-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathGet-Connection.psm1
More file actions
129 lines (117 loc) · 5.83 KB
/
Get-Connection.psm1
File metadata and controls
129 lines (117 loc) · 5.83 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
<#
.Synopsis
Gets the Network TCP Connections and their associated processes information.
.DESCRIPTION
The Get-Connection cmdlet gets a list of all current TCP connections on the local computer or a remote computer.
Without parameters, this cmdlet gets all of the internet TCP connections on the local computer.
You can also specify whether all tcp connections are displayed or only the Internet connections by using the AppliedSetting parameter.
.EXAMPLE
PS C:\>Get-Connection
This command gets a list of all current TCP connections on the local computer.
.EXAMPLE
PS C:\>Get-Connection -ComputerName 'DC1', 'DC2', 'EXCHANGE'
This command gets a list of all current TCP connections on the listed computers.
.EXAMPLE
PS C:\>$computer = 'DC1', 'DC2', 'IIS', 'EXCHANGE', 'WorkStation02'
PS C:\>$computer | Get-Connection
Get-Connetions allows for the piping of a list of computer names to it.
.EXAMPLE
PS C:\>Get-Connection -ComputerName 'DC1', 'EXCHANGE' -AppliedSetting All
This command gets all connections for the DC1 and EXCHANGE computers.
.EXAMPLE
PS C:\>$x = (Get-Connection).id
PS C:\> Get-Process -Id $x
This command takes all of the processes with an internet connection and passes them to Get-Process
using their process Id. From here one can dive deeper into all Get-Process has to offer regarding
those processes.
.EXAMPLE
PS C:\>$x = (Get-Connection).id
PS C:\>(Get-Process -Id $x)[0].modules
Here we combine the above commands with this to list all of the modules that are being used with
the given process at location 0 in the array we made above.
.EXAMPLE
PS C:\>$x = (Get-Connection).id
PS C:\>(Get-Process -Id $x)[0]
#>
function Get-Connection {
[CmdletBinding()]
param(
[Parameter(Mandatory=$False,
ValueFromPipeLine=$True,
ValueFromPipelineByPropertyName=$True,
HelpMessage="Enter the Computer Name")]
[Alias('Hostname','cn')]
[string[]]$ComputerName = $env:computername,
[Parameter(Mandatory=$False)]
[ValidateSet('All', 'Internet')]
[System.String]$AppliedSetting
)
BEGIN{
}
PROCESS {
ForEach($computer in $ComputerName) {
try {
$session = New-CimSession -ComputerName $computer -ErrorAction Stop
if ($AppliedSetting -eq 'All') { <# Setting the TCP applied setting to Internet or leaving it to pull all connections. #>
$NetTCPConnection = Get-NetTCPConnection -CimSession $session
} elseif ($AppliedSetting -eq 'Internet') {
$NetTCPConnection = Get-NetTCPConnection -CimSession $session -AppliedSetting Internet
} else {
$NetTCPConnection = Get-NetTCPConnection -CimSession $session -AppliedSetting Internet
} <# Others that may need to be added in later; Datacenter, Compat, DatacenterCustom, InternetCustom #>
ForEach ($connection in $NetTCPConnection) {
$process = get-process -pid $connection.OwningProcess
$properties = @{Handles = $process.Handles
CreationTime = $connection.CreationTime
CPU = $process.CPU
ProcessName = $process.ProcessName
ID = $connection.OwningProcess
LocalAddress = $connection.LocalAddress
LocalPort = $connection.LocalPort
RemoteAddress = $connection.RemoteAddress
RemotePort = $connection.RemotePort
State = $connection.State
Session = $computer
Status = 'Connected'
}
$obj = New-Object -TypeName PSObject -Property $properties
if (($ComputerName | Measure-Object).count -ge 2) {
$obj.psobject.typenames.insert(0,'Get.Connection.Multiple.Computer.Object')
} elseif (($ComputerName | Measure-Object).count -eq 1) {
$obj.psobject.typenames.insert(0,'Get.Connection.Single.Computer.Object')
} else {
Write-output ("Error: Less than one computer. This shouldn't happen.")
}
write-output $obj
} # ForEach $connection
} catch { # sessions that couldn't be connected to
Write-Verbose "Couldn't connect to $computer"
$properties = @{Handles = $null
CPU = $null
ProcessName = $null
ID = $null
LocalAddress = $null
LocalPort = $null
RemoteAddress = $null
RemotePort = $null
State = $null
Session = $computer
Status = 'Disconnected'
}
$obj = New-Object -TypeName PSObject -Property $properties
if (($ComputerName | Measure-Object).count -ge 2) {
$obj.psobject.typenames.insert(0,'Get.Connection.Multiple.Computer.Object')
} elseif (($ComputerName | Measure-Object).count -eq 1) {
$obj.psobject.typenames.insert(0,'Get.Connection.Single.Computer.Object')
} else {
Write-output ("Error: Less than one computer. This shouldn't happen.")
}
write-output $obj
} finally {
}
}
}
END {}
}
Export-ModuleMember -Function Get-Connection
Update-FormatData -AppendPath .\MyViews.format.ps1xml