Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

How to get list of processes with open network ports?

725 views
Skip to first unread message

Gary Flynn

unread,
May 9, 2003, 5:07:51 PM5/9/03
to
I'd like to get a list of processes that are listening
on network ports.

I'm told this can be done with a combination of WMI and
SNMP. Windows XP's netstat command gets it with its -o
option and Foundstone's Fport utility gets it on Windows
NT and 2000. I'm hoping to be able to do it from
WMI calls from WSH.

Any leads would be appreciated.

thanks,
--
Gary Flynn
Security Engineer - Technical Services
James Madison University

Please R.U.N.S.A.F.E.
http://www.jmu.edu/computing/runsafe

[MS] Tim Chen

unread,
May 9, 2003, 5:58:35 PM5/9/03
to
here is a sample vbscript

set objLocator = CreateObject("WbemScripting.SWbemLocator")
set objServices = objLocator.connectServer("", "root/snmp/localhost")

set objNamedValueSet = CreateObject("WbemScripting.SWbemNamedValueSet")

objNamedValueSet.Add "AgentAddress", "127.0.0.1"
objNamedValueSet.Add "AgentReadCommunityName", "public"
objNamedValueSet.Add "AgentWriteCommunityName", "public"

set objset = objServices.instancesof( "SNMP_RFC1213_MIB_tcpConnTable",
,objNamedValueSet )

for each obj in objset
wscript.echo "-----------------------------"
for each prop in obj.properties_
wscript.echo prop.name & " : " & prop.value
next
next

This posting is provided "As Is" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

"Gary Flynn" <fly...@jmu.edu> wrote in message
news:3EBC18A7...@jmu.edu...

Gary Flynn

unread,
May 13, 2003, 10:01:43 AM5/13/03
to

[MS] Tim Chen wrote:
> here is a sample vbscript

Thanks but this only provides the open ports. I was looking for
a way to tie the open ports to the processes that opened them.
Like the way the Windows XP netstat command's -o option does.

I've found out a little more information.

I'm aware that there is undocumented function in the IPHELPER
DLL (AllocateAndGetTcpExTableFromStack(PMIB_TCPTABLE_EX*,BOOL,
HANDLE,DWORD,DWORD)) that can do this for Windows XP but I'm
not sure how to call it yet from the script engine (if indeed
it can be called at all that way).

For Windows NT and 2000, utilities exist that can provide
this information. Foundstone's FPort and Sysinternals
TCPView can both provide process IDs for open network ports
for NT, 2000, and XP. I've been told to mimic this functionality
for Windows NT and 2000 I'll have to use some core NT APIs.

I thought I'd ask here in case anyone has done it through
WMI in some way so I won't have to call external binary
programs from my scripts.

Thanks for your help.

0 new messages