Untitled
unknown
plain_text
a year ago
940 B
19
Indexable
Windows Network Connection Analysis
# ================================================================
# 1. Get all TCP Connections with detailed information
Get-NetTCPConnection | Select-Object CreationTime,LocalAddress,LocalPort,RemoteAddress,RemotePort,State,OwningProcess | Format-Table -AutoSize
# 2. Get process information for suspicious connections
Get-Process | Where-Object {$_.Id -in (Get-NetTCPConnection).OwningProcess} | Select-Object Id,ProcessName,Path
# 3. Check listening ports
netstat -nao | findstr "LISTENING"
# 4. Active connections with process names
netstat -nabf
# 5. Look for established connections
netstat -n | findstr "ESTABLISHED"
# Additional investigation commands:
# Check running services
Get-Service | Where-Object {$_.Status -eq "Running"} | Format-Table -AutoSize
# Event Log analysis for remote access
Get-WinEvent -FilterHashtable @{
LogName='Security'
ID=4624,4625,4648
} -MaxEvents 50Editor is loading...
Leave a Comment