I made this function to be able to collect what connects to my server over time.
This is not my own idea, I found it on the Internet, and improved it to my own needs.
I know that IIS logs data about connections and much more, but when I also want to see who and what connects to the other protocols like ftp, pop, smtp, it becomes difficult to join all logfiles just for this purpose.
The script is simple, but clearly demonstrates what can be done with the new PowerShell for Windows.
I have just recently started with PowerShell, and some operations in this script is quite possible to improve, both regarding readability and efficiency. Anyway, here it is.
function collect_netstat {
# Create array to hold netstat data
$listnetstatdata = @()
# Get TCP connections from netstat
$netstatResults = & netstat -anp TCP | out-string -stream
foreach($line in $netstatResults){
# Create object data and add to object
# if(-not (($line.Trim() -eq [String]::Empty) -or ($line.contains("Active Connections")) -or ($line.contains("Local Address")))){
if ($line -match '\s*(TCP)\s+(\S+)\s+(\S+)\s+(LISTEN)'){
$localhost = $matches[2].Split(":")
if($localhost -ne "127.0.0.1") {
$listnetstatdata = $listnetstatdata + $localhost[1]
}
}
# }
}
$netstatResults = & netstat -p TCP | out-string -stream
$allnetstatdata = @()
foreach($line in $netstatResults){
# Create object data and add to object
$netstatdata = "" | Select local,port,foreign
# if(-not (($line.Trim() -eq [String]::Empty) -or ($line.contains("Active Connections")) -or ($line.contains("Local Address")))){
if ($line -match '\s*(TCP)\s+(\D\S+)\s+(\D\S+)\s+(ESTABLISHED|CLOSE)'){
$localhost = $matches[2].Split(":")
$foreignhost = $matches[3].Split(":")
if($foreignhost[0] -ne "localhost" -and $localhost[0] -ne $foreignhost[0].Split(".")[0]) {
$found = 0
foreach($listport in $listnetstatdata) {
if($listport -eq $localhost[1]) {
$found = 1
}
}
if($found -eq 1 -and $localhost[0] -ne "localhost") {
$netstatdata.local = $localhost[0]
$netstatdata.port = $localhost[1]
$netstatdata.foreign = $foreignhost[0]
$allnetstatdata = $allnetstatdata + $netstatdata
}
}
}
# }
}
# Define Log File
$logfile = "C:\TCPConnections.txt"
# Get data from file and add to object
$filedata = Get-Content $logfile
if($filedata){
foreach($line in $filedata){
$netstatdata = "" | Select local,port,foreign
$entry = $line.Split("`t")
$netstatdata.port = $entry[0]
$netstatdata.local = $entry[1]
$netstatdata.foreign = $entry[2]
$allnetstatdata = $allnetstatdata + $netstatdata
}
}
# Get unique rows
$newnetstatdata = $allnetstatdata | Select-Object * -unique
# Add combined data to string
$tempcontent = New-Object System.Text.StringBuilder
foreach($netstat in $newnetstatdata){
if($netstat.port){$tempcontent.Append($netstat.port.ToString()) | Out-Null}
$tempcontent.Append("`t") | Out-Null
if($netstat.local){$tempcontent.Append($netstat.local.ToString()) | Out-Null}
$tempcontent.Append("`t") | Out-Null
if($netstat.foreign){$tempcontent.Append($netstat.foreign.ToString()) | Out-Null}
$tempcontent.Append("`n") | Out-Null
}
# Write to file
Set-Content -path $logfile $tempcontent.ToString()
}
You can test the script with this block of code
"" | set-content "c:\tcpconnections.txt"
collect_netstat
get-content "c:\tcpconnections.txt"