looking for.

 

I've restarted and power-cycled the router without ever having to re-do the configuration. How often do you factory reset your router?

Share this post


Link to post
Share on other sites
fiveworlds    67
Have you restricted the IP range that DHCP in your router will auto-assign?

 

 

Yeah and a subnet is setup for guests.

 

What then stops someone else getting the IP you want before you've connected with your fixed-at-the-client IP

 

 

Even if they happened to they would still need to know the ip address of the router and the chances of them having the correct computer name as well to connect to the server is fairly slim. Even then it's overkill for a home server since I'm learning networking and I try stuff at home.

 

How often do you factory reset your router?

 

 

Whenever it randomly stops working properly.

Share this post


Link to post
Share on other sites
pzkpfw    165

Even if they happened to they would still need to know the ip address of the router and the chances of them having the correct computer name as well to connect to the server is fairly slim. Even then it's overkill for a home server since I'm learning networking and I try stuff at home.

Eh? I'm just talking about people (or even your own other devices) connecting to your network. Not hackers doing anything "sneaky".

 

The question would be how, if they happen to connect before you do, to guarantee they'd not be assigned the IP address you've hard-coded into your script.

 

That is answered by your restriction of IP address ranges, and use of a different subnet for guests; but still, it seems easier to let the router do the most it can, including giving your device its hard-coded IP. You wouldn't need the script this thread is about.

 

If you have to factory reset your router that often - maybe it's time for a new router!

Edited by pzkpfw

Share this post


Link to post
Share on other sites
fiveworlds    67
You wouldn't need the script this thread is about.​

 

 

I don't need it but I didn't know how to do it and wanted to know how to do it.

 

If you have to factory reset your router that often - maybe it's time for a new router!

 

 

 

It hasn't ever been factory reset yet as I said I am learning networking. That includes learning how to use subnetting etc. I obviously don't need a subnet at home.

 

 

The question would be how, if they happen to connect before you do, to guarantee they'd not be assigned the IP address you've hard-coded into your script.

 

 

Enterprise grade routers automatically default to using console/aux cable if they happen to factory reset so it isn't a problem in a real business network.

Edited by fiveworlds

Share this post


Link to post
Share on other sites
pzkpfw    165

I don't need it but I didn't know how to do it and wanted to know how to do it.

That's not how you portrayed the question.

 

It hasn't ever been factory reset yet as I said I am learning networking.

You claimed resetting the router as the reason not to do IP-Mac affinity in the router. Now you're pointing out that isn't really an issue.

 

Enterprise grade routers automatically default to using console/aux cable if they happen to factory reset so it isn't a problem in a real business network.

Now you're babbling.

Share this post


Link to post
Share on other sites
fiveworlds    67
That's not how you portrayed the question.

 

 

Really? at home I am still using a static ip. In college it is still dhcp and it still has to be configured I haven't made any changes to my home router. I wanted to be able to set wireless properties by script which I learned how to do ish still have to add in my dns server and domain configuration.

 

ps there is a load of excess stuff that I want to know like windows firewall but realistically if a network has a hardware firewall then windows firewall can be disabled.

Edited by fiveworlds

Share this post


Link to post
Share on other sites
Sensei    604

ps there is a load of excess stuff that I want to know like windows firewall but realistically if a network has a hardware firewall then windows firewall can be disabled.

Nonsense.

Personal firewall application (especially more advanced than Windows) installed on computer can allow/disallow any application using TCP/IP to do transmission or restrict to certain ports/protocols/time.

Also hardware firewall won't prevent attack from intranet, when intruder is already in your LAN.

f.e. somebody (f.e. laptop/smartphone) caught virus/trojan which is then scanning LAN and searching machines connected to it, and trying to find open ports, and exploit in operating system or installed 3rd party software .

 

Edited by Sensei

Share this post


Link to post
Share on other sites
fiveworlds    67
Nonsense.

Personal firewall application (especially more advanced than Windows) installed on computer can allow/disallow any application using TCP/IP to do transmission or restrict to certain ports/protocols/time.​

 

 

Then maybe I should be able to write a script to configure windows firewall. Assuming I might have more than one computer to configure being able to write scripts to do the job for me would make my life easier right? As far as I can see that seems to be more netsh https://technet.microsoft.com/en-us/library/cc771920(v=ws.10).aspx

 

I'm worried about cmd being removed in windows 10 should I be able to use powershell to do these kind of tasks?? http://myitforum.com/myitforumwp/2016/11/17/latest-windows-insider-build-removes-command-shell-access/

 

Another thing to consider is if I am installing 200 servers in a rackserver then each ip address should correspond to a number on the rack so that I can find a faulty server. If I let all those servers connect via dhcp what server would each ip address correspond to?

Edited by fiveworlds

Share this post


Link to post
Share on other sites
Sensei    604
Then maybe I should be able to write a script to configure windows firewall.

 

Windows built-in firewall is poor firewall,

See Sygate Personal Firewall f.e.

Unfortunately this one does not work on Windows 7+ AFAIK. Check newer versions.

But see video showing features anyway, look closely, to learn what such application has to offer..

You can set f.e. "application Firefox has to connect protocol TCP port 80, and nothing else (UDP/ICMP/TCP ports other than 80), otherwise you will be warned".

You can log whole transmission packets/headers to log files. View them straight away a few seconds after transmission. When there is connection from application, that has no right to do it, you are informed and asked whether allow application or not, and you see packet in ASCII and binary. If somebody would put there your personal data uncompressed, you would see these data as they want to steal them.

SPF is also making checksum from the whole app. If something altered app, or DLL was injected to app, it's no longer treated as the same app like before and no transmission allowed, instead user warned about hijacking of application.

 

Another thing to consider is if I am installing 200 servers in a rackserver then each ip address should correspond to a number on the rack so that I can find a faulty server. If I let all those servers connect via dhcp what server would each ip address correspond to?

 

You learn what is MAC address of server, place it in router settings, and static IP is always given by DHCP (instead of randomization).

Router/modem that I have special log with list of IP/MAC of computers that just tried to connect to it.

So you connect machine to router, visit website, run router config, see what MAC was the last unassigned, assign in DHCP static IP to this one MAC, restart router, and renew DHCP.

Edited by Sensei

Share this post


Link to post
Share on other sites

Login security is usually administered serverside with a username and password.

 

Application protocol is directed over port forwarding, setup from your router/sonic wall/firewall.

 

Configuring WAN-LAN for static WAN IP is rather silly unless you are a service provider or hosting VPNs.

 

Assigning static LAN IP to mac addresses is certainly NOT safe. But then its probably safe enough.

 

Servers should have static local IPs.

Edited by AbstractDreamer

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now