1

I would like to use WMIC to retrieve the output of a "netstat" command on a remote computer. The actual execution of the following command executes without error and I see the output popup briefly within a new window:

wmic /node:server1  process call create "netstat.exe -ano"

With that being said, I need to pipe the output of the process window to STDOUT, and have tried:

wmic /node:server1  process call create "netstat.exe -ano > C:\temp\test.txt"

However, that does not work. I have also tried the /output:STDOUT option, however, that only reports the execution of the command:

Executing (Win32_Process)->Create() Method execution successful. Out Parameters: instance of __PARAMETERS {
    ProcessId = 5044;
    ReturnValue = 0; };

Does anyone know how I can go about using WMIC to retrieve the actual output from the new window that was opened in order to process the data?

Thanks in advance!

Joshua Dannemann
  • 2,003
  • 1
  • 14
  • 34
need2lease
  • 136
  • 1
  • 2
  • 10
  • Another option to get the list of open connections on a computer is to use PowerShell and/or WMI: https://www.action1.com/kb/list_of_open_tcp_ip_connections_on_remote_computer.html With PowerShell, for example, you can filter or sort the results or even query multiple computers at the same time. – Peter Barnett Dec 20 '17 at 22:26

1 Answers1

3

The > symbol behaves as operator of redirection in cmd.exe, not in netstat.exe.
In fact, wmic process call create "netstat.exe -ano > C:\temp\test.txt" is about to run the same as netstat.exe -ano ^> files\nstat.txt (try it from command line).

Next command works (unfortunately, I can't try it with /node:"server1" against a remote computer at the moment):

wmic process call create "cmd /C > C:\temp\test.txt 2>&1 netstat.exe -ano"
JosefZ
  • 28,460
  • 5
  • 44
  • 83
  • Thanks JosefZ. Locally it worked as expected. Using a remote call, it worked as well, but the output was saved on the remote client. Is there anyway to push the actual output back to the machine that called it, even through SDTOUT if possible? Thanks! This gets me a lot closer. – need2lease Oct 13 '15 at 19:20
  • Copy output file from server after appropriate timeout period? As I said I can't check `wmic` against a remote computer at the moment. However, I'd try redirect the output back like `>\\%computername%\C$\temp\test.txt` (only a guess, I don't apprehend whether redirection works with UNC paths). Try also `>\\TSCLIENT\C\temp\test.txt` or similar (I have forgotten proper syntax). – JosefZ Oct 13 '15 at 20:11