get-aduser -Filter {BadLogonCount -ne 0} -properties * | select SamAccountName,BadLogonCount,BadPasswordTime,BadPwdCount,@{name='badPasswordTimeDT'; expression={[datetime]::fromFileTime($_.badPasswordTime)}} | sort BadPasswordTime | FT
ss is another utility to investigate sockets. It can display more TCP and state information than other tools.