Thursday, July 23, 2015

PART 2 ....Interacting with TCP/IP Through PowerShell

Interacting with TCP/IP Through PowerShell ---PART 2



In my previous article in this series, I showed you how to use PowerShell’s Get-NetIPAddress cmdlet. As you may recall from that article, the cmdlet returned an abundance of information. I narrowed down the results by appending the –AddressFamily IPv4 switch, but the cmdlet still might not have returned exactly the information that would be required by the circumstances of the moment.
So with that said, let’s take a look at how we might further filter the results list. If you look at Figure A, you can see that only two results were returned. We have the machine’s primary address and the machine’s loopback address (127.0.0.1). The cmdlet also shows us quite a bit of information for each result, such as the address type, address state, and policy store. So with that said, let’s look at some ways in which we might fine tune the results.
Image
Figure A: This is the result that we get by entering Get-NetIPAddress –AddressFamily IPv4
Like most PowerShell cmdlets, the Get-NetIPAddress cmdlet is constructed in such a way that we can view the full cmdlet syntax by entering the following command:
Get-Help Get-NetIPAddress
As you can see in Figure B, there are a number of different switches that we can use to filter the results.
Image
Figure B: The Get-NetIPAddress cmdlet includes a number of optional switches.
Of the switches that PowerShell makes available, one of the most useful switches for filtering the result list is the IPAddress switch. We can use this switch to narrow the results down to the adapter that is using a specific IP address. Let’s suppose for a moment that I wanted to view IPv4 information for the machine’s primary IP address. In this particular case, that address is 147.100.100.151 (I do not actually own this address range). To narrow the results to that IP address, I would use the following command:
Get-NetIPAddress –IPAddress 137.100.100.151
You can see the results in Figure C.
Image
Figure C: This is what happens when we filter the cmdlet’s results by IP address.
Obviously this technique is useful for narrowing down our results, but occasionally we may wish to further fine tune the results. Perhaps there is a specific thing that we want to know about the IP address and we would like to hide everything except for the information that we specifically need.
The easiest way to do this is to combine the Get-NetIPAddress cmdlet with the Select-Object cmdlet. As you probably know, PowerShell allows cmdlets to be joined together by using the pipe symbol (|). When the pipe symbol is placed between two cmdlets, the first cmdlet’s output becomes the second cmdlet’s input. That being the case, we can use the Get-NetIPAddress cmdlet to retrieve IP address information and then pipe the results into the Select-Object cmdlet as a way of filtering the results. Let me show you how this works.
Let’s pretend for a moment that like before, we are interested in the IPv4 information for this computer’s primary address. Let’s also pretend that we want to see every bit of information that the Get-NetIPAddress cmdlet can show us for this particular address.
Now I’m sure that some of you are saying to yourselves, “Wait a minute Brien, isn’t that what we just did?” Well, it sort of is. The thing is that most Get cmdlets will display a preconfigured set of information. The information that is displayed by default (like what you see in the figure above) may or may not be all of the available information. In many instances PowerShell is capable of providing a lot more information than what it shows by default.
So if our goal is to display all of the available information for this particular IP address, we could do so by using the following command:
Get-NetIPAddress 147.100.100.151 | Select-Object *
You will notice in the command shown above that I entered an asterisks after the Select-Object cmdlet. This asterisks tells PowerShell that we want to select all objects. In other words, we want to see all of the information that the Get-NetIPAddress cmdlet can show us for this address. You can see what this command looks like in action in Figure D.
Image
Figure D: This is what happens when we select all objects.
As you can see in the figure above, there are a lot more pieces of information available than what PowerShell displays by default. Granted, some of the attributes are blank, but that’s beside the point.
So now that I have shown you the type of information that is available, let’s go back to the question of what we would do if we only wanted to view very specific information. The Select-Object cmdlet allows you to specify the attributes that you want to see. All you have to do is to replace the asterisks with the attribute name. If you want to see multiple attributes then you separate each attribute with a comma.
To show you what I mean, let’s pretend that we wanted to see the IP address and the address type for each IPv4 address used by the system. We could do this by entering this command:
Get-NetIPAddress –AddressFamily IPv4 | Select-Object IPAddress, Type
You can see the command’s results in Figure E.
Image
Figure E: This is what the above command does.
As you can see, it is relatively easy to display information from the Get-NetIPAddress cmdlet. Even so, you might have noticed some things missing. After all, the Get-NetIPAddress cmdlet is supposed to retrieve IP address information and yet there was no information provided about DHCP leases, DNS configurations, subnet masks, default gateway usage, or other basic information related to the IP address.
The reason for this is that contrary to what you might expect, the Get-NetIPAddress cmdlet is not capable of retrieving any information beyond what you saw in Figure D. This isn’t to say that you can’t get this information through PowerShell. It’s just that you can’t get the information by using the Get-NetIPAddress cmdlet.
If you think back to the previous article in this series, you will recall that you can acquire IP address configuration information by using the IPCONFIG /ALL command. Even so, this command isn’t really a PowerShell command and I promised to show you how to retrieve IP address information using only native PowerShell.
In order to retrieve the information that we need, we are going to have to delve into the Windows Management Instrumentation (WMI). By using WMI, we can access information that is not directly exposed through PowerShell. To give you a quick example, suppose that you wanted to check a system’s BIOS. BIOS information isn’t exposed directly through PowerShell, but we can get it by making a WMI call. An example of such a command might be:
Get-WMIObject Win32_Bios
You can see the output of this command in Figure F.
Image
Figure F: I used WMI to retrieve BIOS information.
So why didn’t I just use a WMI call to retrieve IP address information? Unfortunately, things aren’t quite that simple. We are going to need to write a script in order to retrieve the IP address information that we are interested in. I will show you how in Part 3.

No comments:

Post a Comment