code, coding, computer-1839406.jpg

Use powershell Commands for Networking

In previous post we discussed useful Powershell commands for network tasks, let us continue with few more commands for networking tasks in Windows system.

In this post, we will discuss few PowerShell commands that will be useful for network activity, including monitoring and querying information related to network connections, IP Addresses, and port status.

Commands To Monitor TCP Connections

The Get-NetTCPConnection command is used to monitor active network connections on Windows machine. This command can be used to display information such as the local address, local ports, remote address and remote ports and their state. For example, to display the Established state, you can simply run the following command with filters:

Get-NetTCPConnection -State Established,Listen | Sort-Object LocalPort
Command with filter shows Established and Listening state by sorting on local port.

Command with filter displays Established and Listening state by sorting on local port.

We can also run the command to display network connections in interactive table(Out-Gridview)

Get-NetTCPConnection | Out-GridView

Commands To Scan and Test Network Connections

The Test-NetConnection or TNC command is used to check open/closed ports on remote addresses. This command can be used to perform port scan. For example, we can scan interested ports on range of IP Addresses within network segment, you can simply run the following commands:

@(22,80,135) | %{ $p=$_; 1..254 |%{ Test-NetConnection 192.168.8.$_ -Port $p -wa SilentlyContinue } } | select RemoteAddress,RemotePort,tcpTestSucceeded
Shows scanning interested ports result.

To scan range of ports on remote IP Address or host

1..65535|% { Test-NetConnection -Port $_ example.com -WA SilentlyContinue | Format-Table -Property ComputerName,RemoteAddress,RemotePort,TcpTestSucceeded }
1..65535|% { Test-NetConnection -Port $_ 192.168.8.1 -WA SilentlyContinue | Format-Table -Property ComputerName,RemoteAddress,RemotePort,TcpTestSucceeded }

Caution! Port scanning tasks in workplace should be performed only upon authorization and on need basis. Detection tools in the network will trigger suspicious/malicious activity from origination Windows system.

Commands To Test Common TCP Ports

TNC -computername 192.168.8.1 -CommonTCPPort http
Test result shows http port is open on remote address.
TNC -computername 192.168.8.1 -CommonTCPPort RDP

If the tested ports is open on remote address then TcpTestSucceeded will be True, else will be False for closed.

Press TAB after -CommonTCPort to complete common ports such as SMB, RDP and so on

Conclusion

In conclusion, PowerShell provides a powerful set of commands to increase productivity in Windows operating system. These are handy commands used without require installing additional tools to scan and monitor network connections, scan and test network port(s) range or interested ports on single Host, IP Address or on desired segment range.

Further reading on Powershell commands for networking tasks can be found on Microsoft documentation link here.

Thank you for reading!