NetDebug

1.6

Checkpoint-NetIPsecMainModeSA.psm1

<#
.SYNOPSIS
This script takes no input. It returns Internet Service Provider (ISP) information
about remote devices that this machine has established successful
IPsec security associations (SA's).
 
.DESCRIPTION
This script uses the Windows IPsec PowerShell module to read SA information. Remote
host information is resolved to an ISPInformationTeredo
addresses are formatted suc
 
 
.INPUTS
None
 
.OUTPUTS
The script outputs a System.Object for each IPsec SA on the system.
 
.EXAMPLE
PS D:\WINDOWS\system32> Checkpoint-NetIPsecMainModeSA
 
 
IPAddress : 206.55.174.150
ASNumber : 11404
ASPrefix : 206.55.172.0/22
Locale : US
Description : AS-VOBIZ - vanoppen.biz LLC,US
OriginalIP : 2001:0:9d38:6abd:344d:3824:31c8:5169
 
IPAddress : 24.19.246.11
ASNumber : 33650
ASPrefix : 24.16.0.0/14
Locale : US
Description : COMCAST-33650 - Comcast Cable Communications, Inc.,US
OriginalIP : 2001:0:5ef5:79fb:3402:997:e7ec:9f4
 
IPAddress : 199.27.179.146
ASNumber : 19975
 
.NOTES
Requires Windows 10 or later.
 
.LINK
The DNS service used for the script:
http://www.team-cymru.org/Services/ip-to-asn.html
These cmdlet that does all the hard work:
Resolve-DNSName
Resolve-ASNName
Get-NetIPsecMainModeSA
#>


function Checkpoint-NetIPsecMainModeSA{

    $IPsecMainModeSAs = Get-NetIPsecMainModeSA
    $FinalResults = @()
    if($IPsecMainModeSAs -eq $null)
    {
        Write-warning "No IPsec SAs"
        return $FinalResults
    }
    foreach ($SecurityAssociation in $IPsecMainModeSAs)
    {
        $RemoteEndPoint = $SecurityAssociation.RemoteEndpoint
        
        $CastedIP = [System.Net.IPAddress]::Parse($RemoteEndPoint)
        
        #if it's a Teredo address we need to decompile
        if($CastedIP.IsIPv6Teredo)
        {
            $Bytes = $CastedIP.GetAddressBytes()[12..16]
            $1Octet = $Bytes[0] -bxor 255
            $2Octet = $Bytes[1] -bxor 255
            $3Octet = $Bytes[2] -bxor 255
            $4Octet = $Bytes[3] -bxor 255
            $IP = $1Octet.ToString() + "." + $2Octet.ToString() + "." + $3Octet.ToString() + "." + $4Octet.ToString()
            $LegitIP = [System.Net.IPAddress]::Parse($IP)
        }
        else
        {
            $LegitIP = $CastedIP
        }
        $SpecificResult  = Resolve-ASN -IPAddress $LegitIP
        $SpecificResult | Add-Member -Type NoteProperty -Name "OriginalIP" -Value $CastedIP
        $FinalResults += $SpecificResult 
    }

    return $FinalResults
}


export-modulemember -function Checkpoint-NetIPsecMainModeSA