Differences

This shows you the differences between two versions of the page.

--- powershell [2022/11/10 18:34] – [ActiveDirectory Commandlets] baumi
+++ powershell [2022/11/20 10:19] (current) – [Convert to PCAP] baumi
@@ Line 5: / Line 5: @@
 <code powershell>
 Get-EventLog System -Newest 10000 | `
-        Where EventId -in 41,1074,1076,6005,6006,6008,6009,6013 | `
+        Where EventId -In 41,1074,1076,6005,6006,6008,6009,6013 | `
-        Format-Table TimeGenerated,EventId,UserName,Message -AutoSize -wrap
+        Format-Table TimeGenerated,EventId,UserName,Message -AutoSize -Wrap
 </code>
@@ Line 16: / Line 16: @@
 </code>
+===== Simple TCP Portscan =====
+<code powershell>
+$target = "portquiz.net"
+$firstport = 1
+$lastport = 65535
+for($port=$firstport; $port -le $lastport; $port++) {
+  Test-NetConnection -ComputerName $target -Port $port
+}
+</code>
+===== Packet Capture =====
+==== Capture ====
+<code powershell>
+$duration=90
+$env:HostIP = (
+    Get-NetIPConfiguration |
+    Where-Object {
+        $_.IPv4DefaultGateway -ne $null -and
+        $_.NetAdapter.Status -ne "Disconnected"
+    }
+).IPv4Address.IPAddress
+netsh trace start capture=yes IPv4.Address=$env:HostIP tracefile=c:\temp\capture.etl
+Start-Sleep $duration
+netsh trace stop
+</code>
+==== Convert to PCAP ====
+https://github.com/microsoft/etl2pcapng/releases
+<code powershell>
+Invoke-Webrequest -O etl2pcapng.exe https://github.com/microsoft/etl2pcapng/releases/download/v1.9.0/etl2pcapng.exe
+./etl2pcapng.exe c:\temp\capture.etl c:\temp\capture.pcap
+</code>
 ===== Useful Commandlets =====
 <code powershell>
@@ Line 27: / Line 58: @@
 <code powershell>
 $file="C:\Temp\GroupCount.csv"
-Get-ADGroup -Filter * -Properties Member | Select-Object Name,@{n="MemberCount";e={$_.Member.Count}} | Export-Csv -Path $file -Delimiter '|'
+Get-ADGroup -Filter * -Properties Member `
+  | Select-Object Name,@{n="MemberCount";e={$_.Member.Count}} `
+  | Export-Csv -Path $file -Delimiter '|'
 </code>