Port Capture on Windows 2003 Using PortReporter
Have you ever wanted to capture ports in use on Windows 2003 server with a simple output? Usually you would want such information for migrations of servers and applications to new hosts from servers that have never been documented or have been long forgotten. One such tool is PortReporter and PortParser. There are other tools available to complete this task but in this post I am only covering PortReporter but future posts will cover other available tools.
Description
The Port Reporter tool logs TCP and UDP port activity. The tool is a small program that runs as a service on a computer that is running Windows Server 2003, Windows XP, or Windows 2000.
On Windows Server 2003 and on Windows XP-based computers, the service can log the following information:
- The ports that are used
- The processes that use the port
- Whether a process is a service
- The modules that a process loaded
- The user accounts that run a process
On Windows 2000-based computers, the service logs the ports that are used and when the ports are used.
You can use the information that is logged by the Port Reporter tool to help you track port usage and troubleshoot certain issues. The information that is logged by the Port Reporter tool may also be helpful for security purposes.
Download the Port Reporter tool
The Port Reporter tool is available from this link on the Microsoft Download Center:
http://www.microsoft.com/downloads/details.aspx?familyid=69ba779b-bae9-4243-b9d6-63e62b4bcd2e&displaylang=en
Important: The Port Reporter Parser tool is a log parser for Port Reporter log files. This tool is now available for download. Port Reporter Parser has many features that can help you analyze Port Reporter log files. You can download the Port Reporter Parser tool from the following Microsoft web site:
http://download.microsoft.com/download/2/8/8/28810043-0e21-4004-89a3-2f477a74186f/PRParser.exe
Installation
Installation is simple. After extracting the file double-click on pr-setup.exe and a popup box will appear asking if you want to install the tool. Answer “y” and the installation will complete. A service will be created and set the setting to manual.
Newly added service
The logs generated by the tool will be set to c:\windows\system32\Logfiles\PortReporter. Three logs will be created when you start the service and will create a new set of three when one of the logs reaches 5 MB in size.
PR-INITIAL-<datestamp>.log
PR-PIDS-<datestamp>.log
PR-PORTS-<datestamp>.log
Start Collecting
Start the service to start the process of collecting information. Keep an eye on disk space on the system, as this tool can chew up space quickly on very busy servers. Once you have run it long enough to collect data, just stop the service.
Reading the Output
Now that you have the data you can read it using Port Reporter Parser developed just to read the files. Download and install it on the server. Once installed open up the tool and it will immediately go and ask for a log to open.
Select the log to view and click OK.
Port Reporter Parser displays the information in a readable format that allows you to drill down on the process to get more details on the process and the ports it is using.
Port details
As you can see PortReporter and PrParser are just one of many free tools available to get information on the communication on a Windows 2003 server. Explore and use the tools and see the other features available.
Leave a Reply