Logging TCP connection is useful for troubleshooting or for auditing purpose. You can use TCPView to view the real-time the incoming and outgoing TCP connections between servers and clients. To save the log into file, you need to use TCPLogView. But, the limitation is the duration of TCP capture, or based on log file size without actually doing the custom scripting. Windows has a built-in
netstat command which can capture the TCP/UDP connection. So, with the help of powershell, I loop the execution of
netstat command & capture the new TCP connection based on previous connections. With this script, you can capture new TCP connections to a specific time or until the log file size is reached to avoid the disk space consumption.
On my testing machine, I run the below command and it will capture the incoming/outgoing TCP connections for 90 minutes (See Fig-1).
.\Get-TcpLog.ps1 -min 1 -sec 30 -CsvFile | ft
Fig-1: Logging TCP Connections for 90 seconds
I use the portable version of Packet Sender to make the fake TCP connections to 10.170.0.101, software can be downloaded from
here. See Fig-2.
Fig-2: Packet Sender Free Tool
Great script - thanks so much for sharing it. Is it possible to modify the script to just capture local port 443 for example? Also to just capture public remote IP addresses? We are using your script to identify remote IPs that are connecting to our Exchange servers and attempting brute force logins using internal email addresses. The CSV file that is created has to be heavily edited to get down to the specific information we are looking for.
ReplyDeleteThanks again,
Paul
Of course its possible, learn powershell :)
ReplyDeletethanks douchebag
DeleteAWESOME script thank you!
ReplyDeleteanyone want to learn advance devops tools or devops online training visit: DevOps Training in Bangalore | Certification | Online Training Course institute | DevOps Training in Hyderabad | Certification | Online Training Course institute | DevOps Training in Coimbatore | Certification | Online Training Course institute | DevOps Online Training | Certification | Devops Training Online
ReplyDeleteExcellent article. Very interesting to read.
ReplyDeleteoracle training in chennai
oracle training institute in chennai
oracle training in bangalore
oracle training in hyderabad
oracle training
hadoop training in chennai
hadoop training in bangalore
Thanks for providing this kind of information with us. Check out this related piece of a post I wrote about Desktop Activity Log Management.
ReplyDeleteVisit here :- Desktop Activity Log Management
Nice Blog, Best best microsoft office deals for Mac Home and Business edition is a powerful suite which fulfils the productivity applications, written for Mac OS X.
ReplyDeleteExcellent article. Very interesting to read. I really love to read such a nice article.
ReplyDeleteAWESOME script thank you!
Thanks A Lots! GB PTL