Get-NetTCPConnection (NetTCPIP) | Microsoft Docs

Get-NetTCPConnection [[-LocalAddress] <String[]>] 
[[-LocalPort] <UInt16[]>] 
[-RemoteAddress <String[]>] 
[-RemotePort <UInt16[]>] 
[-State <State[]>] 
[-AppliedSetting <AppliedSetting[]>] 
[-OwningProcess <UInt32[]>] 
[-CreationTime <DateTime[]>] 
[-OffloadState <OffloadState[]>] 
[-CimSession <CimSession[]>] 
[-ThrottleLimit <Int32>] 
[-AsJob] [<CommonParameters>]

 Visa etablerade anslutningar

Get-NetTCPConnection -State Established

Till en specifik IP

Get-NetTCPConnection -State Established | where {$_.remoteaddress -eq '192.168.0.1'}

Till specifik port

Get-NetTCPConnection -State Established |where {$_.remoteport -eq '80'}

Visa vilken process som håller sessionen

Get-NetTCPConnection -State Established |where {$_.remoteport -eq '80'} | select LocalAddress, LocalPort, RemoteAddress, RemotePort, State, OwningProcess | ft

För att på ett enkelt sätt "bevaka" en specifik trafik kan man loopa frågan varje sekund och få indikation på trafik när den händer...

($ErrorActionPreference = "SilentlyContinue" ) är för att slippa se röda blaffor om ingen koppling finns...

Visa alla blockeringar (SYN_SENT)

$ErrorActionPreference = "SilentlyContinue" ; while ($true) {Get-NetTCPConnection -State SynSent ; sleep -Seconds 1}

Visa alla blockeringar (SYN_SENT och filtrera bort alla 127.0.0.1 adresser)

$ErrorActionPreference = "SilentlyContinue" ; while ($true) {Get-NetTCPConnection -State SynSent | where {$_.remoteAddress -ne '127.0.0.1'} ; sleep -Seconds 1}

Visa all trafik som går till <IP> 

$ErrorActionPreference = "SilentlyContinue" ; while ($true) {Get-NetTCPConnection -RemoteAddress <IP> ; sleep -Seconds 1; cls}

Visa alla etablerade nätanslutningar

$ErrorActionPreference = "SilentlyContinue" ; while ($true) {Get-NetTCPConnection -State Established ; sleep -Seconds 1}