stackoom
  简体   繁体   中英

log all inbound connections powershell

 原文  2018-08-17 02:13:58       c#/ .net/ powershell/ ports/ inbound

Question

I need to enable the firewall in all the company machines and there isnt anydocumentation about used ports so I am planning to use a PowerShell script to log all inbound connections in order to create the required exceptions.

how can I monitor using PowerShell or C# all inbound connections created to my machines? because y has found that there is a Cmdlet that list all the connection to the machine, but I haven't found a way to select just the inbound connections

there is a way to achieve this?

2 answers

solution1
 0  2018-08-17 02:47:19

Why are you not just using the FW software for this?

As for …

because y has found that there is a Cmdlet that list all the connection to the machine, but I haven't found a way to select just the inbound connections

You've just stated that you can get all connections, those connection lines should show the FW rule triggered and from your FW software, you already know what rules are ingress / egress.

Filter the on the inbound rules listed to get your dataset. 

# Get the configured FW ingress rules
$FirewallInboundRules = Get-NetFirewallRule | Where { $_.Enabled –eq ‘True’ –and $_.Direction –eq ‘Inbound’ }

Then match that up to your all connections dataset.

But all this sounds like you are trying create your own IDS using PS. I would say that is an over engineering effort, since off the shelf tools provide this already.

solution2
 0  2018-08-18 19:14:41

Thanks @postanote I have solved the problem with the tips you gave me, windows firewall can be enable and the logs can be redirected to a fileshare to analysis what are the inbound ports are being used by the company machines.

I am using a similar script to enable the firewall and forward all the log to a list of machines that will be part of the testing group. 

 $machines = Get-Content -Path '.\Desktop\servers.txt'
 foreach ($machine in $machines)
 {
     Invoke-Command -ComputerName machine -ScriptBlock {Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled True;Set-NetFirewallProfile -Profile Domain,Public,Private -LogFileName "\\localhost\C$\Block-$env:COMPUTERNAME.txt" -LogMaxSizeKilobytes 444 -LogAllowed False -LogBlocked True}
 }

In my case this does not solve the issue because this just shows me the open inbound ports but does not show the used inbound ports 

$FirewallInboundRules = Get-NetFirewallRule | Where { $_.Enabled –eq ‘True’ –and $_.Direction –eq ‘Inbound’ }

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to control number of inbound connections on webHttpBinding service? WebView2 log http traffic (inbound and outbound) C# Log Socket Connections Enumerate all open connections All connections in pool are in use How to close all connections to internet? Close all underlying network connections How to block all connections from Europe on a TCPListener Remove all pending connections from the listener Queue Spring.net Drop all adotemplate connections?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM