Which process uses a specific port (TCP/UDP)

The most common reason for such a question to come up is security.
TCP/UDP ports are virtual windows on the walls that represent your computer.
If a perpetrator would like to gain access to your system he would do such using one
such window.

We might close all those windows (and it is advisable to do so when accessing the
Internet, by using a firewall that blocks direct access to the ports on your system),
yet due to their nature there may be times when you would like to allow access to your
system (hosting a website on your system or simply sharing files among systems).

Another important facet of the issue is that once a system is penetrated by a perpetrator
he might want to call his friends and have a party or in other words a malicious software
might open a port and allow access to others(publish your IP and port on an IRC channel).

Better yet,if you are infected by a virus, it might be using your system to scan for other
systems that might be vulnerable while striving to infect them.

How can we check who exactly is opening windows on our systems?

The best way to do this is to verify which process has opened a specific port.
If the process is familiar you are OK yet if you identify a process which you can not
account for you may be in trouble.

The following methods can be used to match open ports to processes:

  1. Windows XP and higher- use the NETSTAT -O command

  2. Pre XP- Download a neat tool called FPORT from Foundstone (McAffe)

Once you have the output you can simply Google the process names to determine their roles.
If you do this from time to time it possible to track behavioral changes and easily track down
unknown open ports on a system.

5 thoughts on “Which process uses a specific port (TCP/UDP)

Leave a Reply to Alun Jones Cancel reply

Your email address will not be published. Required fields are marked *