Who’s listening to my ports?

A recent post on the newsgroup wanted to know how to determine what application may be listening out onto a port on outr network. Susan Bradley and David Copeland offered the following advice:

1. From a command line, type: netstat -ano . This will give you a list of TCP/UDP ports, their current state, and what Windows application (PID#) is attached. Here’s an example of what you would see:

C:\netstat -ano
Active Connections
Proto Local Address Foreign Address   State       PID
TCP    0.0.0.0:135    0.0.0.0:0         LISTENING   1028
TCP    0.0.0.0:3389   0.0.0.0:0         LISTENING   952
TCP    0.0.0.0:5800   0.0.0.0:0         LISTENING   532

2. Now, open up your Task Manager, click on View > Select Columns, and click to enable PID (Process Identifier). You will now find a new columnd (PID) added to your list of active processes. Click on the PID column header to sort the list of processes in ascending PID number order.

In my example, I was curious about port 5800 / PId 532. Task Maanager reported that “winvnc.exe“ was using it.

3. Another command line prompt you may wish to check out is: tasklist /svc . The result is a list of processes and PID numbers, like this:

C:\tasklist /svc
Image Name           PID  Services
==================== ==== ===========================
System Idle Process    0 N/A
System                  4 N/A
smss.exe              552 N/A
csrss.exe             680 N/A
winlogon.exe          704 N/A
services.exe          756 Eventlog, PlugPlay
lsass.exe             768 Netlogon, PolicyAgent, ProtectedStorage, SamSs
svchost.exe           952 DcomLaunch, TermService
svchost.exe          1028 RpcSs
svchost.exe          1100 AudioSrv, CryptSvc, Dhcp, dmserver, ERSvc,
svchost.exe          1144 Dnscache

4. You can also concatenate the netstat or tasklist commands with the find command, if you have a specific PID number you are looking for, like this:

netstat -aon | find “:3389”
tasklist /svc | find “nnn”

5. Finally, check out KB 832017 for more information on Service overview and network port requirements for the Windows Server system:
http://support.microsoft.com/default.aspx?scid=kb;en-us;832017

2 thoughts on “Who’s listening to my ports?”

Another great (free) tool to view dynamiclly ports opening and closing is TCPView from http://www.sysinternals.com. Also, if you double click on a port it maps the PID to the process.

Christian Cipolat

so Skype’s hogging my port 80 –

Many thanks – put an end to hours of problem solving

D

2 thoughts on “Who’s listening to my ports?”

Leave a Reply Cancel reply