Then, select Task Manager from the context menu, as shown in Figure B. To do so, navigate to the Windows 10 desktop and right-click on the taskbar. (Get-Date).ToString() + ' ' + $Connection.To access the Details tab, you'll need to launch Task Manager. $balmsg.BalloonTipTitle = "New RDP connection from ($Connection.RemoteAddress)" $balmsg.BalloonTipText = "New RDP connection to your computer from $($Connection.RemoteAddress)" $balmsg.Icon = ::ExtractAssociatedIcon($path) If (($Connection.RemoteAddress -eq $SourceIP) -and ($Connection.LocalPort -eq $TargetPort))Īdd-Type -AssemblyName $EstablishedConnections = Get-NetTCPConnection -State Established If the connection appears, the script will display a pop-up notification and logs the date and time of the connection to a text file: In the following example, a PowerShell script checks if a connection from the specified IP address appears on the default RDP port 3389. For example, you can create a simple PowerShell script to track if the connection is established from the specific IP address to the specified local port and display a pop-up notification to the administrator. You can use the Get-NetTCPConnection cmdlet in various scenarious. If ($Connection.ProcessName -like $TrackProcessName) Path}}, OffloadState,CreationTimeįoreach ($Connection in $EstablishedConnections) $EstablishedConnections = Get-NetTCPConnection -State Established |Select-Object -Property LocalAddress, $_.RemoteAddress).NameHost}},RemoteAddress, RemotePort, -Id $_.OwningProcess). To do it, you can use the following PowerShell script:
You can view only network connections initiated by the specific process. Get-WmiObject Win32_Service | Where-Object -Property ProcessId -In (Get-NetTCPConnection).OwningProcess | Where-Object -Property State -eq Running | Format-Table ProcessId, Name, Caption, StartMode, State, Status, PathName
By the name of a parent process PID, you can display the list of related Windows services that are using the network:
0 kommentar(er)
