Script to Log TCP Connections by Powershell

 

Logging TCP connection is useful for troubleshooting or for auditing purpose. You can use TCPView to view the real-time the incoming and outgoing TCP connections between servers and clients. To save the log into file, you need to use TCPLogView. But, the limitation is the duration of TCP capture, or based on log file size without actually doing the custom scripting. Windows has a built-in netstat command which can capture the TCP/UDP connection. So, with the help of powershell, I loop the execution of netstat command & capture the new TCP connection based on previous connections. With this script, you can capture new TCP connections to a specific time or until the log file size is reached to avoid the disk space consumption.On my testing machine, I run the below command and it will capture the incoming/outgoing TCP connections for 90 minutes (See Fig-1).
.\Get-TcpLog.ps1 -min 1 -sec 30 -CsvFile | ft

 
Fig-1: Logging TCP Connections for 90 seconds

I use the portable version of Packet Sender to make the fake TCP connections to 10.170.0.101, software can be downloaded from here. See Fig-2.

Fig-2: Packet Sender Free Tool

You can download my script from github.

7 thoughts on “Script to Log TCP Connections by Powershell”

  1. Great script – thanks so much for sharing it. Is it possible to modify the script to just capture local port 443 for example? Also to just capture public remote IP addresses? We are using your script to identify remote IPs that are connecting to our Exchange servers and attempting brute force logins using internal email addresses. The CSV file that is created has to be heavily edited to get down to the specific information we are looking for.

    Thanks again,
    Paul

Leave a Reply

Your email address will not be published. Required fields are marked *