Fortytwo - Answer to the Ultimate Question of Life, the Universe, and Everything

User Tools

Site Tools

Trace: how-to-view-and-_dows-server-2003 github-api powershell default-workgroup-for-smbclient add-socks5-proxy-to-sshconfig splunk-queries
powershell

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
powershell [2022/11/10 18:37] baumipowershell [2022/11/20 10:19] (current) – [Convert to PCAP] baumi
Line 16: Line 16:
 </code> </code>
  
 +===== Simple TCP Portscan =====
 +<code powershell>
 +$target = "portquiz.net"
 +$firstport = 1
 +$lastport = 65535
 +for($port=$firstport; $port -le $lastport; $port++) {
 +  Test-NetConnection -ComputerName $target -Port $port
 +}
 +</code>
 +===== Packet Capture =====
 +==== Capture ====
 +<code powershell>
 +$duration=90
 +$env:HostIP = (
 +    Get-NetIPConfiguration |
 +    Where-Object {
 +        $_.IPv4DefaultGateway -ne $null -and
 +        $_.NetAdapter.Status -ne "Disconnected"
 +    }
 +).IPv4Address.IPAddress
 +
 +netsh trace start capture=yes IPv4.Address=$env:HostIP tracefile=c:\temp\capture.etl
 +Start-Sleep $duration
 +netsh trace stop
 +</code>
 +==== Convert to PCAP ====
 +https://github.com/microsoft/etl2pcapng/releases
 +<code powershell>
 +Invoke-Webrequest -O etl2pcapng.exe https://github.com/microsoft/etl2pcapng/releases/download/v1.9.0/etl2pcapng.exe
 +./etl2pcapng.exe c:\temp\capture.etl c:\temp\capture.pcap
 +</code>
 ===== Useful Commandlets ===== ===== Useful Commandlets =====
 <code powershell> <code powershell>
powershell.1668101869.txt.gz · Last modified: 2022/11/10 18:37 by baumi
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki