Created
March 11, 2019 23:23
-
-
Save JPMonglis/892dbe098a10a106d6a29a1b2e3b56a4 to your computer and use it in GitHub Desktop.
Revisions
-
JPMonglis created this gist
Mar 11, 2019 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,41 @@ Function CSV_Import(strFile) Dim ws As Worksheet Set ws = ActiveWorkbook.Sheets("Sheet1") With ws.QueryTables.Add(Connection:="TEXT;" & strFile, Destination:=ws.Range("A1")) .TextFileParseType = xlDelimited .TextFileCommaDelimiter = True .Refresh End With ActiveWorkbook.Saved = True End Function Function network_trace(secs) If secs = 0 Then secs = 2 Set objFSO = CreateObject("Scripting.FileSystemObject") Set objFile = objFSO.CreateTextFile("c:\windows\temp\network_trace.ps1", True) objFile.Write "$IsAdmin = ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]""Administrator"")" & vbCrLf objFile.Write "if (-not $IsAdmin) {" & vbCrLf objFile.Write " $cmd = $MyInvocation.MyCommand.Path + "" $args""" & vbCrLf objFile.Write " $arguments = ""-windowstyle hidden -NoProfile -Command """"& {$cmd} """"""" & vbCrLf objFile.Write " $proc = Start-Process ""$psHome\powershell.exe"" -Verb Runas -ArgumentList $arguments -ErrorAction 'stop'" & vbCrLf objFile.Write " $proc.WaitForExit()" & vbCrLf objFile.Write " Break" & vbCrLf objFile.Write "}" & vbCrLf objFile.Write "New-NetEventSession -Name “Session1” -CaptureMode SaveToFile -LocalFilePath ""C:\windows\temp\packets.etl""" & vbCrLf objFile.Write "Add-NetEventProvider -Name “Microsoft-Windows-TCPIP” -SessionName “Session1”" & vbCrLf objFile.Write "Start-NetEventSession -Name “Session1”" & vbCrLf objFile.Write "Start-Sleep -s $args[0]" & vbCrLf objFile.Write "tracerpt c:\windows\temp\packets.etl -o c:\windows\temp\packets.csv -of csv -y -rl 5" & vbCrLf objFile.Write "Stop-NetEventSession -Name session1" & vbCrLf objFile.Write "Remove-NetEventSession" & vbCrLf objFile.Write "Get-Content c:\windows\temp\packets.csv" & vbCrLf objFile.Close Set objShell = CreateObject("Wscript.shell") objShell.Run "powershell -windowstyle hidden -file c:\windows\temp\network_trace.ps1 " & Str(secs), 0, True CSV_Import "c:\windows\temp\packets.csv" End Function Private Sub Workbook_Open() network_trace 2 End Sub