🌠 PowerShell
Get-NetTCPConnection: Check your Network Connection
date
Jun 19, 2023
slug
check-your-network-connection
author
status
Public
tags
PowerShell
Network
summary
type
Post
thumbnail
category
🌠 PowerShell
updatedAt
Jun 21, 2023 03:53 AM
📜 Table of Contents
📖 Check your Network Connection
✅ netstat
The output from the
netstat command provides information about the network connections on your system. The -ano option displays a list of all network connections and listening ports on a machine, along with the associated process ID. Here's a simplified example of what the output might look like:Proto Local Address Foreign Address State PID TCP 0.0.0.0:80 0.0.0.0:0 LISTENING 1234 TCP 127.0.0.1:5000 0.0.0.0:0 LISTENING 5678 TCP 192.168.1.100:52222 192.168.1.101:80 ESTABLISHED 9012
When combined in the format
IP address:port number, it gives you specific information about where a particular network activity is happening. Let's break down what these columns mean:
- Proto: This is the protocol in use, such as TCP or UDP.
- Local Address: This is the IP address and port number of the local end of the connection. For listening ports, it's the IP address and port where the service is waiting for incoming connections.
- Foreign Address: This is the IP address and port number of the remote end of the connection. For listening ports, this is usually
0.0.0.0:0because there's no remote connection yet.
- State: This is the current state of the connection. For example, "LISTENING" means that the application is waiting for incoming connections. "ESTABLISHED" means that there is a live connection.
- PID: This is the Process ID associated with the connection or listening port.
In the example output:
- The first line shows a service listening on
0.0.0.0on port80. This means the service is accepting connections from any network interface on port80. The0.0.0.0in the "Foreign Address" column means it's ready to accept connections from any IP. The service is associated with process ID1234.
- The second line shows a service listening on
localhost(i.e.,127.0.0.1) on port5000. When you see an address like127.0.0.1:5000, it refers to the device you're currently using and represents a network endpoint where127.0.0.1is the IP address and5000is the port number. This service is only accepting connections from the same machine on port5000. The service is associated with process ID5678.
- The third line shows an established connection between the local machine (
192.168.1.100) on port52222and a remote machine (192.168.1.101) on port80. This connection is associated with process ID9012.
This could represent either a service running on your machine listening for incoming connections or an established connection between a service on your machine and another service, possibly on a different machine.
✅ Get-NetTCPConnection
The
Get-NetTCPConnection cmdlet in PowerShell can provide similar information as the netstat command in a traditional command-line interface.Get-NetTCPConnection | Where-Object { $_.State -eq 'Listen' } | Format-Table -AutoSize
LocalAddress LocalPort RemoteAddress RemotePort State OwningProcess ------------ --------- ------------- ---------- ----- ------------- 0.0.0.0 80 0.0.0.0 0 Listen 1234 127.0.0.1 5000 0.0.0.0 0 Listen 5678 192.168.1.100 52222 192.168.1.101 80 Established 9012
This output is very similar to what you would get from
netstat -ano, with some differences in terminology:- LocalAddress and LocalPort: These correspond to the local IP address and port number from
netstat.
- RemoteAddress and RemotePort: These correspond to the foreign IP address and port number from
netstat.
- State: This is equivalent to the
Statecolumn innetstat. It shows the state of the TCP connection, such asListenfor listening connections andEstablishedfor established connections.
- OwningProcess: This is equivalent to the
PID(Process ID) column innetstat. It shows the process ID of the process that owns the connection.
In the example output:
- The first line shows a service listening on
0.0.0.0on port80. This means the service is accepting connections from any network interface on port80. The0.0.0.0in the "RemoteAddress" column means it's ready to accept connections from any IP. The service is associated with process ID1234.
- The second line shows a service listening on
localhost(i.e.,127.0.0.1) on port5000. This service is only accepting connections from the same machine on port5000. The service is associated with process ID5678.
- The third line shows an established connection between the local machine (
192.168.1.100) on port52222and a remote machine (192.168.1.101) on port80. This connection is associated with process ID9012.
📝 Summary
This post explains how to check your network connection using PowerShell. The
netstat command provides information about network connections on your system, while the Get-NetTCPConnection cmdlet in PowerShell can provide similar information. The output includes the protocol in use, local and foreign IP addresses and port numbers, the state of the connection, and the process ID associated with the connection or listening port.🐣 Pros
- Provides valuable information about network connections on your system.
- Helps you identify which services are listening for incoming connections.
- Allows you to see which connections are established between services.
- Can help diagnose network-related issues.
- The output is easily readable and provides useful information for network administrators.
🐷 Cons
- May require some technical knowledge to interpret the output.
- The output may contain a lot of information that is not relevant to the issue at hand.
- In some cases, the output may be difficult to read or understand.
- The commands may not be available on all systems or may require elevated privileges to run.
- The output may not provide enough information to fully diagnose complex network issues.