read in IP addresses from file and export DNS name | powershell

i have ran netstat -ano on a server and i now need to know what the A record for each IP is.

Is this possible using powershell
cmatchettAsked:
Who is Participating?
 
Guy LidbetterCommented:
For a TXT doc

get-content ips.txt | foreach-object { [System.Net.dns]::GetHostbyAddress($_.Trim()) }

Open in new window


For a CSV

import-csv IPS.csv | foreach-object { [System.Net.dns]::GetHostbyAddress($_.ColumnName.Trim()) }

Open in new window

0
 
cmatchettAuthor Commented:
how do you export that to a csv or text file?
0
 
Guy LidbetterCommented:
Add either

For a CSV
| Export-CSV Filename.csv -NoTypeInformation

Open in new window



For a TXT
| Out-File filname.txt

Open in new window


 BEFORE the closing "}"


Regards

Guy
0
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

 
Dan McFaddenSystems EngineerCommented:
If you pipe the output of the netstat command to a text file, then the following script will read the contents of the file and return the DNS A records

1.  from command prompt run:  netstat -ano > netstat-ano.txt
1a. make sure the netstat-ano.txt file is in the same directory as the PowerShell script.
2.  update the script in the following place:
2a.  line 1: replace <YourServerTcpIpAddress> with the real IP address of the server you ran the netstat on
3. from a PowerShell prompt, navigate to the directory where the script and text file is
4. run PS script

The script will read the text file, look for entries that have the server's IP, save the remote address into an array, sort and dedup the array, then run a lookup on the addresses remaining in the list.

$serverip = "<YourServerTcpIpAddress>"
$file = Get-Content netstat-ano.txt
$arrTemp = @()
$arrDeduppedList = @()

foreach ($line in $file)
{
    if ($line.Contains($serverip))
    {
        $output = (($line -split ("  "))[4] -split (":"))[0]
        $arrTemp += $output.Trim()
    }
}
$arrDeduppedList = $arrTemp | sort | get-unique

foreach ($thing in $arrDeduppedList)
{
    [System.Net.dns]::GetHostbyAddress($thing)
}

Open in new window


This way, you can just use the raw output from netstat... no need to reformat or rework the contents of the text file.

Dan
0
 
Guy LidbetterCommented:
Why don't you just get rid of the file create\import and stick it in a variable

$File = Netstat -ano

Open in new window


Instead of

$file = Get-Content netstat-ano.txt

Open in new window

0
 
Dan McFaddenSystems EngineerCommented:
Thanks Guy!  For some reason I thought it wasn't that easy, was playing with start-process.  But hey!  Learned something new today.

Updated script:

$serverip = "<YourServerTcpIpAddress>"
$arrTemp = @()
$arrDeduppedList = @()

$file = netstat -ano
foreach ($line in $file)
{
    if ($line.Contains($serverip))
    {
        $output = (($line -split ("  "))[4] -split (":"))[0]
        $arrTemp += $output.Trim()
    }
}
$arrDeduppedList = $arrTemp | sort | get-unique

foreach ($thing in $arrDeduppedList)
{
    [System.Net.dns]::GetHostbyAddress($thing)
}

Open in new window


Dan
0
 
Dan McFaddenSystems EngineerCommented:
One more update.  I wanted to remove as much manual editing as possible.  This will work for devices with a single IP.  I haven't tested it on a device with multiple addresses.

Removed the need to edit the script with the IP address of interest.  This line:

$serverip = "<YourServerTcpIpAddress>"

Open in new window


- is replaced by this -

$servername = $env:computername + "." + $env:userdnsdomain
$serverip = [System.Net.Dns]::GetHostbyName($servername).AddressList.IPAddressToString

Open in new window


Edit is no longer necessary.  Just run the script on the computer/server you are interested in.

Full script:
$arrTemp = @()
$arrDeduppedList = @()

$servername = $env:computername + "." + $env:userdnsdomain
$serverip = [System.Net.Dns]::GetHostbyName($servername).AddressList.IPAddressToString

$file = netstat -ano
foreach ($line in $file)
{
    if ($line.Contains($serverip))
    {
        $output = (($line -split ("  "))[4] -split (":"))[0]
        $arrTemp += $output.Trim()
    }
}
$arrDeduppedList = $arrTemp | sort | get-unique

foreach ($thing in $arrDeduppedList)
{
    [System.Net.Dns]::GetHostbyAddress($thing)
}

Open in new window


Dan
0
 
Guy LidbetterCommented:
You could use this to get a list of IPv4 addresses on a server

$IPAddresses = Get-NetIPAddress | where {($_.AddressFamily -eq "IPv4") -AND ($_.IPAddress -ne "127.0.0.1")} | select IPAddress

Open in new window


And I suppose you could wrap the whole script up in ForEach IP.....
0
 
Dan McFaddenSystems EngineerCommented:
Yes, it would.  But, I believe Get-NetIPaddress is only available on Server 2012 & 2012 R2 (Win8 & 8.1).

The OP didn't specify the server OS.

Dan
0
 
footechCommented:
If you want to process all the results of netstat -ano and turn it into objects, you could use this.
http://poshcode.org/2701

It would easy enough to add [System.Net.Dns]::GetHostByAddress($someip).HostName to convert IP addresses to hostnames.  Depending on what your needs are, you may be best off with just using TCPView ( https://technet.microsoft.com/en-us/library/bb897437.aspx ), which has an option to resolve addresses.
0
 
footechCommented:
Actually, instead of the poscode link, looks like someone has already extended it to add this functionality.
https://gallery.technet.microsoft.com/scriptcenter/Get-NetworkStatistics-66057d71
0
 
Guy LidbetterCommented:
OH! Good point...

How about:

$IPAddressTable = Get-WmiObject -Class Win32_NetworkAdapterConfiguration -Filter 'IPEnabled = True'
$IPAddresses = $IPAddressTable.ipaddress | where {$_ -like "*.*"}

Foreach ($IPAddress in $IPAddresses) {  <Script here> }

Open in new window

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.