PoshCode Logo PowerShell Code Repository

Get-Netstat 1,2 by Ivan F 6 years ago (modification of post by glnsize view diff)
View followups from Robert | diff | embed code: <script type="text/javascript" src="http://PoshCode.org/embed/2398"></script>download | new post

This will perform a basic netstat.exe command and “objectize” its output.

v0.9 Initial Build – Hal
V1.0 Added support for UDP, and processname -Glenn
v1.1 Expanded [regex] statements to encompass IPV4/IPV6/ports. -Glenn
v1.2 Changed the process name lookup to make script a bit faster -Ivan

  1. $null, $null, $null, $null, $netstat = netstat -a -n -o
  2. $ps = Get-Process
  3. [regex]$regexTCP = '(?<Protocol>\S+)\s+((?<LAddress>(2[0-4]\d|25[0-5]|[01]?\d\d?)\.(2[0-4]\d|25[0-5]|[01]?\d\d?)\.(2[0-4]\d|25[0-5]|[01]?\d\d?)\.(2[0-4]\d|25[0-5]|[01]?\d\d?))|(?<LAddress>\[?[0-9a-fA-f]{0,4}(\:([0-9a-fA-f]{0,4})){1,7}\%?\d?\]))\:(?<Lport>\d+)\s+((?<Raddress>(2[0-4]\d|25[0-5]|[01]?\d\d?)\.(2[0-4]\d|25[0-5]|[01]?\d\d?)\.(2[0-4]\d|25[0-5]|[01]?\d\d?)\.(2[0-4]\d|25[0-5]|[01]?\d\d?))|(?<RAddress>\[?[0-9a-fA-f]{0,4}(\:([0-9a-fA-f]{0,4})){1,7}\%?\d?\]))\:(?<RPort>\d+)\s+(?<State>\w+)\s+(?<PID>\d+$)'
  4.  
  5. [regex]$regexUDP = '(?<Protocol>\S+)\s+((?<LAddress>(2[0-4]\d|25[0-5]|[01]?\d\d?)\.(2[0-4]\d|25[0-5]|[01]?\d\d?)\.(2[0-4]\d|25[0-5]|[01]?\d\d?)\.(2[0-4]\d|25[0-5]|[01]?\d\d?))|(?<LAddress>\[?[0-9a-fA-f]{0,4}(\:([0-9a-fA-f]{0,4})){1,7}\%?\d?\]))\:(?<Lport>\d+)\s+(?<RAddress>\*)\:(?<RPort>\*)\s+(?<PID>\d+)'
  6.  
  7. [psobject]$process = "" | Select-Object Protocol, LocalAddress, Localport, RemoteAddress, Remoteport, State, PID, ProcessName
  8.  
  9. foreach ($net in $netstat)
  10. {
  11.     switch -regex ($net.Trim())
  12.     {
  13.         $regexTCP
  14.         {          
  15.             $process.Protocol = $matches.Protocol
  16.             $process.LocalAddress = $matches.LAddress
  17.             $process.Localport = $matches.LPort
  18.             $process.RemoteAddress = $matches.RAddress
  19.             $process.Remoteport = $matches.RPort
  20.             $process.State = $matches.State
  21.             $process.PID = $matches.PID
  22.             $process.ProcessName = ( $ps | Where-Object {$_.Id -eq $matches.PID} ).ProcessName
  23.         }
  24.         $regexUDP
  25.         {          
  26.             $process.Protocol = $matches.Protocol
  27.             $process.LocalAddress = $matches.LAddress
  28.             $process.Localport = $matches.LPort
  29.             $process.RemoteAddress = $matches.RAddress
  30.             $process.Remoteport = $matches.RPort
  31.             $process.State = $matches.State
  32.             $process.PID = $matches.PID
  33.             $process.ProcessName = ( $ps | ? {$_.Id -eq $matches.PID} ).ProcessName
  34.         }
  35.     }
  36. $process
  37. }

Submit a correction or amendment below (
click here to make a fresh posting)
After submitting an amendment, you'll be able to view the differences between the old and new posts easily.

Syntax highlighting:


Remember me