Tag Archives: PowerShell

List Open UDP Ports Using Powershell

In the last post I showed how to list open TCP ports using Powershell. Unlike the netstat command in DOS, Powershell splits TCP and UDP into two different commands, Get-NetTCPConnection and Get-NetUDPEndpoint. Here are some examples of Get-NetUDPEndpoint.

Get-NetUDPEndpoint by itself will return the local address and local port

Get-NetUDPEndpoint

To show listening ports filter for the address 0.0.0.0

Get-NetUDPEndpoint | Where {$_.LocalAddress -eq "0.0.0.0"}

To view the owning process ID, add the OwningProcess field.

Get-NetUDPEndpoint | Where {$_.LocalAddress -eq "0.0.0.0"} | select LocalAddress,LocalPort,OwningProcess

And use this command to display the name of the owning process.

Get-NetUDPEndpoint | Where {$_.LocalAddress -eq "0.0.0.0"} | select LocalAddress,LocalPort,@{Name="Process";Expression={(Get-Process -Id $_.OwningProcess).ProcessName}}

In my next post I will demonstrate combining Get-NetTCPConnection and Get-NetUDPEndpoint into a single command.

List Open Ports Using Powershell

In a previous post I showed how to use the netstat command to show open ports. This is another way using Powershell which gives you more options.

Get-NetTCPConnection is the Powershell equivalent to netstat and by itself will return a similar output to netstat.

Get-NetTCPConnection

To show only the listening ports we need to filter for all items in the Listen state with the remote address of 0.0.0.0

get-nettcpconnection | where {($_.State -eq "Listen") -and ($_.RemoteAddress -eq "0.0.0.0")}

You can add additional fields like the process ID for each port. Changing the fields from the default requires selecting each one you want and then piping to ft (format-table).

get-nettcpconnection | where {($_.State -eq "Listen") -and ($_.RemoteAddress -eq "0.0.0.0")} | Select LocalAddress,LocalPort,RemoteAddress,RemotePort,State,OwningProcess | ft

This example will get the name of the process associated with each item.

 get-nettcpconnection | where {($_.State -eq "Listen") -and ($_.RemoteAddress -eq "0.0.0.0")} | select LocalAddress,LocalPort,RemoteAddress,RemotePort,State,@{Name="Process";Expression={(Get-Process -Id $_.OwningProcess).ProcessName}} | ft