0

Basically I have a firewall blocking everything except what rules I add. I have an app which has no kb or documentation on what it needs to connect to. Wrote simple scripts to watch netstat given a process ID. This is slow. Wanted to use powershell's Get-NetTCPConnection to dump RemoteIP & Port from a given process name or a list of process names. Found some code here

Get-NetTCPConnection| Select LocalAddress, LocalPort, RemoteAddress, RemotePort, State, OwningProcess , @{n="ProcessName";e={(Get-Process -Id $_.OwningProcess).ProcessName}} , @{n="UserName";e={(Get-Process -Id $_.OwningProcess -IncludeUserName).UserName}}| Where {$_.State -eq"Established"} |FT -autosize -Force

but it shows established connections which I don't have yet. Instead of State I am hoping to dump any state on ProcessName but so far it has errored out. Any guidance or links that might help?

ZodTheDestroyer
  • 1
  • Just replace the condition given to Where. Change `Where {$_.State -eq"Established"}` to `Where {$_.ProcessName -eq "YourProcessName"}` – Daniel Sep 14 '22 at 06:39
  • 1
    I swear I tried that late last night and it completely blew up with loads of errors. Of course after I post and sleep on it - it works. Thanks – ZodTheDestroyer Sep 14 '22 at 12:58

0 Answers0