Last active
June 27, 2024 09:51
-
-
Save DJStompZone/2777b7c4044e621e0deaa099c52c7b9b to your computer and use it in GitHub Desktop.
Powershell function to view network connections and listeners, with optional output in XML or JSON
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| .SYNOPSIS | |
| Displays detailed information about TCP, UDP, and Unix domain socket connections. | |
| .DESCRIPTION | |
| The Get-AllConnections function retrieves TCP, UDP, and Unix domain socket connections, | |
| and provides detailed information about the associated processes and services, particularly for svchost.exe. | |
| .PARAMETER OutputFormat | |
| Specifies the output format. Valid options are 'Table', 'JSON', and 'XML'. Default is 'Table'. | |
| .EXAMPLE | |
| Get-AllConnections | |
| This will display three tables: one for listening connections, one for active connections, | |
| and one for UDP connections with details about the local addresses, ports, process information, and associated services. | |
| .EXAMPLE | |
| Get-AllConnections -ConnectionType TCP,UDP,Socket | |
| This will display TCP connections, TCP listeners, UDP connections, and UNIX Sockets (if present) as a table. | |
| .EXAMPLE | |
| Get-AllConnections -OutputFormat JSON | |
| This will output connection details for TCP and UDP connections in JSON format. | |
| .EXAMPLE | |
| Get-AllConnections -ConnectionType UDP -OutputFormat XML. | |
| This will display information for UDP connections only, in XML format. | |
| .NOTES | |
| Author: DJ Stomp <https://github.com/DJStompZone> | |
| Date: 06/27/2024 | |
| #> | |
| function Get-AllConnections { | |
| param ( | |
| [ValidateSet("Table", "JSON", "XML")] | |
| [string]$OutputFormat = "Table" | |
| ) | |
| <# | |
| .SYNOPSIS | |
| Retrieves detailed information about the specified connections. | |
| .PARAMETER connections | |
| The connections for which to get details. | |
| #> | |
| function Get-ConnectionDetails { | |
| param ($connections) | |
| $connections | ForEach-Object { | |
| $procId = $_.OwningProcess | |
| $proc = Get-Process -Id $procId -ErrorAction SilentlyContinue | |
| if ($proc) { | |
| $services = if ($proc.Name -eq "svchost") { | |
| ($svchostServices | Where-Object { $_.ProcessId -eq $procId } | ForEach-Object { $_.DisplayName }) -join ", " | |
| } else { | |
| "" | |
| } | |
| $parentProc = Get-WmiObject Win32_Process -Filter "ProcessId=$procId" | Select-Object ParentProcessId | |
| $parentProcInfo = if ($parentProc.ParentProcessId) { | |
| $parentProcObj = Get-Process -Id $parentProc.ParentProcessId -ErrorAction SilentlyContinue | |
| if ($parentProcObj) { | |
| "$($parentProcObj.Name) ($($parentProcObj.Id))" | |
| } else { | |
| "Unknown ($($parentProc.ParentProcessId))" | |
| } | |
| } else { | |
| "N/A" | |
| } | |
| $duration = if ($_.State -eq "Established") { | |
| New-TimeSpan -Start $_.CreationTimestamp | |
| } else { | |
| "N/A" | |
| } | |
| [PSCustomObject]@{ | |
| LocalAddress = $_.LocalAddress | |
| LocalPort = $_.LocalPort | |
| RemoteAddress = $_.RemoteAddress | |
| RemotePort = $_.RemotePort | |
| ProcessId = $procId | |
| ProcessName = $proc.Name | |
| Description = $proc.Description | |
| ProcessPath = $proc.Path | |
| Services = $services | |
| CommandLine = $proc.CommandLine | |
| ParentProcess = $parentProcInfo | |
| Duration = $duration | |
| } | |
| } | |
| } | |
| } | |
| $listeners = Get-NetTCPConnection -State Listen | Select-Object LocalAddress, LocalPort, OwningProcess | |
| $established = Get-NetTCPConnection -State Established | Select-Object LocalAddress, LocalPort, RemoteAddress, RemotePort, OwningProcess, @{Name='CreationTimestamp';Expression={Get-Date}} | |
| $udpConnections = Get-NetUDPEndpoint | Select-Object LocalAddress, LocalPort, OwningProcess | |
| $svchostServices = Get-WmiObject Win32_Service | Where-Object { $_.ProcessId -in ($listeners | Select-Object -ExpandProperty OwningProcess) + ($established | Select-Object -ExpandProperty OwningProcess) + ($udpConnections | Select-Object -ExpandProperty OwningProcess) } | Select-Object ProcessId, Name, DisplayName | |
| $listenerDetails = Get-ConnectionDetails -connections $listeners | |
| $activeDetails = Get-ConnectionDetails -connections $established | Sort-Object ProcessName | |
| $udpDetails = Get-ConnectionDetails -connections $udpConnections | Sort-Object ProcessName | |
| if ($OutputFormat -eq "Table") { | |
| if ($listenerDetails) { | |
| Write-Host "LISTENERS" -ForegroundColor Green | |
| $listenerDetails | Select-Object LocalAddress, LocalPort, ProcessId, ProcessName, ParentProcess, Description, ProcessPath, Services, CommandLine | Format-Table -AutoSize | |
| } | |
| if ($activeDetails) { | |
| Write-Host "ACTIVE CONNECTIONS" -ForegroundColor Green | |
| $activeDetails | Select-Object LocalAddress, LocalPort, RemoteAddress, RemotePort, ProcessId, ProcessName, ParentProcess, Description, ProcessPath, Services, CommandLine, Duration | Format-Table -AutoSize | |
| } | |
| if ($udpDetails) { | |
| Write-Host "UDP CONNECTIONS" -ForegroundColor Green | |
| $udpDetails | Select-Object LocalAddress, LocalPort, ProcessId, ProcessName, ParentProcess, Services, Description, ProcessPath, CommandLine | Format-Table -AutoSize | |
| } | |
| } | |
| elseif ($OutputFormat -eq "JSON") { | |
| $output = @{ | |
| Listeners = $listenerDetails | |
| ActiveConnections = $activeDetails | |
| UdpConnections = $udpDetails | |
| } | |
| $output | ConvertTo-Json -Depth 3 | |
| } | |
| elseif ($OutputFormat -eq "XML") { | |
| $output = @{ | |
| Listeners = $listenerDetails | |
| ActiveConnections = $activeDetails | |
| UdpConnections = $udpDetails | |
| } | |
| $output | ConvertTo-Xml -As String -Depth 3 | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment