Microsoft Port Reporter is a handy application that can be installed as a service in Microsoft Windows to log port usage data. The application logs port activity on Windows XP, Windows 2000 and Windows 2003 server systems. A preciser description would be that it logs which ports are used, which process is using the ports, which modules are loaded by the process, if the process is a service and which user account is running the process.
The application can be used to make a in depth analysis of open ports on the system. The service has to be started manually after which it automatically begins to write logfiles in the directory \system32\LogFiles\PortReporter.
The service creates the following three logfiles:
The PR-INITIAL log file contains data that the Port Reporter service collects about the ports, processes, and modules that run on the computer when the Port Reporter service is started. The user context that each process is running under is also logged.
The PR-PORTS log file contains summary data about TCP and UDP port activity on the computer.
The PR-PIDS log file contains detailed information about ports, processes, related modules, and the user account the process uses to run.
To install the Port Reporter, simply run the setup file if you want to install it in the default location, or follow the instructions on the Microsoft Knowledge Base article linked below to find out how to do that.
Take a look at the Microsoft Knowledge Base article "Availability and description of the Port Reporter tool" for further information.
Update: Port Reporter has not been updated since 2005, which means that the program is not supported on Vista, Windows 7 or newer versions of the Windows operating system. An alternative is the excellent CurrPorts which reports port use in real time. While not able to log port use, it is free and provides a quick overview of all ports that are currently used or open on the system. The application lists the processes that use the ports, and reveals additional information about each process that should give you a good understanding of why that port has been opened.
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.