PowerShell diagnostic scripts

A collection of PowerShell scripts used

List IIS server HTTP bindings

The following scripts use the WebAdministration Powershell module which is installed as part of the IIS installation. source

1
2
3
4
5
6
7
Get-WebBinding | % {
$name = $_.ItemXPath -replace '(?:.*?)name=''([^'']*)(?:.*)', '$1'
New-Object psobject -Property @{
Name = $name
Binding = $_.bindinginformation.Split(":")[-1]
}
} | Group-Object -Property Name | Format-Table Name, @{n="Bindings";e={$_.Group.Binding -join "`n"}} -Wrap

List process and ports used

The below function lists all the processes and the port it uses source.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
function Get-NetworkStatistics 
{
$properties = ‘Protocol’,’LocalAddress’,’LocalPort’
$properties += ‘RemoteAddress’,’RemotePort’,’State’,’ProcessName’,’PID’
netstat -ano | Select-String -Pattern ‘\s+(TCP|UDP)’ | ForEach-Object {
$item = $_.line.split(” “,[System.StringSplitOptions]::RemoveEmptyEntries)
if($item[1] -notmatch ‘^\[::’)
{
if (($la = $item[1] -as [ipaddress]).AddressFamily -eqInterNetworkV6’)
{
$localAddress = $la.IPAddressToString
$localPort = $item[1].split(‘\]:’)[-1]
}
else
{
$localAddress = $item[1].split(‘:’)[0]
$localPort = $item[1].split(‘:’)[-1]
}
if (($ra = $item[2] -as [ipaddress]).AddressFamily -eq ‘InterNetworkV6’)
{
$remoteAddress = $ra.IPAddressToString
$remotePort = $item[2].split(‘\]:’)[-1]
}
else
{
$remoteAddress = $item[2].split(‘:’)[0]
$remotePort = $item[2].split(‘:’)[-1]
}
New-Object PSObject -Property @{
PID = $item[-1]
ProcessName = (Get-Process -Id $item[-1] -ErrorAction SilentlyContinue).Name
Protocol = $item[0]
LocalAddress = $localAddress
LocalPort = $localPort
RemoteAddress =$remoteAddress
RemotePort = $remotePort
State = if($item[0] -eq ‘tcp’) {$item[3]} else {$null}
} | Select-Object -Property $properties
}
}
}
Get-NetworkStatistics | Format-Table