Tag Archives: ID

What processes are listening on HTTP/HTTPS related ports?

Working in a vacuum when initially looking at a server is par for course.  My one clue is that the server for a web application of sorts.   However, one does not know what the application is or what software may be serving up HTTP/HTTPS.  Standards are that the server would be serving up on ports 80 and/or 443, respectively.   Many applications will serve up this kind of traffic on variations like 8080 or, essentially, *80 and *443.  I needed a script to quickly see what processes may be listening on those ports.  This helps me gain insight to track down pieces and help the application owner/team investigate further.  Here’s the script:

# Look for listening ports on *80 and *443 with process ID
$Processes = @{}
Get-Process -IncludeUserName | ForEach-Object {
 $Processes[$_.Id] = $_
}

Get-NetTCPConnection | 
 Where-Object { ($_.State -eq "Listen") -and ($_.LocalPort -like '*80' -or $_.LocalPort -like '*443') } |
 Select-Object LocalAddress,
 LocalPort,
 @{Name="PID"; Expression={ $_.OwningProcess }},
 @{Name="ProcessName"; Expression={ $Processes[[int]$_.OwningProcess].ProcessName }}, 
 @{Name="UserName"; Expression={ $Processes[[int]$_.OwningProcess].UserName }} |
 Sort-Object -Property ProcessName, UserName |
 Format-Table -AutoSize