Microsoft Port Reporter
Microsoft Port Reporter is a handy application that can be installed as a service in Microsoft Windows to log port usage data. The application logs port activity on Windows XP, Windows 2000 and Windows 2003 server systems. A preciser description would be that it logs which ports are used, which process is using the ports, which modules are loaded by the process, if the process is a service and which user account is running the process.
The application can be used to make a in depth analysis of open ports on the system. The service has to be started manually after which it automatically begins to write logfiles in the directory \system32\LogFiles\PortReporter.
The service creates the following three logfiles:
PR-INITIAL-*.log
The PR-INITIAL log file contains data that the Port Reporter service collects about the ports, processes, and modules that run on the computer when the Port Reporter service is started. The user context that each process is running under is also logged.
PR-PORTS-*.log
The PR-PORTS log file contains summary data about TCP and UDP port activity on the computer.
PR-PIDS-*.log
The PR-PIDS log file contains detailed information about ports, processes, related modules, and the user account the process uses to run.
To install the Port Reporter, simply run the setup file if you want to install it in the default location, or follow the instructions on the Microsoft Knowledge Base article linked below to find out how to do that.
Take a look at the Microsoft Knowledge Base article "Availability and description of the Port Reporter tool" for further information.
Update: Port Reporter has not been updated since 2005, which means that the program is not supported on Vista, Windows 7 or newer versions of the Windows operating system. An alternative is the excellent CurrPorts which reports port use in real time. While not able to log port use, it is free and provides a quick overview of all ports that are currently used or open on the system. The application lists the processes that use the ports, and reveals additional information about each process that should give you a good understanding of why that port has been opened.
Advertisement