Thursday, July 1, 2010

Netstat - PID - which service is listening on which port

Some basic IP port commands for helping you - in windows.
  1. open a command window
  2. type netstat -ano
  3. This command will display all IP connections and ports on which the system is listening.
  4. type netstat -ano | find ":445"
  5. This command will display all IP connections involving the port :445. You can run it with "445" but it might include some extra lines where the outbound port includes 445 (eg: 34450).
  6. This is extremely helpful to confirm a server is in fact listening on a specific port like :80 or :443.
  7. Further, if a server has multiple IP addresses, which IP is listening on which port.

Let's take it a step further:
  1. type netstat -ano |
  2. TCP    127.0.0.1:7778         0.0.0.0:0              LISTENING       2420
    TCP    127.0.0.1:7778         127.0.0.1:49257  ESTABLISHED  2420
    TCP    127.0.0.1:9080         0.0.0.0:0              LISTENING       4708
    TCP    127.0.0.1:14147        0.0.0.0:0             LISTENING       2120
    TCP    127.0.0.1:16709        0.0.0.0:0             LISTENING       2848

  3. The second to last last column has LISTENING OR ESTABLISHED as a status.
  4. type netstat -ano | find "LISTENING"
  5. This will show all ports on which the system is listening.
  6. The last last column has the Process ID.  Let's take 2420 on this example system.
  7. Open Task manager (CTRL-SHIFT-ESC) - click on the process tab
  8. click view - Select Columns - Check the box next to PID (process Identifier).
  9. NOTE: You may also need to check a box at the bottom "Show process from all users" if it isn't already.
  10. Now we find 2420 on this current system at this time to be TracSrvWrapper.exe.