Packet Sniffer For Powershell
I’ve posted an updated version of my Get-Packet Powershell packet sniffer script. It is still completely standalone (it doesn’t require any additional software to run). New features include:
- Added IP Version field
- TCP flags are now stored in an array
- New switch added to resolve IPs to hostnames
- ESC key will cleanly exit the script
- New switch added to generate statistics
.NET includes an easy method to resolve all the IPs to Hostnames in [System.Net.Dns]::GetHostByName(), but if the lookup fails, then there is a 5 second delay that forces the script to pause execution. I instead chose to scrape the output of nslookup since it returns much quicker. To further decrease processing time, I cache the results in a hashtable so multiple calls to nslookup for the same host are not needed.
Using the -Statistics switch will cause the script to generate statistics after the ESC key is pressed to stop the trace. Most of the statistics code was borrowed from Jeffery Hicks’s Analyze-Packet script. A few basic stats will be printed to the screen with write-host, but the bulk of the data will be stored in a global $stats variable that you can access after the script has exited. This isn’t how features would normally be implemented in cmdlets (they would be separate cmdlets), but I figured it would be ok in a script, and I have found the integration to be pretty convenient.
I had looked at adding IPv6 support, but design limitations in Windows prevented me from being able to access the raw IPv6 header. See my earlier blog post for more details. I also looked at adding the ability to save the capture in libpcap format, but I’m not getting the raw IP frame, so the data wouldn’t be as complete as a capture done in something like Wireshark.
Anyway, I hope you enjoy the new features! Let me know in the comments if you would like to see any other features.
Source: Trends in Technology – Download: here.
Criteria for becoming MVP
Fix Broken and Slow Tab Issues in Internet Explorer 8
Some users that upgraded to Internet Explorer 8 experience issues with tabs not working properly or taking a very long time to load. It seems for most users the issue can be attributed to a problem with actxprxy.dll not installing properly during the upgrade. If you have these problems with IE8, fixing the issue is as simple as running one command.
Just open up an administrative level command prompt and type in regsvr32 actxprxy.dll. Hit Enter, reboot your computer and your tab issue should be resolved.
Credits: Martin Poon.
How to recover deleted AD objects in Windows Server 2008 R2
You have deleted a user. Oh my…… All that work to get him back. Or, are you running R2 with the AD Recycle Bin enabled? Then just run this PowerShell command: GET-ADOBJECT –filter {name –like “missing it em*”} –includedeletedobjects RESTORE-ADOBJECT.
Push enter and done. One more reason to upgrade to R2 with its new directory services.
PS, look at this Active Directory Recycle Bin demo.
Labels: Active Directory, Administration, Backup and Restore, PowerShell, Webcasts, Windows Server
Windows 7 AppLocker
Many of you know about Software Restriction Policies. They allow you to block the execution of a program by file name or hash calculation.
Windows 7 introduces a new feature called AppLocker. To start it just type gpedit.msc into your search bar and press enter. Then go to:
- - Computer Configuration
- - Windows Settings
- - Security Settings
- - Application Control Policies
- - AppLocker
You can define policies based on Executables, Windows Installers, and scripts and select witch groups the rule will apply to. Also you can choose to create a rule based on a publisher (the program needs to be signed) or a program path, or a file hash (usually a good choice if the program isn’t signed).
Go ahead and play with it. And let me know if you like it. I do.