japji
asked on
Script to extract either 'Port Scan' or 'NetStat' results on specific Ports 9080, 9081, 9082
Hi Experts,
I've a requirement to investigate if Ports 9080, 9081 & 9082 are being binded/used on approx 2000 production servers without triggering any alarms for the Security folks.
The script should look for the servers in a Text File and should extract the results in the CSV format sorted out in a proper format.
I've had a look at a few scripts however with my limited PS or Scripting experience I'm not able to get the results.
Would appreciate if you could please prepare the script and also provide basic instructions on how to run it.
Thank you and I look forward to hearing from you soon.
I've a requirement to investigate if Ports 9080, 9081 & 9082 are being binded/used on approx 2000 production servers without triggering any alarms for the Security folks.
The script should look for the servers in a Text File and should extract the results in the CSV format sorted out in a proper format.
I've had a look at a few scripts however with my limited PS or Scripting experience I'm not able to get the results.
Would appreciate if you could please prepare the script and also provide basic instructions on how to run it.
Thank you and I look forward to hearing from you soon.
ASKER
Hi RobSampson,
Thank you for your response.
The output of the above command is NOT CORRECT. There are couple of issues as below:
1) The results always says "Not Listening" even though net stat results shows it as "Established"
2) The above command only looks for the first port which is 9080 and doesn't goes over the second or third port.
Please assist with this issue. Thanks
Thank you for your response.
The output of the above command is NOT CORRECT. There are couple of issues as below:
1) The results always says "Not Listening" even though net stat results shows it as "Established"
2) The above command only looks for the first port which is 9080 and doesn't goes over the second or third port.
Please assist with this issue. Thanks
OK, not sure port query shows a different result. So if you run these:
netstat -a | find /i "9080"
netstat -a | find /i "9081"
netstat -a | find /i "9082"
does that show you the corrent output?
netstat -a | find /i "9080"
netstat -a | find /i "9081"
netstat -a | find /i "9082"
does that show you the corrent output?
ASKER
Hi RobSampson,
Thank you for your prompt response.
Ok so the command --------->netstat -a | find /i "9080" <-------- works however the problem is that if the port is not binded it doesn't gives an error.
So what I would like is the script prepared with above commands to scan these ports on Remote Servers and if the above ports are not binded then to display some sort of message.
Is that Ok?
Thanks
Thank you for your prompt response.
Ok so the command --------->netstat -a | find /i "9080" <-------- works however the problem is that if the port is not binded it doesn't gives an error.
So what I would like is the script prepared with above commands to scan these ports on Remote Servers and if the above ports are not binded then to display some sort of message.
Is that Ok?
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi Rob,
What am I suppose to save the code as? I mean is it a .bat, vbs etc
Please advise back.
What am I suppose to save the code as? I mean is it a .bat, vbs etc
Please advise back.
Sorry, it's a VBS file.
ASKER
Hi Rob,
The Script is not working. Below is what I'm doing:
- Saved the script as VBS
- Created a txt filed called 'computers' and dumpted my server names in it.
- Modified the top part of your script as below:
strInputFile = "computers.txt"
' Make the log file accessible via UNC to the account running the script
strLogFile = "\\10.4.34.140\Guru-Tools\ netstatres ults.txt"
' Specify the path to PSExec
strPSExec = "\\10.4.34.140\Guru-Tools\ psexec.exe "
' Specify the list of ports to search netstat output for
arrPorts = Array("9080", "9081", "9082")
Please assist.
The Script is not working. Below is what I'm doing:
- Saved the script as VBS
- Created a txt filed called 'computers' and dumpted my server names in it.
- Modified the top part of your script as below:
strInputFile = "computers.txt"
' Make the log file accessible via UNC to the account running the script
strLogFile = "\\10.4.34.140\Guru-Tools\
' Specify the path to PSExec
strPSExec = "\\10.4.34.140\Guru-Tools\
' Specify the list of ports to search netstat output for
arrPorts = Array("9080", "9081", "9082")
Please assist.
Is the VBS in the same location as the computers.txt file? If not, then change
strInputFile = "computers.txt"
to something like
strInputFile = "\\10.4.34.180\Guru-Tools\ computers. txt"
If so, what errors are getting? Are you running the script with a user account that has admin rights to the remote servers? If you're on Windows Vista or higher, right click cmd.exe and click Run as Administrator, then type
cscript "\\10.4.34.140\Guru-Tools\ RunNetStat .vbs"
Regards,
Rob.
strInputFile = "computers.txt"
to something like
strInputFile = "\\10.4.34.180\Guru-Tools\
If so, what errors are getting? Are you running the script with a user account that has admin rights to the remote servers? If you're on Windows Vista or higher, right click cmd.exe and click Run as Administrator, then type
cscript "\\10.4.34.140\Guru-Tools\
Regards,
Rob.
