jasonadsit/Get-FancyNetstat.ps1

## Get-FancyNetstat.ps1
function Get-FancyNetstat {
    [CmdletBinding(DefaultParameterSetName='Local')]
    [OutputType([psobject])]
    param (
        [Parameter( Position=0,
                    Mandatory=$true,
                    ParameterSetName='Remote',
                    ValueFromPipeline=$true,
                    ValueFromPipelineByPropertyName=$true)]
        [Alias('PSComputerName','DNSHostName','CN','Hostname')]
        [string[]]
        $ComputerName,
        [Parameter(Position=0,ParameterSetName='Local')]
        [Parameter(Position=1,ParameterSetName='Remote')]
        [switch]
        $Listening,
        [Parameter(Position=1,ParameterSetName='Local')]
        [Parameter(Position=2,ParameterSetName='Remote')]
        [switch]
        $Established
    ) #param
    process {
        $GetFancyNetstat = [scriptblock]::Create({
            [CmdletBinding()]
            param(
                $Listening,
                $Established
            ) #param
            $Procs = Get-CimInstance -ClassName Win32_Process
            $ProcsHashTable = $Procs | Group-Object -Property ProcessId -AsHashTable
            foreach ($Proc in $Procs) {
                $ErrorActionPreferenceBak = $Global:ErrorActionPreference
                $ErrorActionPreference = [System.Management.Automation.ActionPreference]::SilentlyContinue
                $GetOwner = $Proc | Invoke-CimMethod -MethodName GetOwner
                $GetOwnerSid = $Proc | Invoke-CimMethod -MethodName GetOwnerSid
                $ErrorActionPreference = $ErrorActionPreferenceBak
                if ($GetOwnerSid.Sid) { $OwnerSid = $GetOwnerSid.Sid } else { $OwnerSid = [System.String]::Empty }
                if ($GetOwner.Domain) { $Domain = $GetOwner.Domain + '\' } else { $Domain = [System.String]::Empty }
                $User = $GetOwner.User
                $Owner = $Domain + $User
                $ParentProcessName = $($ProcsHashTable[$($Proc.ParentProcessId)].Name)
                Add-Member -InputObject $Proc -MemberType NoteProperty -Name ParentProcessName -Value $ParentProcessName
                Add-Member -InputObject $Proc -MemberType NoteProperty -Name Owner -Value $Owner
                Add-Member -InputObject $Proc -MemberType NoteProperty -Name OwnerSid -Value $OwnerSid
            } #foreach ($Proc in $Procs)
            $ProcsHashTable = $Procs | Group-Object -Property ProcessId -AsHashTable
            $AllNetStat = Get-CimInstance -Namespace root/StandardCimv2 -ClassName MSFT_NetTCPConnection
            foreach ($NetStat in $AllNetStat) {
                $ErrorActionPreferenceBak = $Global:ErrorActionPreference
                $ErrorActionPreference = [System.Management.Automation.ActionPreference]::SilentlyContinue
                $ProcId = $NetStat.OwningProcess
                $ParentProcessId = $ProcsHashTable[$ProcId].ParentProcessId
                $EachNetstat = [pscustomobject][ordered]@{
                    PSComputerName = $env:COMPUTERNAME
                    CreationTime = $NetStat.CreationTime
                    LocalAddress = $NetStat.LocalAddress
                    LocalPort = $NetStat.LocalPort
                    RemoteAddress = $NetStat.RemoteAddress
                    RemotePort = $NetStat.RemotePort
                    State = [int]($NetStat.State)
                    ProcessId = $ProcId
                    ProcessName = $ProcsHashTable[$ProcId].Name
                    CommandLine = $ProcsHashTable[$ProcId].CommandLine
                    Owner = $ProcsHashTable[$ProcId].Owner
                    OwnerSid = $ProcsHashTable[$ProcId].OwnerSid
                    ParentProcessId = $ProcsHashTable[$ProcId].ParentProcessId
                    ParentProcessName = $ProcsHashTable[$ParentProcessId].Name
                } #$EachNetstat
                if ((-not $Listening) -and (-not $Established)) {
                    $EachNetstat
                } elseif ($Listening -and (-not $Established)) {
                    $EachNetstat | Where-Object { $_.State -eq 2 }
                } elseif ((-not $Listening) -and $Established) {
                    $EachNetstat | Where-Object { $_.State -eq 5 }
                } #if
                $ErrorActionPreference = $ErrorActionPreferenceBak
            } #foreach ($NetStat in $AllNetStat)
        })
        if ($PSCmdlet.ParameterSetName -match 'Local') {
            $Params = @{    ScriptBlock = $GetFancyNetstat
                            ArgumentList = ($Listening,$Established) }
            Invoke-Command @Params
        } elseif ($PSCmdlet.ParameterSetName -match 'Remote') {
            $Params = @{    ComputerName = $ComputerName
                            ScriptBlock = $GetFancyNetstat
                            ArgumentList = ($Listening,$Established) }
            Invoke-Command @Params | ForEach-Object {
                [pscustomobject][ordered]@{
