Noobiesh question

This topic contains 6 replies, has 4 voices, and was last updated by Profile photo of Michael Maher Michael Maher 5 months, 2 weeks ago.

Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
    Posts
  • #37411
    Profile photo of Tomer Setty
    Tomer Setty
    Participant

    Hi all,
    I'm new with powershell and would like to understand something,
    i would like to make myself a script that will add 1 member to Get-nettcpconnection pipe named FullProcessName and that will take the value of the process name when get-process id equals to get-nettcpconnection OwningProcess,
    with what i've managed to do i do create new member but it's empty
    i guess the mistake is somewhere over the "where {$bb.Id -eq "$aa.Owningprocess"}"
    can some one explain ? is that because of INT\String issue ?
    Thanks

    $aa = Get-NetTCPConnection | where State -eq "established"
    $bb = Get-NetTCPConnection | where State -eq "established" | Select @{n='Id';e={$_.OwningProcess}} | Get-Process
    $fullobj = foreach ($a in $aa)
    {
    Add-Member -MemberType NoteProperty -Name FullProcessName -Value ( where {$bb.Id -eq "$aa.Owningprocess"}

    ) -InputObject $a -PassThru }

    $fullobj | ft FullProcessName,LocalPort,State

    #37416
    Profile photo of Bob McCoy
    Bob McCoy
    Participant

    It seems highly redundant to want the state since you are filtering on state -eq 'established'. Take a look at this and see if it does what you want.

    $results = Get-NetTCPConnection | where State -eq "established" | foreach {
        [PSCustomObject]@{
            ProcessName = (Get-Process -Id $PSItem.OwningProcess).ProcessName
            LocalPort = $PSItem.LocalPort
            State = $PSItem.State
        }
    }
    # Sample outputs - pick one or more, your choice
    $results
    $results | Format-Table -AutoSize
    $results | Out-GridView
    $results | Export-Csv -Path .\foo.csv -NoTypeInformation -Encoding ASCII
    $results | Out-File -FilePath .\foo.txt -Encoding ASCII
    $results | Export-Clixml -Path .\foo.xml -Encoding ASCII
    #37417
    Profile photo of Michael Maher
    Michael Maher
    Participant

    Hi Tomer,

    As far as I can see OwningProcess is not a property of Get-NetTCPConnection

    You can check this like so

    $aa = Get-NetTCPConnection | where State -eq "established"
    $aa | Get-Member
    

    I might be missing something but that cmdlet looks more like a variation on Netstat (which doesn't give the process name) than TCPView or TCPVCon which does.

    regards,

    Michael

    #37419
    Profile photo of Bob McCoy
    Bob McCoy
    Participant

    If you wanted to preserve the process object for further downstream processing, you could do something like this ...

    $processes = Get-NetTCPConnection | where State -eq "established"
    $results = foreach ($process in $processes) {
        $processName = (Get-Process -Id $process.OwningProcess).ProcessName
        $process | Add-Member -NotePropertyName ProcessName -NotePropertyValue $processName -PassThru
    }
    $results | select LocalPort, ProcessName
    #37420
    Profile photo of Richard Diphoorn
    Richard Diphoorn
    Participant

    I once made a little piece of code for this same type of question:

    Get-NetTCPConnection | Where-Object -Property State -EQ -Value 'Established' | ForEach-Object -Process {
        [PSCustomObject] @{
            'ProcessName'	= (Get-Process -Id $_.OwningProcess).Name
            'ProcessId'		= (Get-Process -Id $_.OwningProcess).Id
            'RemoteIP'		= $_.RemoteAddress
            'LocalPort'		= $_.LocalPort
            'State'			= $_.State
        }
    } | Format-Table -AutoSize
    

    You can also put this into a function of course:

    #requires -Version 3 -Modules NetTCPIP
    function Get-NetTCPConnectionProcessName
    {
        [CmdletBinding()]
        Param (
            [Parameter(Mandatory = $false,Position = 0)]
            $Value = 'Established'
        
        )
    
        Get-NetTCPConnection |
        Where-Object -Property State -EQ -Value $Value | ForEach-Object -Process {
            [PSCustomObject] @{
                'ProcessName' = (Get-Process -Id $_.OwningProcess).Name
                'ProcessId' = (Get-Process -Id $_.OwningProcess).Id
                'RemoteIP'  = $_.RemoteAddress
                'LocalPort' = $_.LocalPort
                'State'     = $_.State
            }
        }
    }
    

    Then you can do stuff like this:

    Get-NetTCPConnectionProcessName | Format-Table -Autosize
    

    Or:

    Get-NetTCPConnectionProcessName | Export-Csv -Path C:\Temp\stats.csv -NoTypeInformation
    
    #37424
    Profile photo of Richard Diphoorn
    Richard Diphoorn
    Participant

    @michael: The property OwningProcess is new to Windows 10 / Server 2016.

    #37425
    Profile photo of Michael Maher
    Michael Maher
    Participant

    Thanks Richard,

    I thought I was going mad.

    I'm running WMF 5.0 on (2012 R2/Windows 7)

    Michael

Viewing 7 posts - 1 through 7 (of 7 total)

You must be logged in to reply to this topic.