监控网络对应进程

admin
admin
admin
100792
文章
86
评论
2022年5月17日03:53:12评论42 views字数 1254阅读4分10秒阅读模式
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
 
Get-Date -Format "MM/dd/yyyy HH:mm"
write-host '如需结束: 请按 Ctrl+C'
write-host '日志文件:NetTCPConnection.csv'
write-host '正在捕获网络连接中...'
Remove-Item NetTCPConnection.txt -ErrorAction 0
 
 
function netinfo {
$Processes = @{}
$logfile='NetTCPConnection.csv'
Get-Process -IncludeUserName | ForEach-Object {
    $Processes[$_.Id] = $_
}
 
$r=Get-NetTCPConnection -RemotePort 135,445,139 -ErrorAction 0 |
    Select-Object State, RemoteAddress,
        RemotePort,
        @{Name="Time";         Expression={ Get-Date -Format "MM/dd/yyyy HH:mm" }},
        @{Name="PID";         Expression={ $_.OwningProcess }},
        @{Name="ProcessName"; Expression={ $Processes[[int]$_.OwningProcess].ProcessName }},
        @{Name="UserName";    Expression={ $Processes[[int]$_.OwningProcess].UserName }},
        @{Name="EXEC_PATH";    Expression={ $Processes[[int]$_.OwningProcess].Path }}
 
   
    if($r){
     
   # write-host '------------------------------------------------------------'|Out-File $logfile -Append |Out-Null
    write-host '获取到数据.'
    #Get-Date -Format "获取信息时间: MM/dd/yyyy HH:mm" | Out-File $logfile -Append |Out-Null
    #$r| Out-File $logfile -Append |Out-Null
    $r|export-csv -Path $logfile -Append -NoTypeInformation|Out-Null
    #write-host '------------------------------------------------------------'|Out-File $logfile -Append |Out-Null
 
    }
}
 
while(1){
netinfo
sleep 5
}

FROM :WOLVEZ'S BLOG| Author:wolve

  • 左青龙
  • 微信扫一扫
  • weinxin
  • 右白虎
  • 微信扫一扫
  • weinxin
admin
  • 本文由 发表于 2022年5月17日03:53:12
  • 转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出):
                   监控网络对应进程https://cn-sec.com/archives/1012624.html

发表评论

匿名网友 填写信息