- Trending Categories
Data Structure
Networking
RDBMS
Operating System
Java
MS Excel
iOS
HTML
CSS
Android
Python
C Programming
C++
C#
MongoDB
MySQL
Javascript
PHP
Physics
Chemistry
Biology
Mathematics
English
Economics
Psychology
Social Studies
Fashion Studies
Legal Studies
- Selected Reading
- UPSC IAS Exams Notes
- Developer's Best Practices
- Questions and Answers
- Effective Resume Writing
- HR Interview Questions
- Computer Glossary
- Who is Who
How to get the port number of the processes using PowerShell?
When we use Get-Process cmdlet in PowerShell, it doesn’t have properties to get Port number the processes use. So here we will write a function that will provide us the ports number associated with the processes.
There is one windows command NETSTAT which provides the Port number and the associated process ID but doesn’t provide the process name. We have Get-Process command which provides the process name and the PID (Process ID) so we can write a program that can associate both the commands and we can retrieve the process ID, local address, remote address, and if the state of the port like LISTENING, ESTABLISHED, etc.
Let look at how the NETSTAT command looks like.
PS C:\WINDOWS\system32> netstat Active Connections Proto Local Address Foreign Address State TCP 127.0.0.1:9012 DESKTOP-9435KM9:56668 ESTABLISHED TCP 127.0.0.1:29885 DESKTOP-9435KM9:56733 ESTABLISHED TCP 127.0.0.1:49676 DESKTOP-9435KM9:58748 ESTABLISHED TCP 127.0.0.1:49676 DESKTOP-9435KM9:58755 ESTABLISHED TCP 127.0.0.1:49676 DESKTOP-9435KM9:58766 ESTABLISHED TCP 127.0.0.1:49676 DESKTOP-9435KM9:58772 ESTABLISHED TCP 127.0.0.1:49676 DESKTOP-9435KM9:58780 ESTABLISHED TCP 127.0.0.1:49676 DESKTOP-9435KM9:58782 ESTABLISHED TCP 127.0.0.1:49676 DESKTOP-9435KM9:58788 ESTABLISHED TCP 127.0.0.1:49676 DESKTOP-9435KM9:58797 ESTABLISHED TCP 127.0.0.1:49676 DESKTOP-9435KM9:58799 ESTABLISHED TCP 127.0.0.1:49676 DESKTOP-9435KM9:58801 ESTABLISHED TCP 127.0.0.1:49676 DESKTOP-9435KM9:58810 ESTABLISHED TCP 127.0.0.1:49676 DESKTOP-9435KM9:58815 ESTABLISHED TCP 127.0.0.1:49676 DESKTOP-9435KM9:58833 ESTABLISHED TCP 127.0.0.1:49676 DESKTOP-9435KM9:58835 ESTABLISHED TCP 127.0.0.1:49676 DESKTOP-9435KM9:58836 ESTABLISHED TCP 127.0.0.1:49676 DESKTOP-9435KM9:58837 ESTABLISHED TCP 127.0.0.1:49676 DESKTOP-9435KM9:58838 ESTABLISHED TCP 127.0.0.1:49676 DESKTOP-9435KM9:58843 ESTABLISHED TCP 127.0.0.1:49676 DESKTOP-9435KM9:58845 ESTABLISHED
In the above command, we need to get the port numbers, local address, and remote address, so we will use NETSTAT –ano command. To get more information about this command, check the link below.
https://www.ionos.com/digitalguide/server/tools/introduction-to-netstat/
The output of this command would be −
PS C:\WINDOWS\system32> netstat -ano Active Connections Proto Local Address Foreign Address State PID TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 1208 TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4 TCP 0.0.0.0:2869 0.0.0.0:0 LISTENING 4 TCP 0.0.0.0:5040 0.0.0.0:0 LISTENING 7864 TCP 0.0.0.0:5700 0.0.0.0:0 LISTENING 4 TCP 0.0.0.0:16861 0.0.0.0:0 LISTENING 26860 TCP 0.0.0.0:49664 0.0.0.0:0 LISTENING 760 TCP 0.0.0.0:49665 0.0.0.0:0 LISTENING 912 TCP 0.0.0.0:49666 0.0.0.0:0 LISTENING 1704 TCP 0.0.0.0:49667 0.0.0.0:0 LISTENING 2976 TCP 0.0.0.0:49668 0.0.0.0:0 LISTENING 3868 TCP 0.0.0.0:49669 0.0.0.0:0 LISTENING 3996 TCP 0.0.0.0:49670 0.0.0.0:0 LISTENING 720 TCP 127.0.0.1:515 0.0.0.0:0 LISTENING 9276 TCP 127.0.0.1:1001 0.0.0.0:0 LISTENING 4 TCP 127.0.0.1:8884 0.0.0.0:0 LISTENING 4 TCP 127.0.0.1:9012 0.0.0.0:0 LISTENING 15532 TCP 127.0.0.1:9012 127.0.0.1:56668 ESTABLISHED 15532 TCP 127.0.0.1:29885 0.0.0.0:0 LISTENING 26860
We got Process ID (PID) in this table and we can retrieve the processes with PID with Get-Process command and write a program for it which can correlate both.
