Pro Tips with Esben #32
October is cybersecurity month, so we’re going to look more closely at some security-related topics for the next two Pro Tips. This week I’m looking at how you can use a pretty basic PowerShell command to view the port statuses on your Windows computers.
Port scanning can be used for a variety of reasons ranging from enhancing your devices’ security to resolving network issues. It is also one of the most popular methods used by attackers when searching for a vulnerable server to breach according to the SANS Institute. Because of this, I thought it might be useful to have a small action in Lansweeper that lets you quickly view the ports status of a specific device. If you’re running into network issues with a computer or simply want to ensure a specific port is open/closed, you can use it to view the port status easily.
PowerShell Script
To get the data, we will be using the Get-NetTCPConnection PowerShell command. This command is quite similar to the netstat -ab CMD command. The Get-NetTCPConnection cmdlet gets current TCP connections and shows TCP connection properties such as local or remote IP address, local or remote port, and connection state.
Port Scan Custom Action
The first is that you’ll need to download and configure a browser extension so that you can run actions. You can find all the info you need in the custom actions knowledgebase article. Second, download the script here and place it in your Lansweeper server’s Actions folder (C:Program Files (x86)LansweeperActions).
To create the custom action, head over to ConfigurationAsset Pages
and add a new action. In the Action area, add the following command.
powershell -noprofile -ExecutionPolicy bypass -command {actionpath}PScan.ps1 -smartname {computer}
Once you execute the action, you’ll see a PowerShell window pop-up which will start showing you the local and remote address, local and remote port, and state.