4/15/2023 0 Comments Powershell pingstatus![]() ![]() The first line of code imports the CSV file, which is named OUI.csv. Here is the code: $Records=Import-CSV C:\Scripts\Oui.csv Let’s look at the portion of the script that determines the device manufacturer. You can then search the CSV file for any addresses that you may find on your network. Because this list is in CSV format, it is possible to bring it into PowerShell using the Import-CSV cmdlet. ![]() However, I have created a CSV file containing a list of nearly 10,000 MAC address prefixes and the corresponding hardware vendor. Unfortunately, the IEEE document is only semi-structured, which makes it unsuitable for use with a PowerShell script. The IEEE assigns MAC address prefixes to manufacturers and maintains a lengthy document outlining which manufacturer uses which prefix. The next big question is how to derive the device’s manufacturer from its MAC address. Determining the Device Manufacturer in PowerShell This assumes that you are looking at the MAC address in hexadecimal format and that the MAC address is not being spoofed. Why examine the MAC address, given all the device characteristics that I could have looked at? It’s because the first eight characters of the MAC address can tell you the device manufacturer. While there are quite a few ways to do this, I ultimately decided to use the device’s MAC address as a source of information. That being the case, I built a PowerShell script that could tell me at least something about unknown devices that are detected. Additionally, such a device would likely not be registered with your DNS server. That’s because a rogue device that happens to make it onto your network could run almost any operating system. Even in that type of situation, it might be unwise to assume that every detected device runs Windows and can be resolved by your DNS server. Just for the sake of argument, let’s pretend that all my computers are domain-joined Windows devices, meaning that they run known operating systems and are DNS registered. Similarly, I have plenty of non-Windows devices to think about. On my network, for example, only about half of the devices use my DNS server. These methods can be problematic because there are no such guarantees in the real world. Likewise, if you assume that every device on your network uses your organization’s DNS server, you can perform a DNS query to obtain the identity of each detected device. For example, if all devices on your network run Windows, you could use Windows Management Instrumentation to retrieve all kinds of interesting information about each device. The methods vary depending on the device type and configuration. Even so, I am going to use this method in my script for initial device detection.Īnother problem is that there is no single way to get device information. This method has an obvious shortcoming: It will only detect devices that are not configured to block ICMP traffic. Let’s assume that you have decided to use a ping test to look for connected devices and then dig for details about those detected. Each method has advantages and disadvantages. A Note About Methodsīefore we get started, note that there are countless methods for using PowerShell to scan your network. While there are excellent third-party utilities that scan your network for connected devices, you can also accomplish the same thing with PowerShell. However, things can become tricky when you have both wired and wireless network segments. To that end, many wireless routers will provide a list of connected devices. Determining the Device Manufacturer in PowerShellĪ longstanding best practice for security is to identify the devices connected to your network. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |