Hi all,
I’m new with powershell and would like to understand something,
i would like to make myself a script that will add 1 member to Get-nettcpconnection pipe named FullProcessName and that will take the value of the process name when get-process id equals to get-nettcpconnection OwningProcess,
with what i’ve managed to do i do create new member but it’s empty
i guess the mistake is somewhere over the “where {$bb.Id -eq “$aa.Owningprocess”}”
can some one explain ? is that because of INT\String issue ?
Thanks
$aa = Get-NetTCPConnection | where State -eq “established”
$bb = Get-NetTCPConnection | where State -eq “established” | Select @{n=‘Id’;e={$_.OwningProcess}} | Get-Process
$fullobj = foreach ($a in $aa)
{
Add-Member -MemberType NoteProperty -Name FullProcessName -Value ( where {$bb.Id -eq “$aa.Owningprocess”}
) -InputObject $a -PassThru }
$fullobj | ft FullProcessName,LocalPort,State
It seems highly redundant to want the state since you are filtering on state -eq ‘established’. Take a look at this and see if it does what you want.
$results = Get-NetTCPConnection | where State -eq "established" | foreach {
[PSCustomObject]@{
ProcessName = (Get-Process -Id $PSItem.OwningProcess).ProcessName
LocalPort = $PSItem.LocalPort
State = $PSItem.State
}
}
# Sample outputs - pick one or more, your choice
$results
$results | Format-Table -AutoSize
$results | Out-GridView
$results | Export-Csv -Path .\foo.csv -NoTypeInformation -Encoding ASCII
$results | Out-File -FilePath .\foo.txt -Encoding ASCII
$results | Export-Clixml -Path .\foo.xml -Encoding ASCII
Hi Tomer,
As far as I can see OwningProcess is not a property of Get-NetTCPConnection
You can check this like so
$aa = Get-NetTCPConnection | where State -eq "established"
$aa | Get-Member
I might be missing something but that cmdlet looks more like a variation on Netstat (which doesn’t give the process name) than TCPView or TCPVCon which does.
regards,
Michael
If you wanted to preserve the process object for further downstream processing, you could do something like this …
$processes = Get-NetTCPConnection | where State -eq "established"
$results = foreach ($process in $processes) {
$processName = (Get-Process -Id $process.OwningProcess).ProcessName
$process | Add-Member -NotePropertyName ProcessName -NotePropertyValue $processName -PassThru
}
$results | select LocalPort, ProcessName</pre
I once made a little piece of code for this same type of question:
Get-NetTCPConnection | Where-Object -Property State -EQ -Value 'Established' | ForEach-Object -Process {
[PSCustomObject] @{
'ProcessName' = (Get-Process -Id $_.OwningProcess).Name
'ProcessId' = (Get-Process -Id $_.OwningProcess).Id
'RemoteIP' = $_.RemoteAddress
'LocalPort' = $_.LocalPort
'State' = $_.State
}
} | Format-Table -AutoSize
You can also put this into a function of course:
#requires -Version 3 -Modules NetTCPIP
function Get-NetTCPConnectionProcessName
{
[CmdletBinding()]
Param (
[Parameter(Mandatory = $false,Position = 0)]
$Value = 'Established'
)
Get-NetTCPConnection |
Where-Object -Property State -EQ -Value $Value | ForEach-Object -Process {
[PSCustomObject] @{
'ProcessName' = (Get-Process -Id $_.OwningProcess).Name
'ProcessId' = (Get-Process -Id $_.OwningProcess).Id
'RemoteIP' = $_.RemoteAddress
'LocalPort' = $_.LocalPort
'State' = $_.State
}
}
}
Then you can do stuff like this:
Get-NetTCPConnectionProcessName | Format-Table -Autosize
Or:
Get-NetTCPConnectionProcessName | Export-Csv -Path C:\Temp\stats.csv -NoTypeInformation
@Michael: The property OwningProcess is new to Windows 10 / Server 2016.
Thanks Richard,
I thought I was going mad.
I’m running WMF 5.0 on (2012 R2/Windows 7)
Michael