                    PSComputerName = $_.PSComputerName
                    CreationTime = $_.CreationTime
                    LocalAddress = $_.LocalAddress
                    LocalPort = $_.LocalPort
                    RemoteAddress = $_.RemoteAddress
                    RemotePort = $_.RemotePort
                    State = $_.State
                    ProcessId = $_.ProcessId
                    ProcessName = $_.ProcessName
                    CommandLine = $_.CommandLine
                    Owner = $_.Owner
                    OwnerSid = $_.OwnerSid
                    ParentProcessId = $_.ParentProcessId
                    ParentProcessName = $_.ParentProcessName
                }
            }
        } #if Local or Remote
    } #process
} #function Get-FancyNetstat
	function Get-FancyNetstat {
	[CmdletBinding(DefaultParameterSetName='Local')]
	[OutputType([psobject])]
	param (
	[Parameter( Position=0,
	Mandatory=$true,
	ParameterSetName='Remote',
	ValueFromPipeline=$true,
	ValueFromPipelineByPropertyName=$true)]
	[Alias('PSComputerName','DNSHostName','CN','Hostname')]
	[string[]]
	$ComputerName,
	[Parameter(Position=0,ParameterSetName='Local')]
	[Parameter(Position=1,ParameterSetName='Remote')]
	[switch]
	$Listening,
	[Parameter(Position=1,ParameterSetName='Local')]
	[Parameter(Position=2,ParameterSetName='Remote')]
	[switch]
	$Established
	) #param
	process {
	$GetFancyNetstat = [scriptblock]::Create({
	[CmdletBinding()]
	param(
	$Listening,
	$Established
	) #param
	$Procs = Get-CimInstance -ClassName Win32_Process
	$ProcsHashTable = $Procs \| Group-Object -Property ProcessId -AsHashTable
	foreach ($Proc in $Procs) {
	$ErrorActionPreferenceBak = $Global:ErrorActionPreference
	$ErrorActionPreference = [System.Management.Automation.ActionPreference]::SilentlyContinue
	$GetOwner = $Proc \| Invoke-CimMethod -MethodName GetOwner
	$GetOwnerSid = $Proc \| Invoke-CimMethod -MethodName GetOwnerSid
	$ErrorActionPreference = $ErrorActionPreferenceBak
	if ($GetOwnerSid.Sid) { $OwnerSid = $GetOwnerSid.Sid } else { $OwnerSid = [System.String]::Empty }
	if ($GetOwner.Domain) { $Domain = $GetOwner.Domain + '\' } else { $Domain = [System.String]::Empty }
	$User = $GetOwner.User
	$Owner = $Domain + $User
	$ParentProcessName = $($ProcsHashTable[$($Proc.ParentProcessId)].Name)
	Add-Member -InputObject $Proc -MemberType NoteProperty -Name ParentProcessName -Value $ParentProcessName
	Add-Member -InputObject $Proc -MemberType NoteProperty -Name Owner -Value $Owner
	Add-Member -InputObject $Proc -MemberType NoteProperty -Name OwnerSid -Value $OwnerSid
	} #foreach ($Proc in $Procs)
	$ProcsHashTable = $Procs \| Group-Object -Property ProcessId -AsHashTable
	$AllNetStat = Get-CimInstance -Namespace root/StandardCimv2 -ClassName MSFT_NetTCPConnection
	foreach ($NetStat in $AllNetStat) {
	$ErrorActionPreferenceBak = $Global:ErrorActionPreference
	$ErrorActionPreference = [System.Management.Automation.ActionPreference]::SilentlyContinue
	$ProcId = $NetStat.OwningProcess
	$ParentProcessId = $ProcsHashTable[$ProcId].ParentProcessId
	$EachNetstat = [pscustomobject][ordered]@{
	PSComputerName = $env:COMPUTERNAME
	CreationTime = $NetStat.CreationTime
	LocalAddress = $NetStat.LocalAddress
	LocalPort = $NetStat.LocalPort
	RemoteAddress = $NetStat.RemoteAddress
	RemotePort = $NetStat.RemotePort
	State = [int]($NetStat.State)
	ProcessId = $ProcId
	ProcessName = $ProcsHashTable[$ProcId].Name
	CommandLine = $ProcsHashTable[$ProcId].CommandLine
	Owner = $ProcsHashTable[$ProcId].Owner
	OwnerSid = $ProcsHashTable[$ProcId].OwnerSid
	ParentProcessId = $ProcsHashTable[$ProcId].ParentProcessId
	ParentProcessName = $ProcsHashTable[$ParentProcessId].Name
	} #$EachNetstat
	if ((-not $Listening) -and (-not $Established)) {
	$EachNetstat
	} elseif ($Listening -and (-not $Established)) {
	$EachNetstat \| Where-Object { $_.State -eq 2 }
	} elseif ((-not $Listening) -and $Established) {
	$EachNetstat \| Where-Object { $_.State -eq 5 }
	} #if
	$ErrorActionPreference = $ErrorActionPreferenceBak
	} #foreach ($NetStat in $AllNetStat)
	})
	if ($PSCmdlet.ParameterSetName -match 'Local') {
	$Params = @{ ScriptBlock = $GetFancyNetstat
	ArgumentList = ($Listening,$Established) }
	Invoke-Command @Params
	} elseif ($PSCmdlet.ParameterSetName -match 'Remote') {
	$Params = @{ ComputerName = $ComputerName
	ScriptBlock = $GetFancyNetstat
	ArgumentList = ($Listening,$Established) }
	Invoke-Command @Params \| ForEach-Object {
	[pscustomobject][ordered]@{
	PSComputerName = $_.PSComputerName
	CreationTime = $_.CreationTime
	LocalAddress = $_.LocalAddress
	LocalPort = $_.LocalPort
	RemoteAddress = $_.RemoteAddress
	RemotePort = $_.RemotePort
	State = $_.State
	ProcessId = $_.ProcessId
	ProcessName = $_.ProcessName
	CommandLine = $_.CommandLine
	Owner = $_.Owner
	OwnerSid = $_.OwnerSid
	ParentProcessId = $_.ParentProcessId
	ParentProcessName = $_.ParentProcessName
	}
	}
	} #if Local or Remote
	} #process
	} #function Get-FancyNetstat