How To Have a need for an EZ Network Scanner?

[gmikkonen]

I wrote this fun little script that scans the established connections on your network, Displays the PID and the service using that connection. This will automatically update every 10 seconds and you can see your network live. Win 10

Open notepad and save the command and save it as a .bat extension.

@Echo offcd /d C:\Windows\System32:loopclsfor /f "tokens=5" %%a in ('netstat -ano ^| findstr /i "established" ^| findstr /r /c:"[ ][0-9].[0-9].[0-9].[0-9]:[0-9][ ][0-9][ ]*ESTABLISHED"') do @(echo PID: %%a & tasklist /svc /fi "pid eq %%a")timeout /t 5 /nobreak >nulgoto loop

 

[klavs]

You might want to format your code using the <code> .. </code> where you use square brackets instead of greater than and less than.

Like this

Normal markup works too.

 

[Ralston18]

@gmikkonen

Does not seem to work. Invalid Argument.

Directory of c:\Users\REDACTED\Desktop

02/28/2023 04:51 PM 274 test.bat
1 File(s) 274 bytes
0 Dir(s) 79,053,303,808 bytes free

c:\Users\REDACTED\Desktop>test.bat
offcd /d C:\Windows\System32:loopclsfor /f "tokens=5" %a in ('netstat -ano | findstr /i "established" | findstr /r /c:"[ ][0-9].[0-9].[0-9].[0-9]:[0-9][ ][0-9][ ]*ESTABLISHED"') do @(echo PID: %a
ERROR: Invalid argument/option - '/t'.
Type "TASKLIST /?" for usage.

"netstat -ano" by itself worked.

Also use the REM Command to comment your script.

Explain what each part is doing.

Very few people will blindly copy and execute script.

I did so in a test environment just as a precaution.

= = = =

@klavs

Something seems to have gotten lost in your post.

 

[MrLitschel]

@gmikkonen

Does not seem to work. Invalid Argument.

Directory of c:\Users\REDACTED\Desktop

02/28/2023 04:51 PM 274 test.bat
1 File(s) 274 bytes
0 Dir(s) 79,053,303,808 bytes free

c:\Users\REDACTED\Desktop>test.bat
offcd /d C:\Windows\System32:loopclsfor /f "tokens=5" %a in ('netstat -ano | findstr /i "established" | findstr /r /c:"[ ][0-9].[0-9].[0-9].[0-9]:[0-9][ ][0-9][ ]*ESTABLISHED"') do @(echo PID: %a
ERROR: Invalid argument/option - '/t'.
Type "TASKLIST /?" for usage.

"netstat -ano" by itself worked.

Also use the REM Command to comment your script.

Explain what each part is doing.

Very few people will blindly copy and execute script.

I did so in a test environment just as a precaution.

= = = =

@klavs

Something seems to have gotten lost in your post.

Original Post shows %%a - Your test.bat only has %a

 

[klavs]

Does not seem to work. Invalid Argument.

It's because @gmikkonen didn't format his code snippet. I formated it and modified it for you.

@echo off
@rem cd /d C:\Windows\System32
:loop
cls
for /f "tokens=5" %%a in ('netstat -ano ^| findstr /r /c:"[0-9]:[0-9].*[0-9]:[0-9].*ESTABLISHED"') do @(tasklist /svc /fi "pid eq %%a") ^| findstr /r /c:"[0-9]"
timeout /t 5 /nobreak >nul
goto loop

The OP wrote you should save it with a .bat extension; save it with a .cmd extension instead. It's not a network scanner, it just lists the established connections.

 

[Ralston18]

@klavs

Thank you.

@MrLitschel

%% - interesting. Not sure what is happening to one of the "%'s" on this end. Copy/Pasted it all.

Everything else after the first % dissapears once the error presents. Curious....

Will take another look at it all.

= = = =

FYI all,

Have you worked with or otherwise tried Powershell?

If not, I recommend doing so especially for anyone interested in IT.

 

[gmikkonen]

wont work as .CMD as its a batch extension...

@Echo off: This line turns off the display of the commands being executed in the script, making the output cleaner.cd /d C:\Windows\System32: This line changes the current directory to C:\Windows\System32, where many important Windows system files are stored.➿ This line defines a label that is used later in the script.cls: This line clears the command prompt screen before displaying the next set of information.for /f "tokens=5" %%a in ('netstat -ano ^| findstr /i "established" ^| findstr /r /c:"[ ][0-9].[0-9].[0-9].[0-9]:[0-9][ ][0-9][ ]*ESTABLISHED"') do @(echo PID: %%a & tasklist /svc /fi "pid eq %%a"): This line is a loop that runs the netstat command to find all established connections and then parses the output to extract the process ID (PID) of each process with an established connection. It then runs the tasklist command with the /svc and /fi flags to display information about the process with the matching PID. The output includes the process name, process ID, and services running under that process.timeout /t 5 /nobreak >nul: This line waits for 5 seconds before executing the next iteration of the loop. The /nobreak flag prevents the timeout from being interrupted by pressing a key. The >nul part is used to prevent the timeout message from being displayed.goto loop: This line jumps back to the :loop label, creating an infinite loop that repeats the process of finding and displaying processes with established connections every 5 seconds.

 

[klavs]

wont work as .CMD as its a batch extension...

CMD is backwards compatible with BAT. BAT is something we used in the old 16-bit days in DOS. See also:
https://stackoverflow.com/questions/148968/windows-batch-files-bat-vs-cmd

Most importantly CMD always sets the ERRORLEVEL and supports modern filenames.

You haven't formatted your code in your comment, which makes it almost impossible to read. You should view your own post and comment. I already replied to your post and advised you to use the CODE tag to format your code. Here you can see how I formated my comment:

https://imgur.com/a/mE7yxMz

View: https://imgur.com/a/mE7yxMz

 

[gmikkonen]

@echo off
cd /d C:\Windows\System32
:loop
cls
for /f "tokens=5" %%a in ('netstat -ano ^| findstr /i "established" ^| findstr /r /c:"[ ][0-9].[0-9].[0-9].[0-9]:[0-9][ ][0-9][ ]*ESTABLISHED"') do @(echo PID: %%a & tasklist /svc /fi "pid eq %%a")
timeout /t 5 /nobreak >nul
goto loop

 

[klavs]

Nice. Thank you for sharing your script and helping users learn how to write batch scripts.

• There is no need to change the current working directory to C:\Windows\System32, as it is already in the PATH environment variable.
• There is no need to add a @ in front of the "tasklist" command, because "echo" has already been turned off.
• To get help for commands, write "help <name of command>" or "<name of command> /?".
• There is no need to ignore case when searching for the word "established", just specify it as upper case, because netstat always outputs it in upper case. It means you can remove this statement from your command:

^| findstr /i "established"