Noobiesh question

This topic contains 6 replies, has 4 voices, and was last updated by  Michael Maher 2 years, 3 months ago.

  • Author
  • #37411

    Tomer Setty

    Hi all,
    I'm new with powershell and would like to understand something,
    i would like to make myself a script that will add 1 member to Get-nettcpconnection pipe named FullProcessName and that will take the value of the process name when get-process id equals to get-nettcpconnection OwningProcess,
    with what i've managed to do i do create new member but it's empty
    i guess the mistake is somewhere over the "where {$bb.Id -eq "$aa.Owningprocess"}"
    can some one explain ? is that because of INT\String issue ?

    $aa = Get-NetTCPConnection | where State -eq "established"
    $bb = Get-NetTCPConnection | where State -eq "established" | Select @{n='Id';e={$_.OwningProcess}} | Get-Process
    $fullobj = foreach ($a in $aa)
    Add-Member -MemberType NoteProperty -Name FullProcessName -Value ( where {$bb.Id -eq "$aa.Owningprocess"}

    ) -InputObject $a -PassThru }

    $fullobj | ft FullProcessName,LocalPort,State

  • #37416

    Bob McCoy

    It seems highly redundant to want the state since you are filtering on state -eq 'established'. Take a look at this and see if it does what you want.

    $results = Get-NetTCPConnection | where State -eq "established" | foreach {
            ProcessName = (Get-Process -Id $PSItem.OwningProcess).ProcessName
            LocalPort = $PSItem.LocalPort
            State = $PSItem.State
    # Sample outputs - pick one or more, your choice
    $results | Format-Table -AutoSize
    $results | Out-GridView
    $results | Export-Csv -Path .\foo.csv -NoTypeInformation -Encoding ASCII
    $results | Out-File -FilePath .\foo.txt -Encoding ASCII
    $results | Export-Clixml -Path .\foo.xml -Encoding ASCII
  • #37417

    Michael Maher

    Hi Tomer,

    As far as I can see OwningProcess is not a property of Get-NetTCPConnection

    You can check this like so

    $aa = Get-NetTCPConnection | where State -eq "established"
    $aa | Get-Member

    I might be missing something but that cmdlet looks more like a variation on Netstat (which doesn't give the process name) than TCPView or TCPVCon which does.



  • #37419

    Bob McCoy

    If you wanted to preserve the process object for further downstream processing, you could do something like this ...

    $processes = Get-NetTCPConnection | where State -eq "established"
    $results = foreach ($process in $processes) {
        $processName = (Get-Process -Id $process.OwningProcess).ProcessName
        $process | Add-Member -NotePropertyName ProcessName -NotePropertyValue $processName -PassThru
    $results | select LocalPort, ProcessName
  • #37420

    Richard Diphoorn

    I once made a little piece of code for this same type of question:

    Get-NetTCPConnection | Where-Object -Property State -EQ -Value 'Established' | ForEach-Object -Process {
        [PSCustomObject] @{
            'ProcessName'	= (Get-Process -Id $_.OwningProcess).Name
            'ProcessId'		= (Get-Process -Id $_.OwningProcess).Id
            'RemoteIP'		= $_.RemoteAddress
            'LocalPort'		= $_.LocalPort
            'State'			= $_.State
    } | Format-Table -AutoSize

    You can also put this into a function of course:

    #requires -Version 3 -Modules NetTCPIP
    function Get-NetTCPConnectionProcessName
        Param (
            [Parameter(Mandatory = $false,Position = 0)]
            $Value = 'Established'
        Get-NetTCPConnection |
        Where-Object -Property State -EQ -Value $Value | ForEach-Object -Process {
            [PSCustomObject] @{
                'ProcessName' = (Get-Process -Id $_.OwningProcess).Name
                'ProcessId' = (Get-Process -Id $_.OwningProcess).Id
                'RemoteIP'  = $_.RemoteAddress
                'LocalPort' = $_.LocalPort
                'State'     = $_.State

    Then you can do stuff like this:

    Get-NetTCPConnectionProcessName | Format-Table -Autosize


    Get-NetTCPConnectionProcessName | Export-Csv -Path C:\Temp\stats.csv -NoTypeInformation
  • #37424

    Richard Diphoorn

    @michael: The property OwningProcess is new to Windows 10 / Server 2016.

  • #37425

    Michael Maher

    Thanks Richard,

    I thought I was going mad.

    I'm running WMF 5.0 on (2012 R2/Windows 7)


You must be logged in to reply to this topic.