Untitled
unknown
plain_text
6 months ago
940 B
8
Indexable
Windows Network Connection Analysis # ================================================================ # 1. Get all TCP Connections with detailed information Get-NetTCPConnection | Select-Object CreationTime,LocalAddress,LocalPort,RemoteAddress,RemotePort,State,OwningProcess | Format-Table -AutoSize # 2. Get process information for suspicious connections Get-Process | Where-Object {$_.Id -in (Get-NetTCPConnection).OwningProcess} | Select-Object Id,ProcessName,Path # 3. Check listening ports netstat -nao | findstr "LISTENING" # 4. Active connections with process names netstat -nabf # 5. Look for established connections netstat -n | findstr "ESTABLISHED" # Additional investigation commands: # Check running services Get-Service | Where-Object {$_.Status -eq "Running"} | Format-Table -AutoSize # Event Log analysis for remote access Get-WinEvent -FilterHashtable @{ LogName='Security' ID=4624,4625,4648 } -MaxEvents 50
Editor is loading...
Leave a Comment