I’m doing a project where I’m trying to capture any process on Windows attempting to communicate through TCP ports 587, 465, and 2525. I have experimented with several parameters for netstat for this and had been using netstat -ano -p tcp | findstr "587 465 2525" until I realized that when I left out -p tcp, I would sometimes get me more results depending if I have my VPN, Docker, or any other program that masks or uses my network, running. From the Microsoft Docs page, p just tells netstat to look for a specific protocol, which in my case is TCP.
As you can see from the above screenshot, for some reason when I include -p tcp in the command, I don’t see the results although when I exclude that part, you can clearly see there are TCP results? I find it odd that the results are also printing in IPv6 rather than IPv4 since when I run this from a virtual machine I see an IPv4 result.
Any help to understand this would be very appreciated! Thanks.
