none
the list of open ports, the process AND the name of the service RRS feed

  • Question

  • Hi,

    I want to retrieve the list of open ports, the process AND the name of the service in 1 command. Is it possible to do it with powershell. Maybe with foreach, netstat, get-process and get-service ?

    Thanks

    Nicolas COULIN

    Friday, August 28, 2020 10:04 PM

All replies

  • Sure it's possible but there is going be a significant number of lines of Powershell code to do that.

    Maybe something in the PS gallery will provide a sample to start with. https://gallery.technet.microsoft.com/site/search?f%5B0%5D.Type=ProgrammingLanguage&f%5B0%5D.Value=PowerShell&f%5B0%5D.Text=PowerShell&f%5B1%5D.Type=RootCategory&f%5B1%5D.Value=networking&f%5B1%5D.Text=Networking

    Have you looked at TCPView? https://docs.microsoft.com/en-us/sysinternals/downloads/tcpview

    Saturday, August 29, 2020 12:59 AM
  • In fact, i found this script http://winteltools.com/netstat-process-name/, but there are not Windows services.

    I thinks, it was possible to do an other foreach to match with process id.


    Nicolas COULIN

    Saturday, August 29, 2020 7:49 AM
  • You can:

    $services = Get-WMIObject -Class Win32_Service -Filter 'State="Running"' | Select Name, ProcessID
    $cmd = "netstat -ano | findstr LISTEN"
    $listening = Invoke-Expression $cmd
    foreach ($entry in $listening) {
        if ($entry -match "^\s*(TCP|UDP)\s*((\d+\.\d+\.\d+\.\d+)|(\[.*\]))\:(?<port>\d+).*\s+(?<procid>\d+)$") {
            $procid = $Matches['procid']
            $port = $Matches['port']
            $svc = ($services.Where({$_.ProcessID -eq $procid}))[0]
            if ($null -ne $svc) {
                "$($svc.Name) --> $port"
            }
        }
    }


    Evgenij Smirnov

    http://evgenij.smirnov.de

    Saturday, August 29, 2020 10:31 AM
  • Thanks a lot. Is it possible to have 3 columns. Service, process and port


    Nicolas COULIN

    Monday, August 31, 2020 8:26 PM
  • Thanks a lot. Is it possible to have 3 columns. Service, process and port


    Nicolas COULIN

    Yes. The process ID is in $procid, if you need the process name, you'll have to either get it from 

    (Get-Process -ID $procid).ProcessName

    for each reported ID or use the PathName property of the Win32_Service-Object:

    $services = Get-WMIObject -Class Win32_Service -Filter 'State="Running"' | Select Name, ProcessID, PathName

    ...

    "$($svc.Name) --> $port --> $($svc.PathName)"

    The latter contains the complete path and arguments, though.


    Evgenij Smirnov

    http://evgenij.smirnov.de

    Tuesday, September 1, 2020 5:00 AM
  •  

    You should be away that some services listen on ports though process id 4, SYSTEM.  On this machine IIS is installed and configured to host sites on ports 80, 443, 8080, and 8081. But an IIS service won't show up in your report. 

    C:\>tasklist /fi "pid eq 4"
    
    Image Name                     PID Session Name        Session#    Mem Usage
    ========================= ======== ================ =========== ============
    System                           4 Services                   0     18,132 K
    
    C:\>netstat -aon | findstr -i listen
      TCP    0.0.0.0:21             0.0.0.0:0              LISTENING       4152
      TCP    0.0.0.0:80             0.0.0.0:0              LISTENING       4
      TCP    0.0.0.0:135            0.0.0.0:0              LISTENING       1072
      TCP    0.0.0.0:443            0.0.0.0:0              LISTENING       4
      TCP    0.0.0.0:445            0.0.0.0:0              LISTENING       4
      TCP    0.0.0.0:902            0.0.0.0:0              LISTENING       4368
      TCP    0.0.0.0:912            0.0.0.0:0              LISTENING       4368
      TCP    0.0.0.0:1536           0.0.0.0:0              LISTENING       876
      TCP    0.0.0.0:1537           0.0.0.0:0              LISTENING       736
      TCP    0.0.0.0:1538           0.0.0.0:0              LISTENING       1396
      TCP    0.0.0.0:1539           0.0.0.0:0              LISTENING       1896
      TCP    0.0.0.0:1540           0.0.0.0:0              LISTENING       3940
      TCP    0.0.0.0:1543           0.0.0.0:0              LISTENING       816
      TCP    0.0.0.0:5040           0.0.0.0:0              LISTENING       7812
      TCP    0.0.0.0:5357           0.0.0.0:0              LISTENING       4
      TCP    0.0.0.0:5700           0.0.0.0:0              LISTENING       4
      TCP    0.0.0.0:7680           0.0.0.0:0              LISTENING       8656
      TCP    0.0.0.0:8080           0.0.0.0:0              LISTENING       4
      TCP    0.0.0.0:8081           0.0.0.0:0              LISTENING       4
      TCP    0.0.0.0:8531           0.0.0.0:0              LISTENING       4
      TCP    0.0.0.0:13482          0.0.0.0:0              LISTENING       4
      TCP    127.0.0.1:1618         0.0.0.0:0              LISTENING       9952
      TCP    127.0.0.1:8884         0.0.0.0:0              LISTENING       4
      TCP    127.0.0.1:9012         0.0.0.0:0              LISTENING       1500
      TCP    127.0.0.1:28385        0.0.0.0:0              LISTENING       4
      TCP    127.0.0.1:28390        0.0.0.0:0              LISTENING       4
      TCP    127.0.0.1:49350        0.0.0.0:0              LISTENING       10424
      TCP    127.0.0.1:49351        0.0.0.0:0              LISTENING       2672
      TCP    169.254.76.181:139     0.0.0.0:0              LISTENING       4
      TCP    192.168.96.1:139       0.0.0.0:0              LISTENING       4
      TCP    192.168.109.1:139      0.0.0.0:0              LISTENING       4


    Tuesday, September 1, 2020 1:04 PM
  • I found the path info useful too.  

    # Script: ShowListeners.ps1 
    # Author: MotoX80 and Evgenij Smirnov on MS forums
    $rpt = @()
    $services = Get-CimInstance -Class Win32_Service -Filter 'State="Running"' | Select Name, ProcessID
    $Listeners = Get-NetTCPConnection | Where-Object {$_.State -eq "Listen"}
    foreach ($l in $Listeners){
        $proc =  Get-Process -ID $l.OwningProcess
        $rpt +=  [PSCustomObject]@{                                                           
                        Port = $l.LocalPort
                        Pid = $l.OwningProcess
                        ProcessName = $proc.ProcessName
                        Service = (-join (($services.Where({$_.ProcessID -eq $l.OwningProcess})) | foreach {"$($_.name), "})).trimend(', ')
                        Path = $proc.Path
                   }
    }
    $rpt | Sort-Object -property Port | Format-Table


    • Edited by MotoX80 Tuesday, September 1, 2020 2:50 PM
    Tuesday, September 1, 2020 2:47 PM