Logging TCP connection is useful for troubleshooting or for auditing purpose. You can use TCPView to view the real-time the incoming and outgoing TCP connections between servers and clients. To save the log into file, you need to use TCPLogView. But, the limitation is the duration of TCP capture, or based on log file size without actually doing the custom scripting. Windows has a built-in netstat command which can capture the TCP/UDP connection. So, with the help of powershell, I loop the execution of netstat command & capture the new TCP connection based on previous connections. With this script, you can capture new TCP connections to a specific time or until the log file size is reached to avoid the disk space consumption.On my testing machine, I run the below command and it will capture the incoming/outgoing TCP connections for 90 minutes (See Fig-1).
.\Get-TcpLog.ps1 -min 1 -sec 30 -CsvFile | ft
I use the portable version of Packet Sender to make the fake TCP connections to 10.170.0.101, software can be downloaded from here. See Fig-2.
You can download my script from github.
Great script – thanks so much for sharing it. Is it possible to modify the script to just capture local port 443 for example? Also to just capture public remote IP addresses? We are using your script to identify remote IPs that are connecting to our Exchange servers and attempting brute force logins using internal email addresses. The CSV file that is created has to be heavily edited to get down to the specific information we are looking for.
Thanks again,
Paul
Of course its possible, learn powershell 🙂
AWESOME script thank you!
thanks douchebag
Excellent article. Very interesting to read. I really love to read such a nice article.
AWESOME script thank you!
Thanks A Lots! GB PTL
Unfortunatly I cannot see the link to download the script! 🙁
Thanks for highlight, I have re-attached the script. Cheers !