2011年5月2日

[OS] Find out what process is using which TCP port in Windows 2008 Server

This is a useful tip while tracing TCP connection problems.

To list all network port numbers in use, use the following command

C:\>netstat –ano

Active Connections

  Proto  Local Address          Foreign Address        State           PID
  TCP    0.0.0.0:135            0.0.0.0:0              LISTENING       872
  TCP    0.0.0.0:445            0.0.0.0:0              LISTENING       4
  TCP    0.0.0.0:1025           0.0.0.0:0              LISTENING       556
  TCP    0.0.0.0:1026           0.0.0.0:0              LISTENING       964
  TCP    0.0.0.0:1027           0.0.0.0:0              LISTENING       108
  TCP    0.0.0.0:1028           0.0.0.0:0              LISTENING       644

To find out port numbers which is in “Listening” status, use the following command

C:\netstat –ano | find /i  “listening”

TCP    0.0.0.0:135            0.0.0.0:0              LISTENING       872
TCP    0.0.0.0:445            0.0.0.0:0              LISTENING       4
TCP    0.0.0.0:1025           0.0.0.0:0              LISTENING       556
TCP    0.0.0.0:1026           0.0.0.0:0              LISTENING       964
TCP    0.0.0.0:1027           0.0.0.0:0              LISTENING       108
TCP    0.0.0.0:1028           0.0.0.0:0              LISTENING       644

To find out the service name behind the PID, use the following command

C:\>tasklist /FI “PID eq 8504”

Image Name                     PID Session Name        Session#    Mem Usage
========================= ======== ================ =========== ============
taskmgr.exe                   8504 Console                    1     13,736 K

You should replace 8504 to whatever PID you would like to look for

About Me