PoshCode Archive  Artifact [2f7031f0e9]

Check-ins Using Download Hex

Artifact 2f7031f0e97ec79c8ec5222e424fd49053a8ecd3b8612ab63970d81b1d71e1b3:

  • File Get-Netstat-1-1.ps1 — part of check-in [eaabbf7972] at 2018-06-10 13:17:58 on branch trunk — This will perform a basic netstat.exe command and “objectize” its output. (user: glnsize size: 2941) 
# encoding: ascii
# api: powershell
# title: Get-Netstat 1,1
# description: This will perform a basic netstat.exe command and “objectize” its output.  
# version: 0.1
# author: glnsize
# license: CC0
# x-poshcode-id: 2974
# x-derived-from-id: 2975
# x-archived: 2016-05-28T14:20:44
# x-published: 2012-09-28T09:52:00
#
# v0.9	Initial Build – Hal
# V1.0	Added support for UDP, and processname -Glenn
# v1.1	Expanded [regex] statements to encompass IPV4/IPV6/ports. -Glenn
# v1.2     -Fixed minor bug, moved PSObject creation inside foreach loop so that output 
# would be an array of individual objects that could be sorted and formatted
# -Added formatting to the LocalPort so that I could sort on it.
#
$null, $null, $null, $null, $netstat = netstat -a -n -o
[regex]$regexTCP = '(?<Protocol>\S+)\s+((?<LAddress>(2[0-4]\d|25[0-5]|[01]?\d\d?)\.(2[0-4]\d|25[0-5]|[01]?\d\d?)\.(2[0-4]\d|25[0-5]|[01]?\d\d?)\.(2[0-4]\d|25[0-5]|[01]?\d\d?))|(?<LAddress>\[?[0-9a-fA-f]{0,4}(\:([0-9a-fA-f]{0,4})){1,7}\%?\d?\]))\:(?<Lport>\d+)\s+((?<Raddress>(2[0-4]\d|25[0-5]|[01]?\d\d?)\.(2[0-4]\d|25[0-5]|[01]?\d\d?)\.(2[0-4]\d|25[0-5]|[01]?\d\d?)\.(2[0-4]\d|25[0-5]|[01]?\d\d?))|(?<RAddress>\[?[0-9a-fA-f]{0,4}(\:([0-9a-fA-f]{0,4})){1,7}\%?\d?\]))\:(?<RPort>\d+)\s+(?<State>\w+)\s+(?<PID>\d+$)'

[regex]$regexUDP = '(?<Protocol>\S+)\s+((?<LAddress>(2[0-4]\d|25[0-5]|[01]?\d\d?)\.(2[0-4]\d|25[0-5]|[01]?\d\d?)\.(2[0-4]\d|25[0-5]|[01]?\d\d?)\.(2[0-4]\d|25[0-5]|[01]?\d\d?))|(?<LAddress>\[?[0-9a-fA-f]{0,4}(\:([0-9a-fA-f]{0,4})){1,7}\%?\d?\]))\:(?<Lport>\d+)\s+(?<RAddress>\*)\:(?<RPort>\*)\s+(?<PID>\d+)'

foreach ($net in $netstat)
{
    [psobject]$process = "" | Select-Object Protocol, LocalAddress, Localport, RemoteAddress, Remoteport, State, PID, ProcessName

    switch -regex ($net.Trim())
    {
        $regexTCP
        {          
            $process.Protocol = $matches.Protocol
            $process.LocalAddress = $matches.LAddress
            $process.Localport = $matches.LPort
            $process.RemoteAddress = $matches.RAddress
            $process.Remoteport = $matches.RPort
            $process.State = $matches.State
            $process.PID = $matches.PID
            $process.ProcessName = ( Get-Process -Id $matches.PID ).ProcessName
        }
        $regexUDP
        {          
            $process.Protocol = $matches.Protocol
            $process.LocalAddress = $matches.LAddress
            $process.Localport = $matches.LPort
            $process.RemoteAddress = $matches.RAddress
            $process.Remoteport = $matches.RPort
            $process.State = $matches.State
            $process.PID = $matches.PID
            $process.ProcessName = ( Get-Process -Id $matches.PID ).ProcessName
        }
    }
    $Process.LocalPort = '     ' + $Process.LocalPort
    $Process.LocalPort = $Process.LocalPort.Substring($Process.LocalPort.length-6,6)
    $process
}
Fossil 2.20 [0d61fd2310] 2022-10-28 19:48:33
This page was generated in about 0.014s