Home > Powershell > Powershell: Create Custom MAC\IP Table

Powershell: Create Custom MAC\IP Table

Local MAC Discovery

There are times where I need to determine the MAC address of not only my PC but also the other PC’s on the local network segment.  There are a few different ways to determine the local PC”s MAC address(s) using Powershell:

    getmac           
    (ipconfig /all) -match " ([0-9A-Z]{2}[-]){5}[0-9A-Z]{2}$"           
    (ipconfig /all) | Select-String " ([0-9A-Z]{2}[-]){5}[0-9A-Z]{2}$"           
    GWMI Win32_NetworkAdapter -f "MacAddress like '%:%'" |
          Select -expand MacAddress

Although they all display the MAC address information for all network adapters the output is done so differently for each command, except for -Match and Select-String as they produce the same output. 

getmac

(ipconfig /all) -match " ([0-9A-Z]{2}[-]){5}[0-9A-Z]{2}$"

GWMI Win32_NetworkAdapter -f "MacAddress like '%:%'" |
    Select -expand MacAddress

After figuring out how to get the local PC’s MAC Address(s) I decided to collect the MAC addresses of the other network devices on the local network segment.  This information might be useful to determine when a direct communication has been established with another device on the local network segment.  Any and all connections or attempted connections could then be output to a log file ( txt, csv, html ) or a custom event created in Windows Event Viewer.

Local Segment MAC Discovery

The command used to determine the MAC’s of other machines on the local network segment is ARP -A.   Each network adapter will have it’s own table and the output will include the IP,MAC and Type of entry.  A Dynamic entry will last for only 2 minutes and then is discarded.  If another connection attempt is made after that time then the whole ARP process begins again and a new entry added.   An example of the ARP -A output is below:

Dynamic entries are what I’m most interested in and this means the results must be filtered for those entries only.  The issue with using external commands is that the output is of a string type and when placed within a variable becomes an array.   This means that I must first use the -Match operator to return Dynamic entries only.

(arp -a) -match "dynamic"

These results can then be pipelined to Foreach-Object in order to iterate through each item. The items  however are a string of text so this mean that it too needs to be filtered  to remove just the IP and MAC address.   This can be done using a common delimiter,  in this case whitespace.    The -Split operator is used along with the \S character class to produce a new arrays of objects.  Knowing where the position of these object is all that is needed to determine IP\MAC address.

(arp -a) -match "dynamic" | Foreach{
      $obj = New-Object PSObject -Property @{
        IP  = ($_ -split "\s+")[1]
        MAC = ($_ -split "\s+")[2]
      }
     $macarray += $obj
  }

Now that I have the basic code in place I place it into a Function called Get-DynamicArp and use Write-Output to send the results to the console and pipeline.

Function Get-DynamicArp {             

    $macarray = @()
    (arp -a) -match "dynamic" | Foreach{
      $obj = New-Object PSObject -Property @{
        IP  = ($_ -split "\s+")[1]
        MAC = ($_ -split "\s+")[2]
      }
     $macarray += $obj
    }
   Write-Output $macarray | Select IP,MAC | FT -Auto
}
Advertisements
Categories: Powershell Tags:
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: