Search the Community

Greetings! On my host machine I have an AutoIt script that will run when the computer is unlocked. The script is checking if the current session is a Remote Desktop session or not. If it is a Remote Desktop session I would like this AutoIt script to find out the IP address of the client that is currently connecting (so that I do different things depending on which IP is connecting). That is where I am stuck -- how do I get the IP address of the client computer that is currently connecting via Remote Desktop to the host computer (where the AutoIt script is running)? Thanks in advance for any assistance, and pardon me if the answer is prolific on the forum (I swear I searched for a decent while!).

Hi, I have worked on a project for a friend and it needed to retreive some data in UDP packets, it was a challenge because I didn't know anything about that packets, and after few days of work I have managed to do what I wanted. The hardest part was to set a very strict filter for the cpu usage and for the script optimisation, so here is one : ;use filters with _PcapStartCapture ;retreive only tcp packets containing AABBCCDD, at the start of 8 and with a length of 4; like the StringMid func. tcp[8:4] == 0xAABBCCDD ;8th byte from the beginning of the tcp DATA, 4bytes length; always include the 0x to specify you are dealing with hex. And some funcs to split the different data from packets : ;$hCapture is the handle returned by _PcapStartCapture ; #FUNCTION# ==================================================================================================================== ; Name...........: _TCP_Recv ; Description ...: Retreives a TCP Packet and returns its data splitted ; Syntax.........: _TCP_Recv($hCapture, $iInstance = 0, $iTimeOut = 3000) ; Parameters ....: $hCapture - Capture handle ; $iInstance - Instance of the packet to retreive ; $iTimeOut - Timeout ; Return values .: Success - Array containing the packet data ; Failure - -1 (timedout) ; Author ........: FireFox (d3mon) ; Modified.......: ; Remarks .......: ; Related .......: _UDP_Recv ; Link ..........: ; Example .......: No ; =============================================================================================================================== Func _TCP_Recv($hCapture, $iInstance = 0, $iTimeOut = 3000) Local $blPacketCaptured = False, $iTimer_Capture, $aPacket, $iPacket $iTimer_Capture = TimerInit() While (TimerDiff($iTimer_Capture) < $iTimeOut Or $iTimeOut = -1) $aPacket = _PcapGetPacket($hCapture) If IsArray($aPacket) Then If $iPacket = $iInstance Then Local $aTCPPacket[21] $aTCPPacket[0] = StringMid($aPacket[3], 3, 12) ;Destination Mac Address $aTCPPacket[1] = StringMid($aPacket[3], 15, 12) ;Source Mac Address $aTCPPacket[2] = StringMid($aPacket[3], 27, 4) ;Type $aTCPPacket[3] = StringMid($aPacket[3], 31, 2) ;Version & Header length $aTCPPacket[4] = StringMid($aPacket[3], 33, 2) ;Differientiated Services Field $aTCPPacket[5] = StringMid($aPacket[3], 35, 4) ;Total Length $aTCPPacket[6] = StringMid($aPacket[3], 39, 4) ;Identification $aTCPPacket[7] = StringMid($aPacket[3], 43, 4) ;Fragment offset $aTCPPacket[8] = StringMid($aPacket[3], 47, 2) ;Time to live $aTCPPacket[9] = StringMid($aPacket[3], 49, 2) ;Protocol $aTCPPacket[10] = StringMid($aPacket[3], 51, 4) ;Header checksum $aTCPPacket[11] = StringMid($aPacket[3], 55, 8) ;Source IP Address $aTCPPacket[12] = StringMid($aPacket[3], 63, 8) ;Destination IP Address $aTCPPacket[13] = StringMid($aPacket[3], 71, 4) ;Source port $aTCPPacket[14] = StringMid($aPacket[3], 75, 4) ;Destination port $aTCPPacket[15] = StringMid($aPacket[3], 79, 8) ;Sequence number $aTCPPacket[16] = StringMid($aPacket[3], 87, 8) ;Acknowledgment number $aTCPPacket[17] = StringMid($aPacket[3], 95, 4) ;Flags $aTCPPacket[18] = StringMid($aPacket[3], 99, 4) ;Window size value $aTCPPacket[19] = StringMid($aPacket[3], 103, 4) ;Checksum ;107 to 110 = NULL data $aTCPPacket[20] = StringTrimLeft($aPacket[3], 110) ;Data Return $aTCPPacket EndIf $iPacket += 1 EndIf Sleep(50) WEnd Return -1 EndFunc ;==>_TCP_Recv ; #FUNCTION# ==================================================================================================================== ; Name...........: _UDP_Recv ; Description ...: Retreives an UDP Packet and returns its data splitted ; Syntax.........: _UDP_Recv($hCapture, $iInstance = 0, $iTimeOut = 3000) ; Parameters ....: $hCapture - Capture handle ; $iInstance - Instance of the packet to retreive ; $iTimeOut - Timeout ; Return values .: Success - Array containing the packet data ; Failure - -1 (timedout) ; Author ........: FireFox (d3mon) ; Modified.......: ; Remarks .......: ; Related .......: _TCP_Recv ; Link ..........: ; Example .......: No ; =============================================================================================================================== Func _UDP_Recv($hCapture, $iInstance = 0, $iTimeOut = 3000) Local $blPacketCaptured = False, $iTimer_Capture, $aPacket, $iPacket $iTimer_Capture = TimerInit() While (TimerDiff($iTimer_Capture) < $iTimeOut Or $iTimeOut = -1) $aPacket = _PcapGetPacket($hCapture) If IsArray($aPacket) Then If $iPacket = $iInstance Then Local $aUDPPacket[18] $aUDPPacket[0] = StringMid($aPacket[3], 3, 12) ;Source Mac Address $aUDPPacket[1] = StringMid($aPacket[3], 15, 12) ;Destination Mac Address $aUDPPacket[2] = StringMid($aPacket[3], 27, 4) ;Type $aUDPPacket[3] = StringMid($aPacket[3], 31, 2) ;Version & Header length $aUDPPacket[4] = StringMid($aPacket[3], 33, 2) ;Differientiated Services Field $aUDPPacket[5] = StringMid($aPacket[3], 35, 4) ;Total Length $aUDPPacket[6] = StringMid($aPacket[3], 39, 4) ;Identification $aUDPPacket[7] = StringMid($aPacket[3], 43, 4) ;Fragment offset $aUDPPacket[8] = StringMid($aPacket[3], 47, 2) ;Time to live $aUDPPacket[9] = StringMid($aPacket[3], 49, 2) ;Protocol $aUDPPacket[10] = StringMid($aPacket[3], 51, 4) ;Header checksum $aUDPPacket[11] = StringMid($aPacket[3], 55, 8) ;Source IP Address $aUDPPacket[12] = StringMid($aPacket[3], 63, 8) ;Destination IP Address $aUDPPacket[13] = StringMid($aPacket[3], 71, 4) ;Source port $aUDPPacket[14] = StringMid($aPacket[3], 75, 4) ;Destination port $aUDPPacket[15] = StringMid($aPacket[3], 79, 4) ;Length $aUDPPacket[16] = StringMid($aPacket[3], 83, 4) ;Checksum $aUDPPacket[17] = StringTrimLeft($aPacket[3], 86) ;Data Return $aUDPPacket EndIf $iPacket += 1 EndIf Sleep(50) WEnd Return -1 EndFunc ;==>_UDP_Recv ;for example convert the packet's source/dest IP Address to text ; #FUNCTION# ==================================================================================================================== ; Name...........: _HexIPAddressToText ; Description ...: Converts Hex IP Adress to text ; Syntax.........: _HexIPAddressToText($vhexIPAddress) ; Parameters ....: $vIPAddress - IP Address v4 (string, int) ; Return values .: Success - Converted IP Address ; Author ........: FireFox (d3mon) ; Modified.......: ; Remarks .......: ; Related .......: ; Link ..........: ; Example .......: No ; =============================================================================================================================== Func _HexIPAddressToText($vhexIPAddress) Local $sIPAddress For $iOffset = 1 To 8 Step 2 $sIPAddress &= Dec(StringMid($vhexIPAddress, $iOffset, 2)) & "." Next Return StringTrimRight($sIPAddress, 1) EndFunc ;==>_UDP_DecodeIPAddress Ops, almost forgot the Winpcap UDF available here : http://opensource.grisambre.net/pcapau3/ PS : If you find this helpful, please "like"/rate this post. Enjoy