Я написал командный файл, чтобы определить, подключен ли новый клиент к моему локальному WiFi. Весь пакетный файл работает отлично.
Скрипт обнаруживает новые подключенные клиенты WiFi и показывает их IP-адрес и MAC.
Дело в том, что я хочу обнаружить поддельные MAC-адреса или идентифицировать клиентов уникальным способом, чтобы я мог сам определять поддельные или нет, сравнивая их с предыдущими соединениями.
Погуглил кучу, но все, что я получаю, это программное обеспечение; Мне нужен какой-то способ сделать это в командном файле.
Кто-нибудь знает, с чего начать?
Вот сценарий: (игнорировать комментарии :: они в голландском)
@echo off
color E0
Title VerbondenIP vindenmet ARP -a
set wifi=
if exist ArpedIPs.txt del ArpedIPs.txt
if exist connectedIPs.txt del connectedIPs.txt
if exist eerste3.txt del eerste3.txt
if exist Eigen_IP.txt del Eigen_IP.txt
if exist FilteredArpedIPs.txt del FilteredArpedIPs.txt
if exist FilteredArpedIPs1.txt del FilteredArpedIPs1.txt
if exist FilteredArpedIPs2.txt del FilteredArpedIPs2.txt
if exist newIPs.txt del newIPs.txt
if exist newVerbondenmet.txt del newVerbondenmet.txt
if exist previousconnectedIPs.txt del previousconnectedIPs.txt
if exist previousVerbondenmet.txt del previousVerbondenmet.txt
if exist Verbondenmet.txt type nul > "Verbondenmet.txt"
:: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
:: eerst arp tabel flushen:
echo flushen van arptabel...
netsh interface ip delete arpcache
:: echo arp tabel geflushed
:: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
:begin
:: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
:: kijk met welke wifi verbonden is...
@echo off
@Netsh wlan show interface | for /F "tokens=2 delims=: " %%A in ('findstr /r "^....SSID"') do (
@set wifi=%%A
@type nul > "Verbondenmet.txt"
@echo %%A>> "Verbondenmet.txt"
)
@set /p wifi=<"Verbondenmet.txt"
echo Verbondenmet:%wifi%
:: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
:: Check of wifi-netwerk veranderd is:
if not exist previousVerbondenmet.txt goto same
@FC previousVerbondenmet.txt Verbondenmet.txt
@if %errorlevel% == 0 (
@goto same
)
@findstr /vxg:previousVerbondenmet.txt Verbondenmet.txt > newVerbondenmet.txt
@echo (Dit was op %date% om %time% uur) >> newIPs.txt
:same
@type "Verbondenmet.txt" > "previousVerbondenmet.txt"
:: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
:: Checken of verbonden met internet:
:: echo checken of er internet beschikbaar is...
SET Connected=false
FOR /F "usebackq tokens=1" %%A IN (`PING google.com`) DO (
IF /I "%%A"=="Reply" SET Connected=true
)
IF "%Connected%"=="true" (
goto Internet
) ELSE (
goto Geeninternet
)
:Internet
echo Internet beschikbaar
goto sub1
:Geeninternet
echo Internet niet beschikbaar
:sub1
:: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
:: Echo eigen IP bepalen...
for /f "tokens=2 delims=:" %%a in (
'ipconfig ^| find "IP" ^| find "Address" ^| find /v "v6"') do (
set IPAddr=%%a
echo %%a > "Eigen_IP.txt"
goto ipbepaald
)
:ipbepaald
set /p EigenIP=<"Eigen_IP.txt"
echo Eigen IP is:%EigenIP%
: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
:: kijk eerste3...
setlocal enabledelayedexpansion
for /f "tokens=1-3 delims=. " %%a in ("%EigenIP%") do (
echo %%a.%%b.%%c > "eerste3.txt"
)
set /p eerste3=<"eerste3.txt"
:: spatie die erachter staat verwijderen:
set eerste3=%eerste3:~0,-1%
:: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
:: Na wachttijd van 5 seconden, lokaal wifi-netwerk aanpingen van .1 tot .254 om alles in Arp tabel te krijgen:
@TIMEOUT /T 5 /NOBREAK
if "%ip%"=="" (
echo Pingen van alle IP's in lokaak netwerk (dat begint met %eerste3%)
for /L %%N in (1,1,254) do (
start /b ping -n 1 -w 200 %eerste3%.%%N >nul
echo Ping naar %eerste3%.%%N
)
timeout 1 >nul
)
@echo off
:: echo Lokaal Wifi-netwerk gepingd.
:: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
:: Echo Arp-tabel opvragen...
if exist "ArpedIPs.txt" type nul > "ArpedIPs.txt"
for /F "tokens=1,2,3" %%d in ('Arp -a') do echo %%d %%e %%f >> "ArpedIPs.txt"
:: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
:: Regels die GEEN " %eerste3%" bevatten verwijderen, resultaat schrijven naar "FilteredArpedIPs.txt":
findstr "%eerste3%" ArpedIPs.txt > FilteredArpedIPs.txt
:: 1e regel verwijderen:
More +1 "FilteredArpedIPs.txt" > "FilteredArpedIPs1.txt"
:: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
:: %eerste3%.255 verwijderen:
findstr /v " %subnet%.255" FilteredArpedIPs1.txt > FilteredArpedIPs2.txt
:: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
type nul > connectedIPs.txt
for /F "tokens=1,2,3 delims= " %%a in (FilteredArpedIPs2.txt) do (
@echo %%a %%b %%c
@echo IP-adres:%%a Type verbinding: %%c MAC-adres: %%b wifinetwerk: %wifi% >> connectedIPs.txt
@echo off
)
:: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
:: Bepaal 1e loop of niet:
if not exist previousconnectedIPs.txt goto eersteloop
:: echo bestaat
:: echo vergelijken...
:: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
:: check of previousconnectedIPs groter is of connectedIPs:
:: bepaal grootte van "previousconnectedIPs.txt:
for %%I in (previousconnectedIPs.txt) do (
:: echo %%~zI
echo %%~zI > pCIPs
set pCIPs=%%~ZI
)
set /p pCIPs=<pCIPs
:: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
:: bepaal grootte van "connectedIPs.txt:
for %%J in (connectedIPs.txt) do (
:: echo %%~zJ
echo %%~zJ > CIPs
set CIPs=%%~ZJ
)
set /p CIPs=<CIPs
:: echo grootte previousconnectedIPs.txt is: %pCIPs%
:: echo grootte connectedIPs.txt is: %CIPs%
:: Als PReviousconnectedIPs groter is, dan naar weggegaan, anders naar bijgekomen:
if %pCIPs% GTR %CIPs% (
set eerstegrotertweede=1
) else (
set eerstegrotertweede=0
)
if %eerstegrotertweede% == 1 (
goto weggegaan
) else (
goto bijgekomen
)
:: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
:bijgekomen
@FC previousconnectedIPs.txt connectedIPs.txt
if %errorlevel% == 0 (
goto wrote
)
:: Bij verschil, dit verschil wegschrijven naar "newIPs.txt"
findstr /vxg:previousconnectedIPs.txt connectedIPs.txt >> newIPs.txt
echo (Deze is erbij gekomen op %date% om %time% uur) >> newIPs.txt
:: echo vergeleken
goto wrote
:weggegaan
@FC connectedIPs.txt previousconnectedIPs.txt
if %errorlevel% == 0 (
goto wrote
)
:: Bij verschil, dit verschil wegschrijven naar "newIPs.txt"
findstr /vxg:connectedIPs.txt previousconnectedIPs.txt >> newIPs.txt
echo (Deze is weggegaan op %date% om %time% uur) >> newIPs.txt
:: echo vergeleken
goto wrote
:eersteloop
type connectedIPs.txt > newIPs.txt
echo (Dit was op %date% om %time% uur) >> newIPs.txt
:wrote
:: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
type connectedIPs.txt > previousconnectedIPs.txt
:einde
:: echo klaar, nogmaals?
:: pause
goto begin