Link to home
Start Free TrialLog in
Avatar of japji
japji

asked on

Script to extract either 'Port Scan' or 'NetStat' results on specific Ports 9080, 9081, 9082

Hi Experts,

I've a requirement to investigate if Ports 9080, 9081 & 9082 are being binded/used on approx 2000 production servers without triggering any alarms for the Security folks.

The script should look for the servers in a Text File and should extract the results in the CSV format sorted out in a proper format.


I've had a look at a few scripts however with my limited PS or Scripting experience I'm not able to get the results.

Would appreciate if you could please prepare the script and also provide basic instructions on how to run it.

Thank you and I look forward to hearing from you soon.
Avatar of RobSampson
RobSampson
Flag of Australia image

Hi, if you run Port Query V2 from here:
http://www.microsoft.com/en-au/download/details.aspx?id=17148

using the following command:
portqry.exe -n YOURSERVER -e 9080,9081,9082

does that give you the results you're after?  If so, we could script that to take in a list of servers.

Regards,

Rob.
Avatar of japji
japji

ASKER

Hi RobSampson,

Thank you for your response.

The output of the above command is NOT CORRECT. There are couple of issues as below:

1) The results always says "Not Listening" even though net stat results shows it as "Established"

2) The above command only looks for the first port which is 9080 and doesn't goes over the second or third port.

Please assist with this issue. Thanks
OK, not sure port query shows a different result.  So if you run these:
netstat -a | find /i "9080"
netstat -a | find /i "9081"
netstat -a | find /i "9082"

does that show you the corrent output?
Avatar of japji

ASKER

Hi RobSampson,

Thank you for your prompt response.

Ok so the command  --------->netstat -a | find /i "9080" <-------- works however the problem is that if the port is not binded it doesn't gives an error.

So what I would like is the script prepared with above commands to scan these ports on Remote Servers and if the above ports are not binded then to display some sort of message.

Is that Ok?
Thanks
ASKER CERTIFIED SOLUTION
Avatar of RobSampson
RobSampson
Flag of Australia image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of japji

ASKER

Hi Rob,

What am I suppose to save the code as? I mean is it a .bat, vbs etc

Please advise back.
Sorry, it's a VBS file.
Avatar of japji

ASKER

Hi Rob,

The Script is not working. Below is what I'm doing:

- Saved the script as VBS
- Created a txt filed called 'computers' and dumpted my server names in it.
- Modified the top part of your script as below:

strInputFile = "computers.txt"
' Make the log file accessible via UNC to the account running the script
strLogFile = "\\10.4.34.140\Guru-Tools\netstatresults.txt"
' Specify the path to PSExec
strPSExec = "\\10.4.34.140\Guru-Tools\psexec.exe"
' Specify the list of ports to search netstat output for
arrPorts = Array("9080", "9081", "9082")



Please assist.
Is the VBS in the same location as the computers.txt file?  If not, then change
strInputFile = "computers.txt"

to something like
strInputFile = "\\10.4.34.180\Guru-Tools\computers.txt"

If so, what errors are getting?  Are you running the script with a user account that has admin rights to the remote servers?  If you're on Windows Vista or higher, right click cmd.exe and click Run as Administrator, then type
cscript "\\10.4.34.140\Guru-Tools\RunNetStat.vbs"

Regards,

Rob.
Avatar of japji

ASKER

The script is still NOT working.

The answer to your questions are as follows:

- Yes both VB Script and Computers.txt file is in same folder

- VBSscript Run time error: File not found

- Yes I have Admin rights on all servers.

- Yes I've tried running the CMD in Admin mode too.


Please refer to the screenshot and the code that  I'm using:
EE.PNG
PortScan.txt
From your screenshot, I can see that computers.txt is on a local folder (your desktop folder), but the script error shows the error from the network UNC path.  Can you put the computers.txt file in the \\10.4.34.180\Guru-Tools folder and see how that goes?

Rob.
Avatar of japji

ASKER

Still NO GO mate.

Please refer to the screenshot.

I've renamed the VBS file to RuNetStat and also copied the computers.txt file onto the shared folder.
EE.PNG
Oops!  I just realised line 13 relates to the PSExec file.  In the script you have this:
strPSExec = "\\10.4.34.140\Guru-Tools\psexec.exe"

so make sure psexec.exe is there.

Regards,

Rob.
Avatar of japji

ASKER

Sorry Rob I'm a bit confused with your last response.

Are you saying that I need to modify my script to add this ---> strPSExec = "\\10.4.34.140\Guru-Tools\psexec.exe" as below


strCommand = "cmd /c " & strPSExec = "\\10.4.34.140\Guru-Tools\psexec.exe" & " -accepteula \\" & strComputer & " cmd /c netstat /a ^| find /i """ & strPort & """ ^>^> """ & strLogFile & """"


OR

Were you saying that I need to have PSEXEC on the server? if do then should it be in C:/Windows?
Avatar of japji

ASKER

* C:\WINDOWS
You will need to have PSExec.exe located in the exact path that you specify with this line in the script:
strPSExec = "\\10.4.34.140\Guru-Tools\psexec.exe"

so put PSExec in that location, and it will be fine.  If you want to use PSExec locally, then put it on your C Drive, and use
strPSExec = "C:\Tools\psexec.exe"

and it will work fine.

Regards,

Rob.
Avatar of japji

ASKER

Ok so now the script is up to the next level.

It's spitting the results in the Txt file which is fine however it's not showing whether the port is binded or not.

See result of the script below:

================================================================================
Script started 6/02/2013 3:42:55 PM
================================================================================

Scanning computer A3GEO3P0055
Checking port 9080
Checking port 9081
Checking port 9082

Scanning computer A43657P0001
Checking port 9080
Checking port 9081
Checking port 9082

Scanning computer A43975P0001
Checking port 9080
Checking port 9081
Checking port 9082
If it's empty, then the command that was run remotely (eg netstat /a | find /i "9080") did not return any result, which means it wasn't found in the netstat /a output.

If the port is found (you can test with port 139 usually), then it will show the output.

Regards,

Rob.