Friday, April 19, 2024
Latest:

DevOps | Scripts | Automation

PowershellScripts

How to get the process open Ports using PowerShell?

Chirag Nagrekar

Few processes interact with the outside or inside systems using ports. To find the process open ports on the windows system, we have a few cmdlets but they don’t give you the exact information like which process has which open ports.

For example, Get-Process gives you the information about Processes in details but not the process ports. Similarly, Netstat -ano command gives the process ID and open ports but not the process name. However, we can combine both commands to retrieve the process name and and associated process IDs.

Below script is located on my github account as well to retrieve the process ports output.

https://github.com/chiragce17/ProcessPort

Script:

function Get-ProcessPorts {
     
   [cmdletbinding()]
   Param(
      [parameter(Mandatory = $True, ValueFromPipeLine = $True)]
      [AllowEmptyCollection()]
      [string[]]$ProcessName
   )

   Begin {
       
      Write-Verbose "Declaring empty array to store the output"
      $portout = @()
                  
   }

   Process {
         
      try {
        
         Write-Verbose "Processes to get the port information"      
         $processes = Get-Process $ProcessName  -ErrorAction Ignore

         foreach ($proc in $processes) {
             

            # Get the port for the process.
            $mports = Netstat -ano | findstr $proc.ID
             
            if ($mports) {

               # Separate each instance 
               foreach ($sport in $mports) {

                  # Split the netstat output and remove empty lines from the output.
                  $out = $sport.Split('') | where { $_ -ne "" }

                  $LCount = $out[1].LastIndexOf(':')

                  $RCount = $out[2].LastIndexOf(':')
                
                
                  $portout += [PSCustomObject]@{
                                  
                     'Process'       = $proc.Name
                     'PID'           = $proc.ID
                     'Protocol'      = $out[0]
                     'LocalAddress'  = $out[1].SubString(0, $LCount)
                     'LocalPort'     = $out[1].SubString($Lcount + 1, ($out[1].Length - $Lcount - 1))
                     'RemoteAddress' = $out[2].SubString(0, $RCount)
                     'RemotePort'    = $out[2].SubString($RCount + 1, ($out[2].Length - $Rcount - 1))
                     'Connection'    = $(
                        # Checking if the connection contains any empty string.
                        if (!($out[3] -match '\d')) { $out[3] }      
                     )
                                  
                  }

               }
            }  #If loop ends 
            
            else {
               Write-Host "`nProcess $($Proc.Name) with PID : $($proc.ID) doesn't have any active ports" -BackgroundColor DarkRed
              
            }
             
           
         } #Foreach loop ends 

         $portout |  ft -AutoSize

      } #Try block ends

      catch {
         Write-Host "$($_.Exception.Message)" -BackgroundColor DarkRed
      }

   }

   End {
      
      Write-Verbose "End of the program"
   }
}

Output:

For multiple processes,

As mentioned earlier and shown in the above output, some processes might not have the ports open.