In the following example, a PowerShell script checks if a connection from the specified IP address appears on the default RDP port 3389. For example, you can create a simple PowerShell script to track if the connection is established from the specific IP address to the specified local port and display a pop-up notification to the administrator.
You can use the Get-NetTCPConnection cmdlet in various scenarious. If ($Connection.ProcessName -like $TrackProcessName) Path}}, OffloadState,CreationTimeįoreach ($Connection in $EstablishedConnections) $EstablishedConnections = Get-NetTCPConnection -State Established |Select-Object -Property LocalAddress, $_.RemoteAddress).NameHost}},RemoteAddress, RemotePort, -Id $_.OwningProcess). To do it, you can use the following PowerShell script:
You can view only network connections initiated by the specific process. Get-WmiObject Win32_Service | Where-Object -Property ProcessId -In (Get-NetTCPConnection).OwningProcess | Where-Object -Property State -eq Running | Format-Table ProcessId, Name, Caption, StartMode, State, Status, PathName By the name of a parent process PID, you can display the list of related Windows services that are using the network:
0 kommentar(er)
