PoshCode Logo PowerShell Code Repository

Get-Netstat 1.2 by HansO 5 years ago (modification of post by glnsize view diff)
diff | embed code: <script type="text/javascript" src="http://PoshCode.org/embed/3139"></script>download | new post

This will perform a basic netstat.exe command and “objectize” its output.

v0.9 Initial Build – Hal
V1.0 Added support for UDP, and processname -Glenn
v1.1 Expanded [regex] statements to encompass IPV4/IPV6/ports. -Glenn
v1.2 Added support for services, removed errors when no process could be found -HansO

  1. Function Get-Netstat {
  2.     $null, $null, $null, $null, $netstat = netstat -a -n -o
  3.     [regex]$regexTCP = '(?<Protocol>\S+)\s+((?<LAddress>(2[0-4]\d|25[0-5]|[01]?\d\d?)\.(2[0-4]\d|25[0-5]|[01]?\d\d?)\.(2[0-4]\d|25[0-5]|[01]?\d\d?)\.(2[0-4]\d|25[0-5]|[01]?\d\d?))|(?<LAddress>\[?[0-9a-fA-f]{0,4}(\:([0-9a-fA-f]{0,4})){1,7}\%?\d?\]))\:(?<Lport>\d+)\s+((?<Raddress>(2[0-4]\d|25[0-5]|[01]?\d\d?)\.(2[0-4]\d|25[0-5]|[01]?\d\d?)\.(2[0-4]\d|25[0-5]|[01]?\d\d?)\.(2[0-4]\d|25[0-5]|[01]?\d\d?))|(?<RAddress>\[?[0-9a-fA-f]{0,4}(\:([0-9a-fA-f]{0,4})){1,7}\%?\d?\]))\:(?<RPort>\d+)\s+(?<State>\w+)\s+(?<PID>\d+$)'
  4.  
  5.     [regex]$regexUDP = '(?<Protocol>\S+)\s+((?<LAddress>(2[0-4]\d|25[0-5]|[01]?\d\d?)\.(2[0-4]\d|25[0-5]|[01]?\d\d?)\.(2[0-4]\d|25[0-5]|[01]?\d\d?)\.(2[0-4]\d|25[0-5]|[01]?\d\d?))|(?<LAddress>\[?[0-9a-fA-f]{0,4}(\:([0-9a-fA-f]{0,4})){1,7}\%?\d?\]))\:(?<Lport>\d+)\s+(?<RAddress>\*)\:(?<RPort>\*)\s+(?<PID>\d+)'
  6.  
  7.     [psobject]$process = "" | Select-Object Protocol, LocalAddress, Localport, RemoteAddress, Remoteport, State, PID, ProcessName, Services
  8.  
  9.     $Services = @{}
  10.     get-wmiobject win32_service | ForEach-Object {
  11.         [String]$SvcPID = $_.processid
  12.         If ($Services.ContainsKey($SvcPID))
  13.         {
  14.             $Services.Item($SvcPID) = $Services.Item($SvcPID) += $($_.Name)
  15.         }
  16.         Else
  17.         {
  18.             $Services.Add($SvcPID,@($_.Name))
  19.         }
  20.     }
  21.  
  22.     foreach ($net in $netstat)
  23.     {
  24.         switch -regex ($net.Trim())
  25.         {
  26.             $regexTCP
  27.             {          
  28.                 $process.Protocol = $matches.Protocol
  29.                 $process.LocalAddress = $matches.LAddress
  30.                 $process.Localport = $matches.LPort
  31.                 $process.RemoteAddress = $matches.RAddress
  32.                 $process.Remoteport = $matches.RPort
  33.                 $process.State = $matches.State
  34.                 $process.PID = $matches.PID
  35.                 $process.ProcessName = ( Get-Process -Id $matches.PID -ea 0).ProcessName
  36.                 $process.Services = $Services.Item($matches.PID)
  37.             }
  38.             $regexUDP
  39.             {          
  40.                 $process.Protocol = $matches.Protocol
  41.                 $process.LocalAddress = $matches.LAddress
  42.                 $process.Localport = $matches.LPort
  43.                 $process.RemoteAddress = $matches.RAddress
  44.                 $process.Remoteport = $matches.RPort
  45.                 $process.State = $matches.State
  46.                 $process.PID = $matches.PID
  47.                 $process.ProcessName = ( Get-Process -Id $matches.PID -ea 0).ProcessName
  48.                 $process.Services = $Services.Item($matches.PID)
  49.             }
  50.         }
  51.     $process
  52.     }
  53. }

Submit a correction or amendment below (
click here to make a fresh posting)
After submitting an amendment, you'll be able to view the differences between the old and new posts easily.

Syntax highlighting:


Remember me