ramiroencinas/active-conn.ps1

## active-conn.ps1
$delay_seconds = 1

while (1) {

	$timestamp = Get-Date -Format "dd-MM-yyyy HH:mm:ss"

	Try {

		$connections = Get-NetTCPConnection -State Established -AppliedSetting Internet -ErrorAction Stop | select OwningProcess, RemoteAddress, RemotePort

	} Catch {

		Start-Sleep -Seconds $delay_seconds
		continue
	}

	foreach ($conn in $connections) {

		if ( $conn.RemoteAddress -eq "127.0.0.1" ) { continue }

		$process_id = $conn.OwningProcess

		$procinfo = Get-Process -Id $process_id -IncludeUserName

		$commandline = ""

		if ($procinfo.ProcessName -eq "svchost") {

			$commandline = (Get-WmiObject -Class Win32_Process -Filter "ProcessID = $process_id").CommandLine

		} else {

			$commandline = $procinfo.Path

		}

		write-host $timestamp $procinfo.UserName $process_id $commandline $conn.RemoteAddress $conn.RemotePort

	}

	Start-Sleep -Seconds $delay_seconds

}
	$delay_seconds = 1

	while (1) {

	$timestamp = Get-Date -Format "dd-MM-yyyy HH:mm:ss"

	Try {

	$connections = Get-NetTCPConnection -State Established -AppliedSetting Internet -ErrorAction Stop \| select OwningProcess, RemoteAddress, RemotePort

	} Catch {

	Start-Sleep -Seconds $delay_seconds
	continue
	}

	foreach ($conn in $connections) {

	if ( $conn.RemoteAddress -eq "127.0.0.1" ) { continue }

	$process_id = $conn.OwningProcess

	$procinfo = Get-Process -Id $process_id -IncludeUserName

	$commandline = ""

	if ($procinfo.ProcessName -eq "svchost") {

	$commandline = (Get-WmiObject -Class Win32_Process -Filter "ProcessID = $process_id").CommandLine

	} else {

	$commandline = $procinfo.Path

	}

	write-host $timestamp $procinfo.UserName $process_id $commandline $conn.RemoteAddress $conn.RemotePort

	}

	Start-Sleep -Seconds $delay_seconds

	}