Link to home
Create AccountLog in
Avatar of cmatchett
cmatchettFlag for United Kingdom of Great Britain and Northern Ireland

asked on

read in IP addresses from file and export DNS name | powershell

i have ran netstat -ano on a server and i now need to know what the A record for each IP is.

Is this possible using powershell
ASKER CERTIFIED SOLUTION
Avatar of Guy Lidbetter
Guy Lidbetter
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of cmatchett

ASKER

how do you export that to a csv or text file?
Add either

For a CSV
| Export-CSV Filename.csv -NoTypeInformation

Open in new window



For a TXT
| Out-File filname.txt

Open in new window


 BEFORE the closing "}"


Regards

Guy
Avatar of Dan McFadden
If you pipe the output of the netstat command to a text file, then the following script will read the contents of the file and return the DNS A records

1.  from command prompt run:  netstat -ano > netstat-ano.txt
1a. make sure the netstat-ano.txt file is in the same directory as the PowerShell script.
2.  update the script in the following place:
2a.  line 1: replace <YourServerTcpIpAddress> with the real IP address of the server you ran the netstat on
3. from a PowerShell prompt, navigate to the directory where the script and text file is
4. run PS script

The script will read the text file, look for entries that have the server's IP, save the remote address into an array, sort and dedup the array, then run a lookup on the addresses remaining in the list.

$serverip = "<YourServerTcpIpAddress>"
$file = Get-Content netstat-ano.txt
$arrTemp = @()
$arrDeduppedList = @()

foreach ($line in $file)
{
    if ($line.Contains($serverip))
    {
        $output = (($line -split ("  "))[4] -split (":"))[0]
        $arrTemp += $output.Trim()
    }
}
$arrDeduppedList = $arrTemp | sort | get-unique

foreach ($thing in $arrDeduppedList)
{
    [System.Net.dns]::GetHostbyAddress($thing)
}

Open in new window


This way, you can just use the raw output from netstat... no need to reformat or rework the contents of the text file.

Dan
Why don't you just get rid of the file create\import and stick it in a variable

$File = Netstat -ano

Open in new window


Instead of

$file = Get-Content netstat-ano.txt

Open in new window

Thanks Guy!  For some reason I thought it wasn't that easy, was playing with start-process.  But hey!  Learned something new today.

Updated script:

$serverip = "<YourServerTcpIpAddress>"
$arrTemp = @()
$arrDeduppedList = @()

$file = netstat -ano
foreach ($line in $file)
{
    if ($line.Contains($serverip))
    {
        $output = (($line -split ("  "))[4] -split (":"))[0]
        $arrTemp += $output.Trim()
    }
}
$arrDeduppedList = $arrTemp | sort | get-unique

foreach ($thing in $arrDeduppedList)
{
    [System.Net.dns]::GetHostbyAddress($thing)
}

Open in new window


Dan
One more update.  I wanted to remove as much manual editing as possible.  This will work for devices with a single IP.  I haven't tested it on a device with multiple addresses.

Removed the need to edit the script with the IP address of interest.  This line:

$serverip = "<YourServerTcpIpAddress>"

Open in new window


- is replaced by this -

$servername = $env:computername + "." + $env:userdnsdomain
$serverip = [System.Net.Dns]::GetHostbyName($servername).AddressList.IPAddressToString

Open in new window


Edit is no longer necessary.  Just run the script on the computer/server you are interested in.

Full script:
$arrTemp = @()
$arrDeduppedList = @()

$servername = $env:computername + "." + $env:userdnsdomain
$serverip = [System.Net.Dns]::GetHostbyName($servername).AddressList.IPAddressToString

$file = netstat -ano
foreach ($line in $file)
{
    if ($line.Contains($serverip))
    {
        $output = (($line -split ("  "))[4] -split (":"))[0]
        $arrTemp += $output.Trim()
    }
}
$arrDeduppedList = $arrTemp | sort | get-unique

foreach ($thing in $arrDeduppedList)
{
    [System.Net.Dns]::GetHostbyAddress($thing)
}

Open in new window


Dan
You could use this to get a list of IPv4 addresses on a server

$IPAddresses = Get-NetIPAddress | where {($_.AddressFamily -eq "IPv4") -AND ($_.IPAddress -ne "127.0.0.1")} | select IPAddress

Open in new window


And I suppose you could wrap the whole script up in ForEach IP.....
Yes, it would.  But, I believe Get-NetIPaddress is only available on Server 2012 & 2012 R2 (Win8 & 8.1).

The OP didn't specify the server OS.

Dan
If you want to process all the results of netstat -ano and turn it into objects, you could use this.
http://poshcode.org/2701

It would easy enough to add [System.Net.Dns]::GetHostByAddress($someip).HostName to convert IP addresses to hostnames.  Depending on what your needs are, you may be best off with just using TCPView ( https://technet.microsoft.com/en-us/library/bb897437.aspx ), which has an option to resolve addresses.
Actually, instead of the poscode link, looks like someone has already extended it to add this functionality.
https://gallery.technet.microsoft.com/scriptcenter/Get-NetworkStatistics-66057d71
OH! Good point...

How about:

$IPAddressTable = Get-WmiObject -Class Win32_NetworkAdapterConfiguration -Filter 'IPEnabled = True'
$IPAddresses = $IPAddressTable.ipaddress | where {$_ -like "*.*"}

Foreach ($IPAddress in $IPAddresses) {  <Script here> }

Open in new window