function Get-ProcessPorts{
[cmdletbinding()]
Param(
[parameter(Mandatory=$True, ValueFromPipeLine=$True)]
[AllowEmptyCollection()]
[string[]]$ProcessName
)
Begin{
Write-Verbose "Declaring empty array to store the output"
$portout = @()
}
Process{
Write-Verbose "Processes to get the port information"
$processes = Get-Process $ProcessName
foreach($proc in $processes){
# Get the port for the process.
$mports = Netstat -ano | findstr $proc.ID
# Separate each instance
foreach($sport in $mports)
# Split the netstat output and remove empty lines from the output.
$out = $sport.Split('') | where{$_ -ne ""}
$LCount = $out[1].LastIndexOf(':')
$RCount = $out[2].LastIndexOf(':')
$portout += [PSCustomObject]@{
'Process' = $proc.Name
'PID' = $proc.ID
'Protocol' = $out[0]
'LocalAddress' = $out[1].SubString(0,$LCount)
'LocalPort' = $out[1].SubString($Lcount+1,($out[1].Length-$Lcount-1))
'RemoteAddress' = $out[2].SubString(0,$RCount)
'RemotePort' = $out[2].SubString($RCount+1,($out[2].Length-$Rcount-1))
'Connection' = $(
# Checking if the connection contains any empty string.
if(!($out[3] -match '\d')){$out[3]}
)
}
}
}
$portout | ft -AutoSize
}
End{
Write-Verbose "End of the program"
}
}Output −
Process PID Protocol LocalAddress LocalPort RemoteAddress RemotePort Connection ------- --- -------- ------------ --------- ------------- ---------- ---------- avp 4252 TCP 127.0.0.1 49676 0.0.0.0 0 LISTENING avp 4252 TCP 127.0.0.1 49676 127.0.0.1 50304 ESTABLISHED avp 4252 TCP 127.0.0.1 49676 127.0.0.1 50338 ESTABLISHED avp 4252 TCP 127.0.0.1 49676 127.0.0.1 50347 ESTABLISHED avp 4252 TCP 127.0.0.1 49676 127.0.0.1 50357 ESTABLISHED avp 4252 TCP 127.0.0.1 49676 127.0.0.1 50366 ESTABLISHED avp 4252 TCP 127.0.0.1 49676 127.0.0.1 50370 ESTABLISHED avp 4252 TCP 127.0.0.1 49676 127.0.0.1 50375 ESTABLISHED avp 4252 TCP 127.0.0.1 49676 127.0.0.1 50376 ESTABLISHED avp 4252 TCP 127.0.0.1 49676 127.0.0.1 50377 ESTABLISHED avp 4252 TCP 127.0.0.1 49676 127.0.0.1 50378 ESTABLISHED avp 4252 TCP 127.0.0.1 49676 127.0.0.1 50379 ESTABLISHED avp 4252 TCP 127.0.0.1 49676 127.0.0.1 50380 ESTABLISHED avp 4252 TCP 127.0.0.1 49676 127.0.0.1 50385 ESTABLISHED avp 4252 TCP 127.0.0.1 49676 127.0.0.1 50387 ESTABLISHED WINWORD 25852 TCP 192.168.0.107 53584 99.83.135.170 443 ESTABLISHED WINWORD 25852 TCP 192.168.0.107 53592 99.83.135.170 443 ESTABLISHED VERBOSE: End of the program
- Related Articles
- How to get all the processes on remote computers using PowerShell?
- How to get the running processes with the WMI object using PowerShell?
- How to get the running processes with the CIM instance using PowerShell?
- How to get all the processes on the local computer with Get-Process command using PowerShell?
- How to open a port in the Windows Operating System using PowerShell?
- How to open port for the Azure VM using Azure CLI in PowerShell?
- How to sort the Processes based on their property name using PowerShell?
- How to get the port number part of the href attribute of an area in JavaScript?
- How to get the number of the internet host port for the current page in JavaScript?
- How to get the disk information using PowerShell?
- How to get the folder size using PowerShell?
- How to get the file extension using PowerShell?
- How to get the disk performance using PowerShell?
- How to get all the Get-Process properties using PowerShell?
- How to get the tags of the availability set using PowerShell?
Advertisements