52 lines
2.2 KiB
PowerShell
52 lines
2.2 KiB
PowerShell
|
function Get-DecoratedNetTCPConnections {
|
|||
|
<#
|
|||
|
.SYNOPSIS
|
|||
|
Gets Net TCP Connections with Process and Username information
|
|||
|
|
|||
|
.PARAMETER UngroupConnections
|
|||
|
Do not group by connection's OwningProcess
|
|||
|
#>
|
|||
|
[CmdletBinding()]
|
|||
|
param(
|
|||
|
[Parameter(Mandatory = $false)]
|
|||
|
[Alias("ShowUngrouped")]
|
|||
|
[switch]$UngroupConnections
|
|||
|
)
|
|||
|
|
|||
|
$logLead = Get-LogLeadName
|
|||
|
|
|||
|
[System.Collections.ArrayList]$connections = Get-NetTCPConnection | Sort-Object -Property OwningProcess
|
|||
|
$uniqueProcessIds = $connections | Select-Object -ExpandProperty OwningProcess -Unique
|
|||
|
[System.Collections.ArrayList]$matchingProcesses = Get-Process -IncludeUserName -Id $uniqueProcessIds -ErrorAction SilentlyContinue | Sort-Object -Property Id -ErrorAction SilentlyContinue
|
|||
|
|
|||
|
if (!($UngroupConnections.IsPresent)) {
|
|||
|
|
|||
|
$groupedConnections = $connections | Group-Object -Property OwningProcess
|
|||
|
|
|||
|
foreach ($process in $matchingProcesses) {
|
|||
|
|
|||
|
$groupedConnections | Where-Object { $_.Name -eq $process.Id } | Add-Member -NotePropertyMembers @{ProcessName = $($process.Name); UserName = $($process.UserName) }
|
|||
|
}
|
|||
|
|
|||
|
$groupedConnections | Where-Object { $null -eq $_.ProcessName } | ForEach-Object {
|
|||
|
|
|||
|
Write-Verbose -Message ("$logLead : Adding Unknown Process and User to Orphaned Process with ID {0}" -f $_.Name)
|
|||
|
$_ | Add-Member -NotePropertyMembers @{ProcessName = "Unknown"; UserName = "Unknown" }
|
|||
|
}
|
|||
|
|
|||
|
$sortedConnections = $groupedConnections | Select-Object -Property Count, ProcessName, UserName, Name, Group | Sort-Object -Property Count -Descending
|
|||
|
} else {
|
|||
|
|
|||
|
Write-Warning -Message "$logLead : Preparing ungrouped connections. This might take a bit..."
|
|||
|
|
|||
|
$ungroupedConnections = $connections
|
|||
|
foreach ($process in $matchingProcesses) {
|
|||
|
|
|||
|
$ungroupedConnections | Where-Object { $_.OwningProcess -eq $process.Id } | Add-Member -NotePropertyMembers @{ProcessName=$($process.Name);UserName=$($process.UserName)}
|
|||
|
}
|
|||
|
|
|||
|
$sortedConnections = $ungroupedConnections | Select-Object -Property LocalPort, LocalAddress, RemotePort, RemoteAddress, State, ProcessName, UserName | Sort-Object -Property LocalPort -Descending
|
|||
|
}
|
|||
|
|
|||
|
return $sortedConnections
|
|||
|
}
|