Get-NetTCPConnection (NetTCPIP) | Microsoft Docs
Get-NetTCPConnection [[-LocalAddress] <String[]>]
[[-LocalPort] <UInt16[]>]
[-RemoteAddress <String[]>]
[-RemotePort <UInt16[]>]
[-State <State[]>]
[-AppliedSetting <AppliedSetting[]>]
[-OwningProcess <UInt32[]>]
[-CreationTime <DateTime[]>]
[-OffloadState <OffloadState[]>]
[-CimSession <CimSession[]>]
[-ThrottleLimit <Int32>]
[-AsJob] [<CommonParameters>]
Visa etablerade anslutningar
Get-NetTCPConnection -State Established
Till en specifik IP
Get-NetTCPConnection -State Established | where {$_.remoteaddress -eq '192.168.0.1'}
Till specifik port
Get-NetTCPConnection -State Established |where {$_.remoteport -eq '80'}
Visa vilken process som håller sessionen
Get-NetTCPConnection -State Established |where {$_.remoteport -eq '80'} | select LocalAddress, LocalPort, RemoteAddress, RemotePort, State, OwningProcess | ft
För att på ett enkelt sätt "bevaka" en specifik trafik kan man loopa frågan varje sekund och få indikation på trafik när den händer...
($ErrorActionPreference = "SilentlyContinue" ) är för att slippa se röda blaffor om ingen koppling finns...
Visa alla blockeringar (SYN_SENT)
$ErrorActionPreference = "SilentlyContinue" ; while ($true) {Get-NetTCPConnection -State SynSent ; sleep -Seconds 1}
Visa alla blockeringar (SYN_SENT och filtrera bort alla 127.0.0.1 adresser)
$ErrorActionPreference = "SilentlyContinue" ; while ($true) {Get-NetTCPConnection -State SynSent | where {$_.remoteAddress -ne '127.0.0.1'} ; sleep -Seconds 1}
Visa all trafik som går till <IP>
$ErrorActionPreference = "SilentlyContinue" ; while ($true) {Get-NetTCPConnection -RemoteAddress <IP> ; sleep -Seconds 1; cls}
Visa alla etablerade nätanslutningar
$ErrorActionPreference = "SilentlyContinue" ; while ($true) {Get-NetTCPConnection -State Established ; sleep -Seconds 1}