Author Posts

January 9, 2017 at 1:09 am

Hi All,

I'm stumped on this script that is 80 percent done but having trouble getting loop working correctly. The goal of this script is to find MAC Address in ARP table whose prefix matches that of ones in a array. Those that match have a particular action taken against it.

Steps Broken Down:

1) Find IP address(s) of active adapter
2) Ping every address on network to build out ARP table
3) Used custom build function for converting results of "arp -a" into object.
4) Defined array for all prefixes to be searched for
5) Foreach loop for evaluatign each arp entry and converting into prefix for comparison to each prefix in array
6) Do Loop inside foreach that takes the current ARP entry and checks to see if it matches each entry in $ubiquitis. There is control variable that increments in each cycle of the do loop that stops after 14 which is size of array.

Problem:

foreach seems to cycle properly through each mac prefix but it doesn't take appropriate action when it comes to finding a match for particular MAC that should line up with value 14 in the array. When manually setting $arptable3 to "80-2a-a8" it works fine from the if construct down.

HELP!!! I think somehting is not right with the variable assignments or loop constructs.

$ip=gwmi Win32_NetworkAdapterConfiguration |
Where { $_.IPAddress } | # filter the objects where an address actually exists
Select -Expand IPAddress | # retrieve only the property *value*
Where { $_ -like '192.168.*' }
$ipstart=$ip.Substring(0,11)
$ipstartvalue="1"
$ipaddress=$ipstart + $ipstartvalue
[int]$control=1

Do {
Test-Connection -ComputerName $ipaddress -Count 2 -BufferSize 16
$control=$control + 1
$ipstart=$ip.Substring(0,11)
$ipaddress=$ipstart + $control
}Until ($control -gt "254")
$arptable=arp -a
$ubiquitis=@("00156d","00-1b-67","00-27-22","6c-5e-7a","00-15-6d","00-1b-67","00-27-22","04-18-d6","24-a4-3c","30-15-18","68-72-51","6c-5e-7a","9c-b0-08","dc-9f-db","80-2a-a8")
$arp = "(?(\d{1,3}\.){3}\d{1,3})\s+(?(\w{2}-){5}\w{2})\s+(?\w+$)"
$arptables=arp -g | select -skip 3 | foreach {$_.Trim()} | convertfrom-text $arp
$arptables=$arptables | ? {$_.type -eq "dynamic"}
foreach ($arptable in $arptables){
$arptable3=$arptable.mac
$arptable3=$arptable3.substring(0,8)
[int]$arraycontrol=0
#start of do until loop to increment array value until last is entry is reached
do {
if ($arptable3 -eq $ubiquitis[14]){
$ipaddressfinal=$arptable.ipaddress
Start-Process 'C:\Users\Conference Rm – PC\Downloads\putty.exe' -ArgumentList -ssh admin@$arptable.ipaddress -pw 1234
$arraycontrol=$arraycontrol + 1

}
else{
write-host "No Match. Looking at Next MAC Entry" -ForegroundColor Blue
$arraycontrol=$arraycontrol + 1
}
}until ($arraycontrol -gt "14")
}

January 9, 2017 at 5:10 am

If I am understanding you, this is what you want to happen.
1. Foreach arptable entry, compare the first 3 octets to your $ubiquitis array.
2. If octets match, run start-process.
Also, I cleaned up the code alittle and removed the last Do loop.

Tips:
1. Enclose code blocks in 'pre' and '/pre' to format it
2. Don't use Where-Object cmdlet use -Filter, it is faster.
3. ConvertFrom-Csv will convert text to objects.
4. When comparing array entries, you can use -contains.

Write-Verbose "Getting IP Addresses" -Verbose
$ip = Get-WmiObject win32_networkadapterconfiguration -Filter "IPEnabled = 'True'" |
Select-Object @{n='IPAddress';exp={$_.IPAddress[0]}} 
$ipstart = $ip.ipaddress.substring(0,11)

$ipstartvalue="1"
$ipaddress=$ipstart + $ipstartvalue
$control = 1

Write-Verbose "Ping and Build ARP Table" -Verbose
Do {
    Test-Connection -ComputerName $ipaddress -Count 2 -BufferSize 16
    $control++
    $ipstart=$ip.Substring(0,11)
    $ipaddress = $ipstart + $control
}Until ($control -gt "254")

Write-Verbose "Convert ARP table to objects" -Verbose
$ubiquitis = @("00156d","00-1b-67","00-27-22","6c-5e-7a","00-15-6d",
"00-1b-67","00-27-22","04-18-d6","24-a4-3c","30-15-18","68-72-51",
"6c-5e-7a","9c-b0-08","dc-9f-db","80-2a-a8")

$arptable = arp -g | Select-Object -skip 3 | foreach {$_.Trim()} 
$arptable = $arptable -replace '\s+',',' | 
ConvertFrom-Csv -Header 'IPAddress','MAC','Type'
$arptable = $arptable | ? {$_.type -eq "dynamic"}

Write-Verbose "Evaluate ARP entries" -Verbose
foreach ($a in $arptable){
    $arptable3=$a.mac
    $arptable3=$arptable3.substring(0,8)
    [int]$arraycontrol=0

    if ($ubiquitis -contains $arptable3){
        Write-Verbose "Match found for $arptable3" -Verbose
        Start-Process 'C:\Users\Conference Rm – PC\Downloads\putty.exe' -ArgumentList -ssh admin@$a.ipaddress -pw 1234
        $arraycontrol++
    }
    else{
        write-host "No Match. Looking at Next MAC Entry" -ForegroundColor Blue
        $arraycontrol++}
}