Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
1.2k views
in Technique[技术] by (71.8m points)

powershell - Get foreign address name using NETSTAT for established active TCP connections

I'm using NETSTAT command in PowerShell. I need to grab the list of foreign addresses which starts with XYZ name and are ESTABLISHED as state using TCP connections.

I stuck up at parsing because of the NETSTAT result as below.

PS C:Windowssystem32> .NETSTAT.EXE

Active Connections

  Proto  Local Address          Foreign Address        State
  TCP    10.125.4.233:2310      157.05.39.133:2492     ESTABLISHED

I need the foreign address names not the remote address on the local host only.
Remote address doesn't show the FQDN.

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)
 $netstats = netstat -p TCP -f
 $data = $netstats[4..($netstats.count)] #The good info starts on index 4
 foreach($line in $data){
     $line = $line -split ' ' | ? {$_ -ne ''}
     $final += @(New-Object -TypeName psobject -Property @{'Proto'=$line[0];'LAddress'=$line[1];'FAddress'=$line[2];'State'=$line[3]})
 }
 $netstat_results = $final
 $netstat_results | ? {$_.state -eq 'ESTABLISHED'}

Now it should be easy getting the data you want after parsing the text that netstat returns.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...