Peter Hobor – Peter's Tech Blog

List WiFi Channels using command line tools

Posted on September 7, 2018 by Peter Hobor

In a busy area multiple WiFi Routers and Access Points may cause co-channel Interference (CCI) and adjacent channel interference (ACI). This is pure physics, in short simplified description: if two APs are using the same channel that means that they are using the same frequency and the waves are interfering.

Source: https://commons.wikimedia.org/wiki/File:Waventerference.gif

So what can you do?

Choose a channel that is empty or where (and around) the signal level is the lowest.

There are tons of WiFi info Android tools around, and you can download tools for your PC. (iOS does not give this level of access to the WiFi to Apps.)
If you don’t want to install any app, you can open a CMD prompt and use the following command to list all the Access Points, actually all transmitting devices as there may be more under the same SSID.

netsh wlan show networks mode=bssid

1	netsh wlan show networks mode=bssid

The result will be something like this:

Interface name : Wi-Fi
There are 2 networks currently visible.

SSID 1 : MyHouse Guest
    Network type            : Infrastructure
    Authentication          : WPA2-Personal
    Encryption              : CCMP
    BSSID 1                 : fa:ke:ma:ca:dd:rr
         Signal             : 66%
         Radio type         : 802.11n
         Channel            : 11
         Basic rates (Mbps) : 1 2 5.5 11
         Other rates (Mbps) : 6 9 12 18 24 36 48 54
    BSSID 2                 : fa:ke:ma:ca:dd:rr
         Signal             : 35%
         Radio type         : 802.11n
         Channel            : 1
         Basic rates (Mbps) : 1 2 5.5 11
         Other rates (Mbps) : 6 9 12 18 24 36 48 54

SSID 2 : MyHouse
    Network type            : Infrastructure
    Authentication          : WPA2-Personal
    Encryption              : CCMP
    BSSID 1                 : fa:ke:ma:ca:dd:rr
         Signal             : 38%
         Radio type         : 802.11n
         Channel            : 1
         Basic rates (Mbps) : 1 2 5.5 11
         Other rates (Mbps) : 6 9 12 18 24 36 48 54
    BSSID 2                 : fa:ke:ma:ca:dd:rr
         Signal             : 89%
         Radio type         : 802.11ac
         Channel            : 36
         Basic rates (Mbps) : 6 12 24
         Other rates (Mbps) : 9 18 36 48 54
    BSSID 3                 : b0:68:b6:ff:e6:cc
         Signal             : 66%
         Radio type         : 802.11n
         Channel            : 11
         Basic rates (Mbps) : 1 2 5.5 11
         Other rates (Mbps) : 6 9 12 18 24 36 48 54
    BSSID 4                 : fa:ke:ma:ca:dd:rr
         Signal             : 53%
         Radio type         : 802.11n
         Channel            : 6
         Basic rates (Mbps) : 1 2 5.5 11
         Other rates (Mbps) : 6 9 12 18 24 36 48 54
    BSSID 5                 : fa:ke:ma:ca:dd:rr
         Signal             : 91%
         Radio type         : 802.11n
         Channel            : 1
         Basic rates (Mbps) : 1 2 5.5 11
         Other rates (Mbps) : 6 9 12 18 24 36 48 54

Interface name : Wi-Fi

There are 2 networks currently visible.