ASKER
The script is still NOT working.
The answer to your questions are as follows:
- Yes both VB Script and Computers.txt file is in same folder
- VBSscript Run time error: File not found
- Yes I have Admin rights on all servers.
- Yes I've tried running the CMD in Admin mode too.
Please refer to the screenshot and the code that I'm using:
EE.PNG
PortScan.txt
The answer to your questions are as follows:
- Yes both VB Script and Computers.txt file is in same folder
- VBSscript Run time error: File not found
- Yes I have Admin rights on all servers.
- Yes I've tried running the CMD in Admin mode too.
Please refer to the screenshot and the code that I'm using:
EE.PNG
PortScan.txt
From your screenshot, I can see that computers.txt is on a local folder (your desktop folder), but the script error shows the error from the network UNC path. Can you put the computers.txt file in the \\10.4.34.180\Guru-Tools folder and see how that goes?
Rob.
Rob.
ASKER
Still NO GO mate.
Please refer to the screenshot.
I've renamed the VBS file to RuNetStat and also copied the computers.txt file onto the shared folder.
EE.PNG
Please refer to the screenshot.
I've renamed the VBS file to RuNetStat and also copied the computers.txt file onto the shared folder.
EE.PNG
Oops! I just realised line 13 relates to the PSExec file. In the script you have this:
strPSExec = "\\10.4.34.140\Guru-Tools\ psexec.exe "
so make sure psexec.exe is there.
Regards,
Rob.
strPSExec = "\\10.4.34.140\Guru-Tools\
so make sure psexec.exe is there.
Regards,
Rob.
ASKER
Sorry Rob I'm a bit confused with your last response.
Are you saying that I need to modify my script to add this ---> strPSExec = "\\10.4.34.140\Guru-Tools\ psexec.exe " as below
strCommand = "cmd /c " & strPSExec = "\\10.4.34.140\Guru-Tools\ psexec.exe " & " -accepteula \\" & strComputer & " cmd /c netstat /a ^| find /i """ & strPort & """ ^>^> """ & strLogFile & """"
OR
Were you saying that I need to have PSEXEC on the server? if do then should it be in C:/Windows?
Are you saying that I need to modify my script to add this ---> strPSExec = "\\10.4.34.140\Guru-Tools\
strCommand = "cmd /c " & strPSExec = "\\10.4.34.140\Guru-Tools\
OR
Were you saying that I need to have PSEXEC on the server? if do then should it be in C:/Windows?
ASKER
* C:\WINDOWS
You will need to have PSExec.exe located in the exact path that you specify with this line in the script:
strPSExec = "\\10.4.34.140\Guru-Tools\ psexec.exe "
so put PSExec in that location, and it will be fine. If you want to use PSExec locally, then put it on your C Drive, and use
strPSExec = "C:\Tools\psexec.exe"
and it will work fine.
Regards,
Rob.
strPSExec = "\\10.4.34.140\Guru-Tools\
so put PSExec in that location, and it will be fine. If you want to use PSExec locally, then put it on your C Drive, and use
strPSExec = "C:\Tools\psexec.exe"
and it will work fine.
Regards,
Rob.
ASKER
Ok so now the script is up to the next level.
It's spitting the results in the Txt file which is fine however it's not showing whether the port is binded or not.
See result of the script below:
========================== ========== ========== ========== ========== ========== ====
Script started 6/02/2013 3:42:55 PM
========================== ========== ========== ========== ========== ========== ====
Scanning computer A3GEO3P0055
Checking port 9080
Checking port 9081
Checking port 9082
Scanning computer A43657P0001
Checking port 9080
Checking port 9081
Checking port 9082
Scanning computer A43975P0001
Checking port 9080
Checking port 9081
Checking port 9082
It's spitting the results in the Txt file which is fine however it's not showing whether the port is binded or not.
See result of the script below:
==========================
Script started 6/02/2013 3:42:55 PM
==========================
Scanning computer A3GEO3P0055
Checking port 9080
Checking port 9081
Checking port 9082
Scanning computer A43657P0001
Checking port 9080
Checking port 9081
Checking port 9082
Scanning computer A43975P0001
Checking port 9080
Checking port 9081
Checking port 9082
If it's empty, then the command that was run remotely (eg netstat /a | find /i "9080") did not return any result, which means it wasn't found in the netstat /a output.
If the port is found (you can test with port 139 usually), then it will show the output.
Regards,
Rob.
If the port is found (you can test with port 139 usually), then it will show the output.
Regards,
Rob.
http://www.microsoft.com/en-au/download/details.aspx?id=17148
using the following command:
portqry.exe -n YOURSERVER -e 9080,9081,9082
does that give you the results you're after? If so, we could script that to take in a list of servers.
Regards,
Rob.