PowerShell: Get Listening Network Daemons and Associated Processes – netstat replacement

PowerShell: Get Listening Network Daemons and Associated Processes – netstat replacement

This script will query for all listening TCP & UDP network daemons and cross-reference the Owning Process to pull Process Name, Path, and executing Username. This of it as an enhanced replacement for the old netstat command.

The PowerShell Script

Example Output

Motivation

I’ve always used the command netstat -ano to see listening daemons and their associated PID. Then I would have to go lookup the owning process by PID. The above script combines this into one easy-to-run command.

The script not only gives you the parent process name but also the path to the executable. There is room for improvement since all services are just going to return svchost. I may extend the script to additionally query Get-Service to pull the Windows Service name and path to the executable.

How to use it

  1. Copy and Paste the above code and save it to a file named Get-Daemons.ps1
  2. From an elevated command PowerShell prompt run the script.
    PS C:\> Get-Daemons.ps1

Reference

The process lookup-table technique used to associated the daemon and owning process was adopted from https://stackoverflow.com/questions/44509183/powershell-get-nettcpconnection-script-that-also-shows-username-process-name

Comments are closed.