SSID 1 : MyHouse Guest

Network type : Infrastructure

Authentication : WPA2-Personal

Encryption : CCMP

BSSID 1 : fa:ke:ma:ca:dd:rr

Signal : 66%

Radio type : 802.11n

Channel : 11

Basic rates (Mbps) : 1 2 5.5 11

Other rates (Mbps) : 6 9 12 18 24 36 48 54

BSSID 2 : fa:ke:ma:ca:dd:rr

Signal : 35%

Radio type : 802.11n

Channel : 1

Basic rates (Mbps) : 1 2 5.5 11

Other rates (Mbps) : 6 9 12 18 24 36 48 54

SSID 2 : MyHouse

Network type : Infrastructure

Authentication : WPA2-Personal

Encryption : CCMP

BSSID 1 : fa:ke:ma:ca:dd:rr

Signal : 38%

Radio type : 802.11n

Channel : 1

Basic rates (Mbps) : 1 2 5.5 11

Other rates (Mbps) : 6 9 12 18 24 36 48 54

BSSID 2 : fa:ke:ma:ca:dd:rr

Signal : 89%

Radio type : 802.11ac

Channel : 36

Basic rates (Mbps) : 6 12 24

Other rates (Mbps) : 9 18 36 48 54

BSSID 3 : b0:68:b6:ff:e6:cc

Signal : 66%

Radio type : 802.11n

Channel : 11

Basic rates (Mbps) : 1 2 5.5 11

Other rates (Mbps) : 6 9 12 18 24 36 48 54

BSSID 4 : fa:ke:ma:ca:dd:rr

Signal : 53%

Radio type : 802.11n

Channel : 6

Basic rates (Mbps) : 1 2 5.5 11

Other rates (Mbps) : 6 9 12 18 24 36 48 54

BSSID 5 : fa:ke:ma:ca:dd:rr

Signal : 91%

Radio type : 802.11n

Channel : 1

Basic rates (Mbps) : 1 2 5.5 11

Other rates (Mbps) : 6 9 12 18 24 36 48 54

Check the Signal and the Channel lines and choose a free space.

Automatic download of Azure invoices from multiple subscriptions

Posted on September 5, 2018September 5, 2018 by Peter Hobor

Are you chased by your finance department to give them the invoices of all of your Azure subscriptions? The answer “You can download them from the portal…” is not enough for them? Here is a tool that can help both you and them.

Use PowerShell to download all your invoices! Microsoft.Azure.Commands.Billing namespace is your friend. The Get-AzureRmBillingInvoice has a parameter -GenerateDownloadUrl that does what it’s name suggests. What else you need? The System.Net.WebClient has a DownloadFile method, so all we need is to create the overhead code around these.

# Download invoices from Azure using PowerShell

# Signing in
Write-Host "Logging in...";
Login-AzureRmAccount

#These are for info only
$startTime = Get-Date
$newInvoice=0
$oldInvoice=0

# Let's go through all subscriptions you have access to
foreach($subscription in Get-AzureRmSubscription) {
    Set-AzureRmContext -SubscriptionId $subscription.SubscriptionId
    Write-Host "Subscription Name:$($subscription.Name) - Tenant ID: $($subscription.TenantId)"
    
    #Change -MaxCount if you want to download more than 10 (months)
    Foreach($invoice in Get-AzureRmBillingInvoice -GenerateDownloadUrl -MaxCount 10) {

# The filename will start with the invoice name concanated with the subscription ID
        $output="D:\\Azure\\Invoices\\$($invoice.Name)-$($subscription.ID).pdf"
        $url = $invoice.DownloadURL
        if(!($url))
        {
            Write-Host "URL is not valid for $($invoice.Name)-$($subscription.ID).pdf from $($url)"
        }
        else
            {
            if(![System.IO.File]::Exists($output)){

                Write-Host "Downloading $($invoice.Name)-$($subscription.ID).pdf from $($url)"

                $webClient = New-Object System.Net.WebClient
                $webClient.DownloadFile($url, $output)
                Write-Host "Download result: $($webClient.DownloadFileCompleted)" 
                        
                $newInvoice++
            }
            else {
                Write-Host ">>> $($output) has been dowloaded earlier."
                $oldInvoice++
            }
        }
    }

}

Write-Host "$($newInvoice) new invoices have been downloaded, $($oldInvoice) were here already."
Write-Output "Time taken: $((Get-Date).Subtract($startTime).Seconds) second(s)"

# Download invoices from Azure using PowerShell

# Signing in

Write-Host "Logging in...";

#These are for info only

$startTime = Get-Date

$newInvoice=0

$oldInvoice=0

# Let's go through all subscriptions you have access to

foreach($subscription in Get-AzureRmSubscription) {

Set-AzureRmContext -SubscriptionId $subscription.SubscriptionId

Write-Host "Subscription Name:$($subscription.Name) - Tenant ID: $($subscription.TenantId)"

#Change -MaxCount if you want to download more than 10 (months)

Foreach($invoice in Get-AzureRmBillingInvoice -GenerateDownloadUrl -MaxCount 10) {

# The filename will start with the invoice name concanated with the subscription ID

$output="D:\\Azure\\Invoices\\$($invoice.Name)-$($subscription.ID).pdf"

$url = $invoice.DownloadURL

if(!($url))

{

Write-Host "URL is not valid for $($invoice.Name)-$($subscription.ID).pdf from $($url)"

}

else

{

if(![System.IO.File]::Exists($output)){

Write-Host "Downloading $($invoice.Name)-$($subscription.ID).pdf from $($url)"

$webClient = New-Object System.Net.WebClient

$webClient.DownloadFile($url, $output)

Write-Host "Download result: $($webClient.DownloadFileCompleted)"

$newInvoice++

}

else {

Write-Host ">>> $($output) has been dowloaded earlier."

