Category Archives: Windows


PowerShell with WMI

Windows Management Instrumentation (WMI)
– WmiPrvSE – Process that runs WMI Providers
– wbemtest – integrated WMI tool in Windows, hit start and type wbemtest

Get-WmiObject # command for executing WMI operations within PowerShell, gwmi is shortcut

– List Namespaces in root: Get-WmiClass -namespace root -class __NAMESPACE
– List Namespaces in root\cimv2: Get-WmiClass -namespace root\cimv2 -class __NAMESPACE
– List Classes in Namespace: Get-WmiClass -namespace root\cimv2\power -list
– List Instances of a Class: Get-WmiClass -namespace root\cimv2\power -class Win32_PowerPlan

Scripting guy blog – big repository of usefull scripts, not only in PowerShell


Replaying PCap to specific network interface

For replaying offline pcap file captured by Wireshark or Windump can be used following tools. On windows was sending throughput lower than on Linux devices, where top speed was done on pcapbulkreplay (300Mbs on lowend 1Gbps network card).



  • tool able to send offline traffic at specific speed (1Mbs, 100Mbs, maximum of interface throughput)
  • To list all available interfaces use –listnics

Example: tcpreplay.exe –listnics

Available network interfaces:
Alias Name Description
%0 \Device\NPF_{DE165B82-8C92-41DD-82DB-0AEF6B8CB7B4}
VMware vmxnet3 virtual network device
%1 \Device\NPF_{99846C37-3FA8-4C69-8DBC-FB80FDA208D2}
VMware vmxnet3 virtual network device

  • to send unmodified traffic to selected NIC use -i %{interface alias}

Example: tcpreplay.exe -t -i %1 c:\Pcaps\taumagic.pcap


sending out \Device\NPF_{99846C37-3FA8-4C69-8DBC-FB80FDA208D2}
processing file: c:\Pcaps\taumagic.pcap
Actual: 1763313 packets (324062931 bytes) sent in 80.99 seconds. Rated: 4001271.0 bps, 30.53 Mbps, 21771.98 pps
Statistics for network device: \Device\NPF_{99846C
Attempted packets: 1763313
Successful packets: 1763313
Failed packets: 0
Retried packets (ENOBUFS): 0
Retried packets (EAGAIN): 0


tcpreplay is much faster than it’s Windows cousin, has same usage

FIPS 140-2 in .NET

he Federal Information Processing Standard (FIPS) Publication 140-2, (FIPS PUB 140-2),[1][2] is a U.S. government computer security standard used to accredit cryptographic modules. The title is Security Requirements for Cryptographic Modules. Initial publication was on May 25, 2001 and was last updated December 3, 2002.

FIPS compatibility in .NET environment

How to turn-on FIPS mode on Windows XP and up

Continue reading