# encoding: ascii
# api: powershell
# title: Get-Netstat 1,0
# description: It would really be sweet if I could get-netstat -sate CLOSE_WAIT
# version: 0.1
# author: glnsize
# license: CC0
# x-poshcode-id: 884
# x-archived: 2009-12-11T07:29:55
#
# I have a server issue I’m trying to track down after it hangs upon a sudden plethora of CLOSE_WAIT s I plan to modify it to log or email every few minutes all the close_waits so I can try and narrow down the first client that seems to get there to help pinpoint.
# Very helpful script though…
#
$null, $null, $null, $null, $netstat = netstat -a -n -o
[regex]$regexTCP = '(?<Protocol>\S+)\s+(?<LocalAddress>\S+)\s+(?<RemoteAddress>\S+)\s+(?<State>\S+)\s+(?<PID>\S+)'
[regex]$regexUDP = '(?<Protocol>\S+)\s+(?<LocalAddress>\S+)\s+(?<RemoteAddress>\S+)\s+(?<PID>\S+)'
foreach ($net in $netstat)
{
switch -regex ($net.Trim())
{
$regexTCP
{
$process = "" | Select-Object Protocol, LocalAddress, RemoteAddress, State, PID, ProcessName
$process.Protocol = $matches.Protocol
$process.LocalAddress = $matches.LocalAddress
$process.RemoteAddress = $matches.RemoteAddress
$process.State = $matches.State
$process.PID = $matches.PID
$process.ProcessName = ( Get-Process -Id $matches.PID ).ProcessName
$process
continue
}
$regexUDP
{
$process = "" | Select-Object Protocol, LocalAddress, RemoteAddress, State, PID, ProcessName
$process.Protocol = $matches.Protocol
$process.LocalAddress = $matches.LocalAddress
$process.PID = $matches.PID
$process.ProcessName = ( Get-Process -Id $matches.PID ).ProcessName
$process
continue
}
}
}