Fortytwo - Answer to the Ultimate Question of Life, the Universe, and Everything

User Tools

Site Tools

Trace:
powershell

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
powershell [2022/10/02 09:57] – [Ping with Timestamps] baumipowershell [2022/11/20 10:19] (current) – [Convert to PCAP] baumi
Line 5: Line 5:
 <code powershell> <code powershell>
 Get-EventLog System -Newest 10000 | ` Get-EventLog System -Newest 10000 | `
-        Where EventId -in 41,1074,1076,6005,6006,6008,6009,6013 | ` +        Where EventId -In 41,1074,1076,6005,6006,6008,6009,6013 | ` 
-        Format-Table TimeGenerated,EventId,UserName,Message -AutoSize -wrap+        Format-Table TimeGenerated,EventId,UserName,Message -AutoSize -Wrap
 </code> </code>
  
-==== Ping with Timestamps ====+===== Ping with Timestamps ====
 <code powershell> <code powershell>
 $target = "www.google.com" $target = "www.google.com"
 ping -t $target | ForEach {"{0} - {1}" -f (Get-Date),$_} ping -t $target | ForEach {"{0} - {1}" -f (Get-Date),$_}
 </code> </code>
 +
 +===== Simple TCP Portscan =====
 +<code powershell>
 +$target = "portquiz.net"
 +$firstport = 1
 +$lastport = 65535
 +for($port=$firstport; $port -le $lastport; $port++) {
 +  Test-NetConnection -ComputerName $target -Port $port
 +}
 +</code>
 +===== Packet Capture =====
 +==== Capture ====
 +<code powershell>
 +$duration=90
 +$env:HostIP = (
 +    Get-NetIPConfiguration |
 +    Where-Object {
 +        $_.IPv4DefaultGateway -ne $null -and
 +        $_.NetAdapter.Status -ne "Disconnected"
 +    }
 +).IPv4Address.IPAddress
 +
 +netsh trace start capture=yes IPv4.Address=$env:HostIP tracefile=c:\temp\capture.etl
 +Start-Sleep $duration
 +netsh trace stop
 +</code>
 +==== Convert to PCAP ====
 +https://github.com/microsoft/etl2pcapng/releases
 +<code powershell>
 +Invoke-Webrequest -O etl2pcapng.exe https://github.com/microsoft/etl2pcapng/releases/download/v1.9.0/etl2pcapng.exe
 +./etl2pcapng.exe c:\temp\capture.etl c:\temp\capture.pcap
 +</code>
 +===== Useful Commandlets =====
 +<code powershell>
 +Format-Hex $filename
 +</code>
 +
 +===== ActiveDirectory Commandlets/Scripts =====
 +
 +==== Groups / GroupMembers ====
 +
 +<code powershell>
 +$file="C:\Temp\GroupCount.csv"
 +Get-ADGroup -Filter * -Properties Member `
 +  | Select-Object Name,@{n="MemberCount";e={$_.Member.Count}} `
 +  | Export-Csv -Path $file -Delimiter '|'
 +</code>
 +
 +
 +
  
 {{tag>kb windows powershell}} {{tag>kb windows powershell}}
powershell.1664697446.txt.gz · Last modified: by baumi
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki