Creating a PowerShell version of LDWin

I have mentioned LDWin in my post “Which port in a Storm?”, where I mentioned how handy this tool was for testing which network switch a Windows device was plugged into.

The issue with this software is that sometimes IT security software doesn’t like AutoIT (usually Sophos AV) so I thought I would look at the source code and look at how it worked.

The basics of LDWin is to run the Windows version of TCPDump and have it check for packets “0x2000” for CDP or “0x88cc” for LLDP

The command is (where DeviceID is the network device to query): tcpdump.exe -i \device\DeviceID -nn -v -s 1500 -c1 (ether[12:2]==0x8cc or ether[20:2]==0x2000)

This simple command (once you know it) can be added to a PowerShell script, which uses “Get-NetAdapter” to get the network devices, loop through each one to get the Ethernet port and then run the command to check the speed (using .ReceiveLinkSpeed and .TransmitSpeed), check it’s not a virtual port ( .Virtual -ne $true).

Using a few simple commands you will then get an output that can advise the speed of the network port and which switch port is being used.

This may help someone that needs to create some way to check or document port settings and probably most useful for diagnosing network issues.

I hope this is of some help to someone else. If you find this useful let me know.

Windows WiFi Profile Management

Whilst investigating issues with Wi-Fi on Windows 10 laptops, I realised that many of them had several SSIDs listed, so I thought “how can you manage this?”

A quick Google came up with the following commands (source: https://devblogs.microsoft.com/scripting/using-powershell-to-view-and-remove-wireless-profiles-in-Windows-10-part-1/):

Get all WiFi Profiles: netsh wlan show profiles

Delete WiFi Profile “profileName”: netsh wlan delete profile=“profileName”

Delete WiFi profile containing “iPhone”: netsh wlan delete profile=“*iPhone*”

With these basic commands and some simple PowerShell (or whatever is your preferred programming language – Python? ), it’s possible to get all the profiles, check which ones are required and remove any that are not needed.

I won’t go into how to do this as there’s enough in the original documentation and anyone doing this will have their own requirements, which are likely to be different from my own.

If you want to take it further (which I did) you can create a GUI front end in PowerShell [using System.Window.Forms] that will allow you to display all the profiles and delete the ones you don’t want, manually. (Other programming languages are probably {edit: definitely} better at this)

For more information on creating GUI using PowerShell, check out LazyAdmin’s write up

I hope this helps someone out that may need a way to manage WiFi profiles (ie anyone just trying to clear out any free coffee shop / burger restaurants WiFi) without using more advanced tools (such as SCCM or a MDM), or having to manually trawl through every entry on their Wi-Fi list to get back to something manageable.