In one of the online communities I follow someone encountered an issue with application listeners and ports being in use. The use case is that users have a Autocad type application installed that launches a server on a specific port; the users also run a remote control application that at times steals the port.
We’ve seen this all before – IIS being installed on a server and a new application also wanting to use port 443 or port 80, so I figured I’d help by creating him a monitoring script. This script is multifunctional; you can have it alert on changed listeners, you can have it alert on a specific one you expect to be there, or you can alert on applications that should not be listening.
The Script
Change the script to your own wishes, you can either remove the if statements at the bottom, or change the variables at top. 🙂
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
|
$ExpectedApplication = "vmms"
$NotAllowedApplication = "Teamviewer"
$CompareToPrevious = $true
$Connections = Get-NetTCPConnection | Where-Object { $_.LocalAddress -eq "0.0.0.0" -and $_.State -eq "Listen" }
$Processes = Get-Process
$CurrentListeners = foreach ($Connection in $Connections) {
[PSCustomObject]@{
Process = ($Processes | Where-Object id -eq $Connection.OwningProcess).Name
Port = ($Connection.LocalPort)
Path = ($Processes | Where-Object id -eq $Connection.OwningProcess).Path
}
}
if ($ExpectedApplication -notin $CurrentListeners.Process) {
write-host "Unhealthy - The expected application was not found in the current process list"
}
else {
write-host "Healthy - The expected application was found in the current process list"
}
if ($NotAllowedApplication -in $CurrentListeners.Process) {
write-host "Unhealthy - The non-allowed application was found in the current process list"
}
else {
write-host "Healthy - The non-allowed application was not found in the current process list"
}
if ($CompareToPrevious -eq $true) {
$PreviousResult = Get-content -Path "C:\ProgramData\ListenerMonitor.txt" | ConvertFrom-Json
$Result = Compare-Object $CurrentListeners $PreviousResult -Property Process,Port,Path
if ($Result) {
write-host "Unhealthy - The Listener list has changed."
$Result
}
else {
write-host "Healthy - The Listener list is still the same."
}
$CurrentListeners | ConvertTo-Json |out-file "C:\ProgramData\ListenerMonitor.txt"
}
|
and that’s it! as always, Happy PowerShelling.