$oldInvoice++

}

Write-Host "$($newInvoice) new invoices have been downloaded, $($oldInvoice) were here already."

Write-Output "Time taken: $((Get-Date).Subtract($startTime).Seconds) second(s)"

If you receive WARNING: You are not allowed to download invoices. Please contact your account administrator (username@companyname.com) to turn on access in the management portal for allowing to download invoices through the API. error message, please ask the owner of the Subscription to enable “Access to invoice”.

HTTPS redirect from all HTTP addresses to the same URL

Posted on September 3, 2018 by Peter Hobor

While configuring my WordPress site for this blog I wanted to make sure that all content is delivered to the readers through HTTPS.

I really like the Let’s Encrypt initiative to provide free certificates so there is no excuse now not to use HTTPS in any websites, including personal blogs. I will write a post soon about how to automate the certificate generation for Azure Web App using Let’s Encrypt and Azure DNS, but as my blog is hosted on a simple WordPress on Linux where certificate generation is automatic through the CPanel the only thing to do is to redirect all HTTP requests to HTTPS.

This can be easily achieved by adding these lines to your .htaccess file:

RewriteEngine On
RewriteBase /

RewriteCond %{HTTPS} !=on
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]

RewriteEngine On

RewriteBase /

RewriteCond %{HTTPS} !=on

RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]

If you have any issues with this, you may need to tweek the environment variable of the condition to use one instead of the %{HTTPS} that tells you on your host that the request is not HTTPS.

Recover WiFi Password from your Windows 10 settings

Posted on September 3, 2018 by Peter Hobor

I was visiting a place where I used the WiFi before. I’ve made a mistake not storing the WiFi password in my password manager and it was too late at night to ask anyone. My PC stored the access details but I wanted to connect with my new iPad. If my PC can connect, the password must be stored, so there may be a way to retrieve it – I though. There is…

With a simple cmd line you can get the stored password from your PC settings:

netsh wlan show profile name="SSID_name_of_the_router" key=clear

1	netsh wlan show profile name="SSID_name_of_the_router" key=clear

BTW you can list all the stored SSIDs with this command:

netsh wlan show profiles

1	netsh wlan show profiles

Generate Self Signed Certificate with SANs using Azure CLI

Posted on August 26, 2018August 27, 2018 by Peter Hobor

Quite often you need a certificate that does not necessary need to be properly signed because it will only be used for testing purposes or by your own services. Good example when you are creating a Azure Service Fabric Cluster. One option is to use the Azure Portal to generate the certificate by filling out the details, but if you want to automate the process that is not an option.

Using PowerShell to generate certificate on a Windows machine or openssl on Linux is well documented, but if you want your cert directly generated to an Azure Key Vault you must use Azure modules of PowerShell or Azure CLI.

If you need a simple self signed certificate, you can do that by using the az keyvault certificate create command, the Azure documentation has a sample how to use this:

az keyvault certificate create --vault-name vaultname -n cert1 -p "$(az keyvault certificate get-default-policy)"

1	az keyvault certificate create --vault-name vaultname -n cert1 -p "$(az keyvault certificate get-default-policy)"

This will create a certificate in the “vaultname” KeyVault with the name “cert1“.
What if you want some more, e.g. to add subject or even multiple entries to the SAN, what if you want to change the automatic renewal (that is the default) to an email alert, what if you want to explicitly specify the usage of the certificate?
The -p "$(az keyvault certificate get-default-policy)" was quite suspicious. The “az keyvault certificate create” documentation says:

--policy -p

JSON encoded policy defintion. Use @{file} to load from a file.

