Jaa


Enumerate Open Ports Script for DCM

This comes up quite often, so I thought I share a method I came up with to enumerate open ports in VBScript using netstat.  Basically the script, which is available here on TechNet Script Center, runs “netstat –a –n” and parses the output into the following format:

TCPv4\0.0.0.0:135
TCPv4\0.0.0.0:445
TCPv4\0.0.0.0:990
TCPv4\192.168.1.11:139
TCPv6\[::]:135
TCPv6\[::]:445
TCPv6\[::1]:5679
UDPv4\0.0.0.0:123
UDPv4\0.0.0.0:500
UDPv4\0.0.0.0:1434
UDPv4\127.0.0.1:1900
UDPv4\192.168.1.11:9
UDPv4\192.168.1.11:137
UDPv4\192.168.1.11:138
UDPv6\[::]:123
UDPv6\[::]:500
UDPv6\[::]:1434
UDPv6\[fe80::c02:48a0:3bd:f896%14]:1900

In DCM, you would configure CI setting with this script.  The validation rules for this CI would validate against the returned list.  For example:

  • 'Not Contains' to exclude certain IP & ports (e.g. 'Not Contains' on 'TCPv4\0.0.0.0:445' (without quotes when entered in the console) would return non-complaint for any machines with TCPv4 445 open on all addresses
  • 'Contains' to make sure a IP & port is open (e.g. 'Contains' on TCPv4\0.0.0.0:445' would return non-compliant for any machine with TCPv4 445 closed on all addresses (or 0.0.0.0))
  • 'Does not end with' to check for only a port being closed on any address (e.g. 'Does not end with' on ':445' would return non-compliant for any machine with TCPv4 open on any address)

Here is what a simple set of CIs to look for ports 445 and 139 looks like from one of my test ConfigMgr clients:

image

Please let me know if you found this useful or any other feedback.

This post was contributed by Saud Al-Mishari, a Premier Field Engineer with Microsoft Premier Field Engineering, UK.