SID-500

Home » PowerShell » The new netstat: Playing with Get-NetTCPConnection

The new netstat: Playing with Get-NetTCPConnection

For some reason, I don’t like netstat. Never did. Fortunately PowerShell provides a similar command to netstat: Get-NetTCPConnection. Let’s discover the options of this command in form of this blog post.

Get-NetTCPConnection

Running without any parameter it gives you an overview of all TCP Connections. It will show you TCP Connections of all states (closed, waiting, listening, established …)

Get-NetTCPConnection

Unbenannt.PNG

IPv4 only

To show only IPv4 Connections simply provide your Local IPv4 Address. It might be useful to sort on the Local Port:

Get-NetTCPConnection -LocalAddress 192.168.0.100 | Sort-Object LocalPort

Unbenannt.PNG

IPv6 only

If you are lucky and your ISP provides you with IPv6 Adresses, then enter your IPv6 Global Unicast Address.

Get-NetTCPConnection -LocalAddress 2a02:8388:b01:3700:215:5dff:fe6f:a00 | Sort-Object LocalPort

Unbenannt.PNG

Show established connections only

I guess the most important parameter is state. To show only established connections in a user-friendly view (Format-Table) run

Get-NetTCPConnection -State Established | Format-Table -AutoSize

1.PNG

Well, ok, we’ve seen in these first steps what Get-NetTCPConnection could do for us. Before we continue to the more advanced part of this post let’s compare the output to netstat.

As I’ve mentioned: The PowerShell cmdlet is my favourite.

Get-NetTCPConnection for Power Users

Resolving IP-Addresses

Do you know the IP of sid-500.com. Why not? 😉 If you don’t know the IP of my site how would you check if you are connected to it? Ok, sure there must be a connection because you’re reading my article. Well, if you know the hostname then run Resolve-DnsName to get the IP-Address!

Get-NetTCPConnection -RemoteAddress (Resolve-DnsName sid-500.com).IPAddress -ErrorAction SilentlyContinue | Format-List

Unbenannt.PNG

Or get only the remote address.

Unbenannt.PNG

For this it’s useful to use the Erroraction Parameter for avoiding ugly red error messages. Resolve-DNSName will give you 2 IPv4 Addresses of my site. But you are only connected to one of them. So you are not connected to the other one which causes the red lines.

Look at the following example. Microsoft has more than one Public IPv4 Address. I’m connected to only one of them. If you run this command with Erroraction silentlycontinue, you’ll see no red lines anymore.

Unbenannt.PNG

Get TCP Connections on Remote Hosts

If you want to figure out the established TCP Connections on a remote host, simply use Invoke-Command. Note, that I’m logged on dc01. Server02 is the remote host. Both computers share the same domain.

Invoke-Command -ComputerName server02 {Get-NetTCPConnection -State Established}

Unbenannt.PNG

Get TCP Connections from all Servers

To retrieve all established connections from all servers of your domain (all OUs!) and to save them all to  a file, run

(Get-ADComputer -Filter 'operatingsystem -like "*server*"').Name | Foreach-Object {Invoke-Command -ComputerName $_ {Get-NetTCPConnection -State Established -ErrorAction SilentlyContinue} | Sort-Object PSComputerName | Select-Object PSComputername, LocalPort, RemotePort, RemoteAddress} | Out-File C:\Temp\TCPConn.txt

Unbenannt.PNG

Unbenannt.PNG

That’s it for today. Hope you enjoyed it!

See also

For more about networking with PowerShell see also my articles

PowerShell: Testing the connectivity to the Default Gateway on localhost and Remote Hosts by reading the Routing Table

PowerShell: Use SSH to connect to remote hosts (Posh-SSH)

PowerShell: Check open/closed ports with Test-NetConnection


1 Comment

  1. […] The new netstat: Playing with Get-NetTCPConnection […]

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

GET-AUTHOR

My name is Patrick Grünauer. Microsoft MVP. I am from Austria. On sid-500 I write about Windows, Cisco and IT-Security in English and German. Have fun while reading!

Categories

Patrick Gruenauer
Follow SID-500 on WordPress.com