Resolve all Remote Hosts that you are Connected

Resolve remote host names

I was looking into an certificate issue a client was having with their web proxy and in testing I thought it might be helpful to resolve the DNS names for all the open connections on ports 80 and 443.

A quick netstat -anop tcp shows too many connections to bother doing manually and scraping the output with PowerShell would be possible, but isn’t my first choice.

Thankfully Get-NetTCPConnections will show very similar details to the netstat above, so I started there.

Lets start by getting all the connections that are using TLS: $443 = Get-NetTCPConnection | where remotePort -eq 443 Then we pass $443 to Resolve-DNS like so: foreach ($socket in $443){Resolve-DnsName -name $socket.remoteaddress} This will use reverse DNS look up to resolve the names and will display them neatly.

To do this with HTTP, simply change all occurrences of 443, above, with 80.

This wasn’t as helpful as I was hoping, since all the entries resolved to AWS, but it was something I thought I might end up using again…

comments powered by Disqus