NET-GetNetDaemonsAndProcesses.ps1

3 minute read
<#
.FileName
    NET-GetNetDaemonsAndProcesses.ps1
.Synopsis
    Queries the computer on which it is run for listening
    TCP and UDP connections and associates them with a
    process and username.
.Example
    Run the script
.Author
    Neil Grinnall
.Created
    November 2020
#>

Clear-Host

Function Check-RunAsAdministrator()
{
  #Get current user context
  $CurrentUser = New-Object Security.Principal.WindowsPrincipal $([Security.Principal.WindowsIdentity]::GetCurrent())
  
  #Check user is running the script is member of Administrator Group
  if($CurrentUser.IsInRole([Security.Principal.WindowsBuiltinRole]::Administrator))
  {
       Write-host "Script is running with Administrator privileges!"
  }
  else
    {
       #Create a new Elevated process to Start PowerShell
       $ElevatedProcess = New-Object System.Diagnostics.ProcessStartInfo "PowerShell";
 
       # Specify the current script path and name as a parameter
       $ElevatedProcess.Arguments = "& '" + $script:MyInvocation.MyCommand.Path + "'"
 
       #Set the Process to elevated
       $ElevatedProcess.Verb = "runas"
 
       #Start the new elevated process
       [System.Diagnostics.Process]::Start($ElevatedProcess)
 
       #Exit from the current, unelevated, process
       Exit
 
    }
}

#Check Script is running with Elevated Privileges
Check-RunAsAdministrator

#add script path to env:path variable so we can call the portqry.exe
$invokedfrom = (Get-Variable MyInvocation).Value 
#$scriptPath = Split-Path $Myinvocation.MyCommand.Path
#$env:Path = $env:Path + ";$ScriptPath"
$scriptName = $invokedfrom.MyCommand.Name


#basic shell banner
write-host
Write-Host "*************************************************************"
write-host ".Script name"
Write-host "        $scriptName"
write-host 
write-host ".Synopsis"
write-host "        Lists all TCP and UDP listening and established ports"
write-host "        on only 0.0.0.0, 127.0.0.1 or the IPv4 address." 
write-host
write-host ".Author"
write-host "        Neil Grinnall"
write-host "        Nov 2020"
write-host
Write-Host "*************************************************************"
write-host

# Make a lookup table by process ID
$Processes = @{}
Get-Process -IncludeUserName | ForEach-Object {
    $Processes[$_.Id] = $_
}

#Get IP address
$ipV4 = Test-Connection -ComputerName (hostname) -Count 1  | Select -ExpandProperty IPV4Address 
$ip = $ipv4.IPAddressToString

# Query Listening TCP Daemons
Write-Output "TCP Daemons - Listening"
Get-NetTCPConnection | 
    #Where-Object { $_.LocalAddress -eq $ip -or $_.LocalAddress -eq "0.0.0.0" -or $_.LocalAddress -eq "127.0.0.1" -and $_.State -eq "Listen" } |
    Where-Object { $_.State -eq "Listen" } |
    Select-Object State, LocalAddress, LocalPort,
        @{Name="PID";         Expression={ $_.OwningProcess }},
        @{Name="UserName";    Expression={ $Processes[[int]$_.OwningProcess].UserName }},
        @{Name="ProcessName"; Expression={ $Processes[[int]$_.OwningProcess].ProcessName }}, 
        @{Name="Path"; Expression={ $Processes[[int]$_.OwningProcess].Path }} |
    Sort-Object -Property LocalPort |
    Format-Table -AutoSize

# Query Established TCP Daemons
Write-Output "TCP Daemons - Established"
Get-NetTCPConnection | 
    #Where-Object { $_.LocalAddress -eq $ip -or $_.LocalAddress -eq "0.0.0.0" -or $_.LocalAddress -eq "127.0.0.1" -and $_.State -eq "Established" } |
    Where-Object { $_.State -eq "Established" } |Select-Object State, LocalAddress, LocalPort,
        @{Name="PID";         Expression={ $_.OwningProcess }},
        @{Name="UserName";    Expression={ $Processes[[int]$_.OwningProcess].UserName }},
        @{Name="ProcessName"; Expression={ $Processes[[int]$_.OwningProcess].ProcessName }}, 
        @{Name="Path"; Expression={ $Processes[[int]$_.OwningProcess].Path }} |
    Sort-Object -Property LocalPort |
    Format-Table -AutoSize

# Query Listening UDP Daemons
Write-Output "UDP Daemons - Endpoints"
Get-NetUDPEndpoint | 
    #Where-Object { $_.LocalAddress -eq $ip -or $_.LocalAddress -eq "0.0.0.0" -or $_.LocalAddress -eq "127.0.0.1" } |
    Select-Object LocalAddress, LocalPort,
        @{Name="PID";         Expression={ $_.OwningProcess }},
        @{Name="UserName";    Expression={ $Processes[[int]$_.OwningProcess].UserName }},
        @{Name="ProcessName"; Expression={ $Processes[[int]$_.OwningProcess].ProcessName }}, 
        @{Name="Path"; Expression={ $Processes[[int]$_.OwningProcess].Path }} |
    Sort-Object -Property LocalPort, UserName |
    Format-Table -AutoSize

Pause
Last modified July 21, 2024: update (e2ae86c)