Sunday, August 27, 2017

Script to Log TCP Connections by Powershell


Logging TCP connection is useful for troubleshooting or for auditing purpose. You can use TCPView to view the real-time the incoming and outgoing TCP connections between servers and clients. To save the log into file, you need to use TCPLogView. But, the limitation is the duration of TCP capture, or based on log file size without actually doing the custom scripting. Windows has a built-in netstat command which can capture the TCP/UDP connection. So, with the help of powershell, I loop the execution of netstat command & capture the new TCP connection based on previous connections. With this script, you can capture new TCP connections to a specific time or until the log file size is reached to avoid the disk space consumption.
On my testing machine, I run the below command and it will capture the incoming/outgoing TCP connections for 90 minutes (See Fig-1).
.\Get-TcpLog.ps1 -min 1 -sec 30 -CsvFile | ft



Fig-1: Logging TCP Connections for 90 seconds
I use the portable version of Packet Sender to make the fake TCP connections to 10.170.0.101, software can be downloaded from here. See Fig-2.
Fig-2: Packet Sender Free Tool


Posted by at
Labels:

9 comments:

  1. UnknownNovember 29, 2018 at 9:11 PM

    Great script - thanks so much for sharing it. Is it possible to modify the script to just capture local port 443 for example? Also to just capture public remote IP addresses? We are using your script to identify remote IPs that are connecting to our Exchange servers and attempting brute force logins using internal email addresses. The CSV file that is created has to be heavily edited to get down to the specific information we are looking for.

    Thanks again,
    Paul

    ReplyDelete
  2. UnknownJuly 11, 2019 at 5:21 AM

    Of course its possible, learn powershell :)

    ReplyDelete
  3. BadgenesApril 21, 2020 at 11:12 PM

    AWESOME script thank you!

    ReplyDelete
  4. AnuJuly 20, 2020 at 1:24 AM

    anyone want to learn advance devops tools or devops online training visit: DevOps Training in Bangalore | Certification | Online Training Course institute | DevOps Training in Hyderabad | Certification | Online Training Course institute | DevOps Training in Coimbatore | Certification | Online Training Course institute | DevOps Online Training | Certification | Devops Training Online

    ReplyDelete
  5. Sowmiya RJuly 21, 2020 at 9:53 PM

    Excellent article. Very interesting to read.

    oracle training in chennai

    oracle training institute in chennai

    oracle training in bangalore

    oracle training in hyderabad

    oracle training

    hadoop training in chennai

    hadoop training in bangalore


    ReplyDelete
  6. DeskTrackNovember 30, 2020 at 12:11 PM

    Thanks for providing this kind of information with us. Check out this related piece of a post I wrote about Desktop Activity Log Management.

    Visit here :- Desktop Activity Log Management

    ReplyDelete
  7. Digital Software MarketJanuary 14, 2021 at 3:13 PM

    Nice Blog, Best best microsoft office deals for Mac Home and Business edition is a powerful suite which fulfils the productivity applications, written for Mac OS X.

    ReplyDelete
  8. Desmond ANG Kok ChuanMarch 14, 2021 at 5:33 AM

    Excellent article. Very interesting to read. I really love to read such a nice article.
    AWESOME script thank you!
    Thanks A Lots! GB PTL

    ReplyDelete

Note: Only a member of this blog may post a comment.

Subscribe to: Post Comments (Atom)