find established connections from windows server

Dear Experts

In windows server where the application server (CRM system)  is deployed this application which connects to multiple integrations like website , CTI, also configured office 365 smtp, the application logs are not giving us enough data hence from the windows server level how to find or get the log report , when the CRM application runs logic based on scheduler it triggers emails to the customers to check this from windows server level what to do please suggest, in linux think we can use netstat - tulnp, In windows server how to find the application which is running is it establishing connection to the remote services like smtp configured. for example
1.  would like to run the command where it lists  only the running smtp connections established
2. would like to run the command where it lists all the connections established to web server.
also is it possible to append to text file
D_wathiAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

N8iveITCommented:
Outside of PowerShell, the command line to use would be NETSTAT:
netstat -a -b -e -f -n -o -r -s
- OR -
netstat -a -b -e -f -n -o

Open in new window


NETSTAT's usage is:
Displays protocol statistics and current TCP/IP network connections.

NETSTAT [-a] [-b] [-e] [-f] [-n] [-o] [-p proto] [-r] [-s] [-t] [interval]

  -a            Displays all connections and listening ports.
  -b            Displays the executable involved in creating each connection or
                listening port. In some cases well-known executables host
                multiple independent components, and in these cases the
                sequence of components involved in creating the connection
                or listening port is displayed. In this case the executable
                name is in [] at the bottom, on top is the component it called,
                and so forth until TCP/IP was reached. Note that this option
                can be time-consuming and will fail unless you have sufficient
                permissions.
  -e            Displays Ethernet statistics. This may be combined with the -s
                option.
  -f            Displays Fully Qualified Domain Names (FQDN) for foreign
                addresses.
  -n            Displays addresses and port numbers in numerical form.
  -o            Displays the owning process ID associated with each connection.
  -p proto      Shows connections for the protocol specified by proto; proto
                may be any of: TCP, UDP, TCPv6, or UDPv6.  If used with the -s
                option to display per-protocol statistics, proto may be any of:
                IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, or UDPv6.
  -r            Displays the routing table.
  -s            Displays per-protocol statistics.  By default, statistics are
                shown for IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, and UDPv6;
                the -p option may be used to specify a subset of the default.
  -t            Displays the current connection offload state.
  interval      Redisplays selected statistics, pausing interval seconds
                between each display.  Press CTRL+C to stop redisplaying
                statistics.  If omitted, netstat will print the current
                configuration information once.

Open in new window


You can add "> c:\FolderName\textfile.txt" to the end and it will recreate the text file each time it runs.

If you use the "interval" option then I would use the ">> c:\FolderName\textfile.txt" option to append to a text file rather than create a new one each time.

I would experiment with this command (especially the "-p proto" switch) to see if it gives  you what you need. If it doesn't, you may need some advanced tools either in PowerShell, VBA or something native to the CRM package to get what you need.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
D_wathiAuthor Commented:
thanks for the reply, can you please help me understand outside of PowerShell means should I have to go to command prompt and run the below
netstat -a -b -e -f -n -o

request to please explain the steps in windows server , I would like to capture output of netstat -a -b -e -f -n -o to c:\FolderName\textfile.txt", please
0
N8iveITCommented:
Sure:
1. Create a folder on your C-drive (or any local drive). In this case I will assume a folder named "NetStatOutput" on the root of the C-drive.
2. Go to the command prompt and run (I removed the -e, my fault, it shouldn't have been in there):
   netstat -a -b -f -n -o > C:\NetStatOutput\NSOutput.txt
3. Open the folder, double-click on NSOutput.txt and you will see the output in the text file
4. At this point, you have all output in a file and can search for SMTP then go from there ...

Hope that clarifies it for you (I apologize for my initial error with the -e)!

If you run the command again and want to append it to the original file, use the following and it will add the output of the second, third and subsequent runs to the same file:
   netstat -a -b -f -n -o >> C:\NetStatOutput\NSOutput.txt

> means redirect the output to a NEW file
>> means redirect and append the output to an EXISTING file

This is a very basic way to start troubleshooting.

You could also use a free utility from Microsoft; https://docs.microsoft.com/en-us/sysinternals/downloads/tcpview ... NetStat is a built-in command to get you started to see if you need something more sophisticated.
0
Learn SQL Server Core 2016

This course will introduce you to SQL Server Core 2016, as well as teach you about SSMS, data tools, installation, server configuration, using Management Studio, and writing and executing queries.

D_wathiAuthor Commented:
this really a great help, how to execute netstat -a -b -f -n -o > C:\NetStatOutput\NSOutput.txt  for continuous 04 hours to capture entire log during this time period, the CRM application executes the  windows scheduler and performs the tasks for remote services. for example at 2.00pm to 4.00pm CRM system runs the scheduler and kicks the tasks where it connects to the remote services like website/email server for sending bulk mail etc and I would like to capture netstat report on all this connectivity,
1.  please help me how to frame the above netstat command to run continuously for some time period (from 2.00pm to 4.00pm) think this should happen background ,  can you help me this on windows server how to and also linux server how to please.
0
N8iveITCommented:
Linux, I do not know.

Windows: You could put this command (with the append statement) in a batch file and run via Windows Scheduler every X minutes then review the output ... to start. If you need something in a better format for something creating a more permanent record (beyond troubleshooting, then PowerShell / VBA may be the next step. Do you need assistance with (1) creating a batch file and (2) setting the schedule task?
0
D_wathiAuthor Commented:
yes please, it will be a great help if you can help me creating the batch file.
0
N8iveITCommented:
Easiest way is to open Notepad, paste in the netstat command with the >> statement in it and then save as something like "CRMNetStat.bat"

Rather than rewriting what a batch file can do, good explanations are:
1. Overall understanding - https://fossbytes.com/what-is-a-batch-file-in-windows-how-to-create-a-batch-file/
2. Overall understanding with more detail - http://www.pcstats.com/articleview.cfm?articleID=1767
3. Detailed understanding - https://www.tutorialspoint.com/batch_script/

The Windows Scheduler can then be configured to run this command every so often - see https://www.thewindowsclub.com/how-to-schedule-batch-file-run-automatically-windows-7 with another odd but interesting batch file explanation at https://www.thewindowsclub.com/batch-files-windows-fun-cool-batch-files-tricks

I briefly searched Experts Exchange but don't see anything with a basic explanation of either of these items.
0
N8iveITCommented:
Thank-you!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Networking

From novice to tech pro — start learning today.