TCP/IP Wireless properties script Windows

[fiveworlds]

Is it possible to set wireless properties via a script in C/Batch/Powershell. For example I travel in and out to college and when I am at home I connect to my windows server domain with a static ip address and dns server. In college I connect to the wifi using dhcp with a non-static ip address.

[Sensei]

Try netsh command

https://technet.microsoft.com/en-us/library/bb490939.aspx

You could call it from C/C++ also.

 

Edited November 21, 2016 by Sensei

[fiveworlds]

Cool I got it running in c++

 

 

// WirelessPropertiesConfig.cpp : Defines the entry point for the console application.
//
#include "stdafx.h"
#include <iostream>
#include <string>
#include <stdio.h>
using namespace std;
void connect(string ssid, string command) {
 char buff[512];
 buff[0] = 0;
 bool exists = false;
 string cmd = "netsh wlan show profile | findstr " + ssid;
 FILE *fpipe = _popen(cmd.c_str(), "rt");
 if (fpipe == NULL)
  cout << "Failed to open" << endl;
 exists = fgets(buff, sizeof(buff), fpipe) != NULL;
 _pclose(fpipe);
 cmd = command;
 if (exists)
  fpipe = _popen(cmd.c_str(), "rt");
 _pclose(fpipe);
}
int main()
{
 connect("eduroam","netsh interface ip set address \"Wi-Fi\" dhcp");
 connect("home", "netsh interface ip set address \"Wi-Fi\" static 192.168.1.70 255.255.255.0 192.168.1.255");
 cin.get();
}

Not sure if there is a better way of doing.

 if (exists)
  fpipe = _popen(cmd.c_str(), "rt");

It requires admin privileges so I just set that in the manifest file but there is probably a way to code that properly.

 

[Sensei]

Clear entire buffer with

char buff[512] = { 0 };

instead of:

char buff[512];
buff[0] = 0;

This would be better:

void connect(string ssid, string command) {

 string cmd = "netsh wlan show profile | findstr " + ssid;
 FILE *fpipe = _popen(cmd.c_str(), "rt");
 if (fpipe != NULL)
 {
  char buff[512] = { 0 };
  bool exists = fgets(buff, sizeof(buff), fpipe) != NULL;
  _pclose(fpipe);
  if (exists) // Maybe do some quasi-parsing with strstr()?
  {
   cmd = command;
   fpipe = _popen(cmd.c_str(), "rt");
   if( fpipe != NULL )
   {
    _pclose(fpipe);
   }
   else
   {
    // inform about issue
   }
  }
  else
  {
   // inform about issue
  }
 }
 else
 {
  cout << "Failed to open" << endl;
 }
}

ps. Typical reason why somebody wants static IP address at home, or work, is that there is set up port forwarding on router/firewall. So every time the same computer gets exactly the same IP, the same as set in port forwarding configuration. But DHCP could be configured on router, to check MAC address of machine trying to connect to router, and assign all the time the same IP, even though computer has in its own local settings DHCP enabled. Google for "dhcp static mapping" (perhaps with "router [brand/model name]")

Edited November 21, 2016 by Sensei

[fiveworlds]

Typical reason why somebody wants static IP address at home, or work, is that there is set up port forwarding on router/firewall.

 

 

Yes or assigning administrative priviliges to an ipaddress. For instance only allowing a certain ip to remote desktop into my server.

 

But DHCP could be configured on router, to check MAC address of machine trying to connect to router, and assign all the time the same IP, even though computer has in its own local settings DHCP enabled​

 

 

Consider the case that you have to reset the router. Then anybody could be set any ip. Also consider that I can set to discard any packets coming from unassigned ip addresses.

[pzkpfw]

Consider the case that you have to reset the router. Then anybody could be set any ip. Also consider that I can set to discard any packets coming from unassigned ip addresses.

What then stops someone else getting the IP you want before you've connected with your fixed-at-the-client IP? Have you restricted the IP range that DHCP in your router will auto-assign?

 

 

On my router I've got a particular PC set to have certain fixed IP address, via the MAC address as in post #4, so I can route port 80 traffic to it; i.e. it's a web server. Had to do similar for some laser scanners to avoid having to keep changing the IP address the software was looking for.

 

I've restarted and power-cycled the router without ever having to re-do the configuration. How often do you factory reset your router?

[fiveworlds]

Have you restricted the IP range that DHCP in your router will auto-assign?

 

 

Yeah and a subnet is setup for guests.

 

What then stops someone else getting the IP you want before you've connected with your fixed-at-the-client IP

 

 

Even if they happened to they would still need to know the ip address of the router and the chances of them having the correct computer name as well to connect to the server is fairly slim. Even then it's overkill for a home server since I'm learning networking and I try stuff at home.

 

How often do you factory reset your router?

 

 

Whenever it randomly stops working properly.

[pzkpfw]

Even if they happened to they would still need to know the ip address of the router and the chances of them having the correct computer name as well to connect to the server is fairly slim. Even then it's overkill for a home server since I'm learning networking and I try stuff at home.

Eh? I'm just talking about people (or even your own other devices) connecting to your network. Not hackers doing anything "sneaky".

 

The question would be how, if they happen to connect before you do, to guarantee they'd not be assigned the IP address you've hard-coded into your script.

