监控网络对应进程

  • A+
所属分类:安全博客
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
Get-Date -Format "MM/dd/yyyy HH:mm"
write-host '如需结束: 请按 Ctrl+C'
write-host '日志文件:NetTCPConnection.csv'
write-host '正在捕获网络连接中...'
Remove-Item NetTCPConnection.txt -ErrorAction 0


function netinfo {
$Processes = @{}
$logfile='NetTCPConnection.csv'
Get-Process -IncludeUserName | ForEach-Object {
$Processes[$_.Id] = $_
}

$r=Get-NetTCPConnection -RemotePort 135,445,139 -ErrorAction 0 |
Select-Object State, RemoteAddress,
RemotePort,
@{Name="Time"; Expression={ Get-Date -Format "MM/dd/yyyy HH:mm" }},
@{Name="PID"; Expression={ $_.OwningProcess }},
@{Name="ProcessName"; Expression={ $Processes[[int]$_.OwningProcess].ProcessName }},
@{Name="UserName"; Expression={ $Processes[[int]$_.OwningProcess].UserName }},
@{Name="EXEC_PATH"; Expression={ $Processes[[int]$_.OwningProcess].Path }}


if($r){

# write-host '------------------------------------------------------------'|Out-File $logfile -Append |Out-Null
write-host '获取到数据.'
#Get-Date -Format "获取信息时间: MM/dd/yyyy HH:mm" | Out-File $logfile -Append |Out-Null
#$r| Out-File $logfile -Append |Out-Null
$r|export-csv -Path $logfile -Append -NoTypeInformation|Out-Null
#write-host '------------------------------------------------------------'|Out-File $logfile -Append |Out-Null

}
}

while(1){
netinfo
sleep 5
}

Source:wolvez.club | Author:wolvez

相关推荐: ISC2017极客嘉年华 —— OpenCTF 2017 WriteUp

OpenCTF 2017是ISC2017现场展位活动“极客密室第一关” 难度为入门级别,较简单,有几道是XMAN 2017夏令营选拔赛和其它CTF赛事原题 zip (Misc100) Hint:Ziperello,纯数字 可以用 ARCHPR 或者 Ziper…

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: