Get foreign address name using NETSTAT for established active TCP connections

Question

I\'m using NETSTAT command in PowerShell. I need to grab the list of foreign addresses which starts with XYZ name and are ESTABLISHED as state using TCP connections.

<

Answer 1

Running netstat /? yields, among other things:

-f Displays Fully Qualified Domain Names (FQDN) for foreign addresses.

Parse, using New-PSObjectFromMatches:

netstat -f |
 new-psobjectfrommatches -pattern "(TCP|UDP)\s+(\S+)\s+(\S+):(\S+)\s+(\S+)" -property $nul,TCP/UDP,LocalAddress,ForeignAddress,Protocol,State |
 where {(
         ($_.TCP/UDP -eq 'TCP') -and
         ($_.State -eq 'ESTABLISHED') -and
         ($_.ForeignAddress -like 'XYZ*')
        )} | select -ExpandProperty ForeignAddress