If there was a default policy, there must be a way to customize that – I thought… As usual Google was my best friend, so I found some info in the Key Vault REST API Documentation. I wanted to use the cert with multiple domain names, so SubjectAlternativeNames option looked promising, however the “dns_names” parameter did not work as it was documented. That was when I realized that there was a --scaffold parameter of the az keyvault certificate get-default-policy that generates a fully formed policy structure with default values. Here is how to output looks like:

{
  "issuerParameters": {
    "certificateTransparency": null,
    "certificateType": "(optional) DigiCert, GlobalSign or WoSign",
    "name": "Unknown, Self, or {IssuerName}"
  },
  "keyProperties": {
    "curve": null,
    "exportable": true,
    "keySize": 2048,
    "keyType": "(optional) RSA or RSA-HSM (default RSA)",
    "reuseKey": true
  },
  "lifetimeActions": [
    {
      "action": {
        "actionType": "AutoRenew"
      },
      "trigger": {
        "daysBeforeExpiry": 90,
        "lifetimePercentage": null
      }
    }
  ],
  "secretProperties": {
    "contentType": "application/x-pkcs12 or application/x-pem-file"
  },
  "x509CertificateProperties": {
    "ekus": [
      "1.3.6.1.5.5.7.3.1"
    ],
    "keyUsage": [
      "cRLSign",
      "dataEncipherment",
      "digitalSignature",
      "keyEncipherment",
      "keyAgreement",
      "keyCertSign"
    ],
    "subject": "C=US, ST=WA, L=Redmond, O=Contoso, OU=Contoso HR, CN=www.contoso.com",
    "subjectAlternativeNames": {
      "dnsNames": [
        "hr.contoso.com",
        "m.contoso.com"
      ],
      "emails": [
        "hello@contoso.com"
      ],
      "upns": []
    },
    "validityInMonths": 24
  }
}

{

"issuerParameters": {

"certificateTransparency": null,

"certificateType": "(optional) DigiCert, GlobalSign or WoSign",

"name": "Unknown, Self, or {IssuerName}"

"keyProperties": {

"curve": null,

"exportable": true,

"keySize": 2048,

"keyType": "(optional) RSA or RSA-HSM (default RSA)",

"reuseKey": true

"lifetimeActions": [

{

"action": {

"actionType": "AutoRenew"

"trigger": {

"daysBeforeExpiry": 90,

"lifetimePercentage": null

}

"secretProperties": {

"contentType": "application/x-pkcs12 or application/x-pem-file"

"x509CertificateProperties": {

"ekus": [

"1.3.6.1.5.5.7.3.1"

"keyUsage": [

"cRLSign",

"dataEncipherment",

"digitalSignature",

"keyEncipherment",

"keyAgreement",

"keyCertSign"

"subject": "C=US, ST=WA, L=Redmond, O=Contoso, OU=Contoso HR, CN=www.contoso.com",

"subjectAlternativeNames": {

"dnsNames": [

"hr.contoso.com",

"m.contoso.com"

"emails": [

"hello@contoso.com"

"upns": []

"validityInMonths": 24

}

All you need is to save this to a file (e.g. cert_policy.json ), modify the relevant sections and give it a go like this:

az keyvault certificate create --vault-name "mydev-fabric-vlt" -n "mydev-fabric-cer" -p @cert_policy.json

1	az keyvault certificate create --vault-name "mydev-fabric-vlt" -n "mydev-fabric-cer" -p @cert_policy.json

Voila, your certificate is available in the Key Vault.

The reason I really like this method is that the certificate itself does not need to leave a fully controlled environment, the Azure Key Vault.

Welcome to my Tech Blog

Posted on August 20, 2018August 20, 2018 by Peter Hobor

I learn something new every day. I learn from my younger (sometimes form older 🙂 ) colleagues, from blog posts, from conference speakers, from YouTube videos and I also learn by making my hands dirty and spending hours with trying out something that usually fails for the first try.

As I’m getting older it is harder to remember all the tricks that helped me, so I started to take notes. Sometimes when there is something to be solved I tell my colleagues that I think I had that before, let me try to find it in my notes.

This blog is a collection of my notes so it is not up to my bandwidth to find something, but up to you. 🙂

Please send my a message if you see something that is incorrect or if you have any comment:
Message @hobpet

The Tech Blog of Peter Hobor

Author: Peter Hobor

List WiFi Channels using command line tools

Automatic download of Azure invoices from multiple subscriptions

HTTPS redirect from all HTTP addresses to the same URL

Recover WiFi Password from your Windows 10 settings

Generate Self Signed Certificate with SANs using Azure CLI

Welcome to my Tech Blog