A recent post on the newsgroup wanted to know how to determine what application may be listening out onto a port on outr network. Susan Bradley and David Copeland offered the following advice:
1. From a command line, type: netstat -ano . This will give you a list of TCP/UDP ports, their current state, and what Windows application (PID#) is attached. Here’s an example of what you would see:
C:\netstat -ano
Active Connections
Proto Local Address Foreign Address State PID
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 1028
TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING 952
TCP 0.0.0.0:5800 0.0.0.0:0 LISTENING 532
2. Now, open up your Task Manager, click on View > Select Columns, and click to enable PID (Process Identifier). You will now find a new columnd (PID) added to your list of active processes. Click on the PID column header to sort the list of processes in ascending PID number order.
In my example, I was curious about port 5800 / PId 532. Task Maanager reported that “winvnc.exe“ was using it.
3. Another command line prompt you may wish to check out is: tasklist /svc . The result is a list of processes and PID numbers, like this:
C:\tasklist /svc
Image Name PID Services
==================== ==== ===========================
System Idle Process 0 N/A
System 4 N/A
smss.exe 552 N/A
csrss.exe 680 N/A
winlogon.exe 704 N/A
services.exe 756 Eventlog, PlugPlay
lsass.exe 768 Netlogon, PolicyAgent, ProtectedStorage, SamSs
svchost.exe 952 DcomLaunch, TermService
svchost.exe 1028 RpcSs
svchost.exe 1100 AudioSrv, CryptSvc, Dhcp, dmserver, ERSvc,
svchost.exe 1144 Dnscache
4. You can also concatenate the netstat or tasklist commands with the find command, if you have a specific PID number you are looking for, like this:
netstat -aon | find “:3389”
tasklist /svc | find “nnn”
5. Finally, check out KB 832017 for more information on Service overview and network port requirements for the Windows Server system:
http://support.microsoft.com/default.aspx?scid=kb;en-us;832017
Another great (free) tool to view dynamiclly ports opening and closing is TCPView from http://www.sysinternals.com. Also, if you double click on a port it maps the PID to the process.
Christian Cipolat
so Skype’s hogging my port 80 –
Many thanks – put an end to hours of problem solving
D