Monitoring ports in Windows

With a simple command and a little scripting, it is possible to make a simple network monitoring service in windows. The command:

  • C:\> netstat –noa 5 find "6666"

Will “look” for both TCP and UDP port 6666 on the system. It will further monitor this by checking every 5 seconds.

This netstat command is used to list (in numerical form, the -n), all TCP and UDP ports (-a) in use and the process ID number using each port (-o).

This is set to run every five seconds in our command (5. A space is required between the “–noa” and the “5”).

The output of the netstat command is piped to find to display only the string 6666, which would indicate that either TCP or UDP port 6666 is in use.

Add a simple script to diff the results and there you have a simple script to check ports. You could even have it display changes using "diff".

Next, we need to look at using "sc" to make this occur each time the system starts.

Tomorrow, sc on windows.

