-
Notifications
You must be signed in to change notification settings - Fork 0
Active Internet Connections
Yves Schelpe edited this page Feb 7, 2017
·
24 revisions
Goal: To provide an overview of connections from the local address to the foreign address, with the given port numbers as well as the protocol and process id invoking it.
| Proto | Recv-Q | Send-Q | Local Address | Foreign Address | State | PID/Program name |
|---|---|---|---|---|---|---|
string |
number |
number |
ip:port |
ip:port |
string |
number/string |
- Proto: The protocol used by the socket. This can be one of several values: tcp, tcp6, udp, raw.
- Recv-Q: The count of bytes not copied by the user program connected to this socket.
- Send-Q: The count of byes not acknowledged by the remote host.
- Local Address: Address and port number of the local end of the socket.
- Foreign Address: analogous to "Local Address".
- State: The state of the socket. Since there are no states in raw mode and usually no states used in UDP, this column may be left blank. Normally this can be one of several values: ESTABLISHED, SYN_SENT, SYN_REC, FIN_WAIT1, FIN_WAIT2, TIME_WAIT, CLOSE, CLOSE_WAIT, LAST_ACK, LISTEN, CLOSING, UNKNOWN.
- PID/Program name: Slash-seperated pair of the process id and the process name of the process that owns the socket.
Source of table naming information.
| Proto | Recv-Q | Send-Q | Local Address | Foreign Address | (state) | rhiwat | shiwat | pid | epid |
|---|---|---|---|---|---|---|---|---|---|
string |
number |
number |
ip.port |
ip.port |
string |
number |
number |
number |
number |
- rhiwate: ??? (undocumented - no info found).
- shiwat: ??? (undocumented - no info found).
- epid: ??? (undocumentend - no info found).
| Proto | Local Address | Foreign Address | State | PID |
|---|---|---|---|---|
string |
ip:port |
ip:port |
string |
number |
| Proto | Local Address | Foreign Address | State | PID/name |
|---|---|---|---|---|
string |
ip:port |
ip:port |
string |
number/string |
$netstat = netstat -aon | Select-String -Pattern "(TCP|UDP)"
$ProcessList = Get-Process
foreach ($line in $netstat)
{
$SpltArry = $line -split " "
$PD = $spltArry[$spltarry.length - 1]
$pn = $ProcessList | Where-Object {$_.id -eq $pd} | select processname
$SpltArry[$SpltArry.length - 1] = $PD + "/" + $PN.processname
$SpltArry -join " "
}