 

That is answered by your restriction of IP address ranges, and use of a different subnet for guests; but still, it seems easier to let the router do the most it can, including giving your device its hard-coded IP. You wouldn't need the script this thread is about.

 

If you have to factory reset your router that often - maybe it's time for a new router!

Edited November 21, 2016 by pzkpfw

[fiveworlds]

You wouldn't need the script this thread is about.​

 

 

I don't need it but I didn't know how to do it and wanted to know how to do it.

 

If you have to factory reset your router that often - maybe it's time for a new router!

 

 

 

It hasn't ever been factory reset yet as I said I am learning networking. That includes learning how to use subnetting etc. I obviously don't need a subnet at home.

 

 

The question would be how, if they happen to connect before you do, to guarantee they'd not be assigned the IP address you've hard-coded into your script.

 

 

Enterprise grade routers automatically default to using console/aux cable if they happen to factory reset so it isn't a problem in a real business network.

Edited November 21, 2016 by fiveworlds

[pzkpfw]

I don't need it but I didn't know how to do it and wanted to know how to do it.

That's not how you portrayed the question.

 

It hasn't ever been factory reset yet as I said I am learning networking.

You claimed resetting the router as the reason not to do IP-Mac affinity in the router. Now you're pointing out that isn't really an issue.

 

Enterprise grade routers automatically default to using console/aux cable if they happen to factory reset so it isn't a problem in a real business network.

Now you're babbling.

[fiveworlds]

That's not how you portrayed the question.

 

 

Really? at home I am still using a static ip. In college it is still dhcp and it still has to be configured I haven't made any changes to my home router. I wanted to be able to set wireless properties by script which I learned how to do ish still have to add in my dns server and domain configuration.

 

ps there is a load of excess stuff that I want to know like windows firewall but realistically if a network has a hardware firewall then windows firewall can be disabled.

Edited November 21, 2016 by fiveworlds

[Sensei]

ps there is a load of excess stuff that I want to know like windows firewall but realistically if a network has a hardware firewall then windows firewall can be disabled.

Nonsense.

Personal firewall application (especially more advanced than Windows) installed on computer can allow/disallow any application using TCP/IP to do transmission or restrict to certain ports/protocols/time.

Also hardware firewall won't prevent attack from intranet, when intruder is already in your LAN.

f.e. somebody (f.e. laptop/smartphone) caught virus/trojan which is then scanning LAN and searching machines connected to it, and trying to find open ports, and exploit in operating system or installed 3rd party software .

 

Edited November 21, 2016 by Sensei

[fiveworlds]

Nonsense.

Personal firewall application (especially more advanced than Windows) installed on computer can allow/disallow any application using TCP/IP to do transmission or restrict to certain ports/protocols/time.​

 

 

Then maybe I should be able to write a script to configure windows firewall. Assuming I might have more than one computer to configure being able to write scripts to do the job for me would make my life easier right? As far as I can see that seems to be more netsh https://technet.microsoft.com/en-us/library/cc771920(v=ws.10).aspx

 

I'm worried about cmd being removed in windows 10 should I be able to use powershell to do these kind of tasks?? http://myitforum.com/myitforumwp/2016/11/17/latest-windows-insider-build-removes-command-shell-access/

 

Another thing to consider is if I am installing 200 servers in a rackserver then each ip address should correspond to a number on the rack so that I can find a faulty server. If I let all those servers connect via dhcp what server would each ip address correspond to?

Edited November 22, 2016 by fiveworlds

[Sensei]

Then maybe I should be able to write a script to configure windows firewall.

 

Windows built-in firewall is poor firewall,

See Sygate Personal Firewall f.e.

Unfortunately this one does not work on Windows 7+ AFAIK. Check newer versions.

But see video showing features anyway, look closely, to learn what such application has to offer..

You can set f.e. "application Firefox has to connect protocol TCP port 80, and nothing else (UDP/ICMP/TCP ports other than 80), otherwise you will be warned".

You can log whole transmission packets/headers to log files. View them straight away a few seconds after transmission. When there is connection from application, that has no right to do it, you are informed and asked whether allow application or not, and you see packet in ASCII and binary. If somebody would put there your personal data uncompressed, you would see these data as they want to steal them.

SPF is also making checksum from the whole app. If something altered app, or DLL was injected to app, it's no longer treated as the same app like before and no transmission allowed, instead user warned about hijacking of application.

 

Another thing to consider is if I am installing 200 servers in a rackserver then each ip address should correspond to a number on the rack so that I can find a faulty server. If I let all those servers connect via dhcp what server would each ip address correspond to?

 

You learn what is MAC address of server, place it in router settings, and static IP is always given by DHCP (instead of randomization).

Router/modem that I have special log with list of IP/MAC of computers that just tried to connect to it.

So you connect machine to router, visit website, run router config, see what MAC was the last unassigned, assign in DHCP static IP to this one MAC, restart router, and renew DHCP.

Edited November 22, 2016 by Sensei

[AbstractDreamer]

Login security is usually administered serverside with a username and password.

 

Application protocol is directed over port forwarding, setup from your router/sonic wall/firewall.

 

Configuring WAN-LAN for static WAN IP is rather silly unless you are a service provider or hosting VPNs.

 

Assigning static LAN IP to mac addresses is certainly NOT safe. But then its probably safe enough.

 

Servers should have static local IPs.

Edited December 1, 2016 by AbstractDreamer