The VMware Carbon Black Tech Zone is live! Checkout this great resource: Mastering Carbon Black Audit & Remediation.

Find Active Wireless Interfaces

Description: Looks for active wireless interfaces

What The Data Shows: Shows all active wireless interfaces, the data can be used to check for rouge APs. 

SQL: 

SELECT id.description,ia.address,id.mac 
FROM interface_details as id join interface_addresses as ia using (interface)
where id.type = 71;

 

 

6 Comments
jnelson
Carbon Black Employee
Status changed to: Approved
 
ben_bass
New Contributor

Note that this is just windows only, and will not work on macOS.  I don't have a linux box with a physical wireless adapter to verify linux.

esullivan
Carbon Black Employee

The author tags their post with the platforms the query will work on.  IN this case only the Windows tag was used so I assume it would not work on either Mac or Linux.

Thank you

Ed

ksnihur
Contributor II

Yeah, I only have windows machines to run it on so almost all my queries are windows only :(.

slist
Carbon Black Employee

Hello,

I tried on Linux, and it's not working.

id.type = 1 for eth and wifi interfaces.

Perhaps we could check if the first letter of the interface name is 'w' ?

Regards

 

esullivan
Carbon Black Employee

@slist this query is for Win only.