forked from sirrushoo/Powershell-Tools
-
Notifications
You must be signed in to change notification settings - Fork 0
/
processownconn.ps1
63 lines (55 loc) · 2.11 KB
/
processownconn.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
<#
.SYNOPSIS
Checks what ports and processes associated with those ports
Author: Sirrush
Required Dependencies: LocalHost Admin
Optional Dependencies: None
.DESCRIPTION
Checks what ports and processes associated with those ports
.PARAMETER
Check that execution policy is set correctly
.EXAMPLE
C:\processownconn.ps1
#>
function Get-NetworkStatistics
{
$properties = ‘Protocol’,’LocalAddress’,’LocalPort’
$properties += ‘RemoteAddress’,’RemotePort’,’State’,’ProcessName’,’PID’
netstat -ano | Select-String -Pattern ‘\s+(TCP|UDP)’ | ForEach-Object {
$item = $_.line.split(” “,[System.StringSplitOptions]::RemoveEmptyEntries)
if($item[1] -notmatch ‘^\[::’)
{
if (($la = $item[1] -as [ipaddress]).AddressFamily -eq ‘InterNetworkV6’)
{
$localAddress = $la.IPAddressToString
$localPort = $item[1].split(‘\]:’)[-1]
}
else
{
$localAddress = $item[1].split(‘:’)[0]
$localPort = $item[1].split(‘:’)[-1]
}
if (($ra = $item[2] -as [ipaddress]).AddressFamily -eq ‘InterNetworkV6’)
{
$remoteAddress = $ra.IPAddressToString
$remotePort = $item[2].split(‘\]:’)[-1]
}
else
{
$remoteAddress = $item[2].split(‘:’)[0]
$remotePort = $item[2].split(‘:’)[-1]
}
New-Object PSObject -Property @{
PID = $item[-1]
ProcessName = (Get-Process -Id $item[-1] -ErrorAction SilentlyContinue).Name
Protocol = $item[0]
LocalAddress = $localAddress
LocalPort = $localPort
RemoteAddress =$remoteAddress
RemotePort = $remotePort
State = if($item[0] -eq ‘tcp’) {$item[3]} else {$null}
} | Select-Object -Property $properties
}
}
}
Get-NetworkStatistics | Format-Table