It seems the class to do this is MSFT_NetTransportConnection.
However I cannot query this class via Get-WmiObject:
C:\Users\Justin Dearing> Get-WmiObject MSFT_NetTransportConnection
Get-WmiObject : Invalid class "MSFT_NetTransportConnection"
At line:1 char:1
+ Get-WmiObject MSFT_NetTransportConnection
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidType: (:) [Get-WmiObject], ManagementException
+ FullyQualifiedErrorId : GetWMIManagementException,Microsoft.PowerShell.Commands.GetWmiObjectCommand
C:\Users\Justin Dearing> Get-WmiObject MSFT_NetTransportConnection -Namespace "root/StandardCimv2"
Get-WmiObject : Not supported
At line:1 char:1
+ Get-WmiObject MSFT_NetTransportConnection -Namespace "root/StandardC ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [Get-WmiObject], ManagementException
+ FullyQualifiedErrorId : GetWMIManagementException,Microsoft.PowerShell.Commands.GetWmiObjectCommand
C:\Users\Justin Dearing> Get-WmiObject MSFT_NetTransportConnection -Namespace "fff"
Get-WmiObject : Invalid namespace "fff"
At line:1 char:1
+ Get-WmiObject MSFT_NetTransportConnection -Namespace "fff"
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (:) [Get-WmiObject], ManagementException
+ FullyQualifiedErrorId : GetWMIManagementException,Microsoft.PowerShell.Commands.GetWmiObjectCommand
What am I doing wrong?
Can the MSFT_NetTcpConnection class be suitable?
Get-WmiObject -Namespace 'ROOT/StandardCimv2' -ClassName MSFT_NetTCPConnection |
Group-Object OwningProcess
You can also use Sort-Object to sort the list of processes with the most connections. This makes it easier to visually discover which processes have the most connections.
Get-CimInstance -Namespace root/standardcimv2 -ClassName MSFT_NetTCPConnection |
Group-Object -Property OwningProcess |
Sort-Object -Property Count