Tutorial :How can you find out which process is listening on a port on Windows?



Question:

How can you find out which process is listening on a port on Windows?


Solution:1

C:\> netstat -a -b  

(add -n to stop it trying to resolve hostnames, which will make it a lot faster)

Note Dane's recommendation for TCPView. Looks very useful!

-a Displays all connections and listening ports.

-b Displays the executable involved in creating each connection or listening port. In some cases well-known executables host multiple independent components, and in these cases the sequence of components involved in creating the connection or listening port is displayed. In this case the executable name is in [] at the bottom, on top is the component it called, and so forth until TCP/IP was reached. Note that this option can be time-consuming and will fail unless you have sufficient permissions.

-n Displays addresses and port numbers in numerical form.

-o Displays the owning process ID associated with each connection.


Solution:2

There's a native GUI for Windows:

  • Start>>All Programs>>Accessories>>System Tools>>Resource Monitor

or Run resmon.exe, or from TaskManager performance tab

enter image description here


Solution:3

Use TCPView if you want a GUI for this. It's the old Sysinternals app that Microsoft bought out.


Solution:4

netstat -aon | find /i "listening"  


Solution:5

You can get more information if you run the following command:

netstat -aon |find /i "listening" |find "port"  

using the 'Find' command allows you to filter the results. find /i "listening" will display only ports that are 'Listening'. Note, you need the /i to ignore Case otherwise you would type find "LISTENING". |find "port" will limit the results to only those containing the specific port number. Note, on this it will also filter in results that have the port number anywhere in the response string.


Solution:6

  1. Open a command prompt window (as Administrator) From "Start\Search box" Enter "cmd" then right-click on "cmd.exe" and select "Run as Administrator"

  2. Enter the following text then hit Enter.

    netstat -abno

    -a Displays all connections and listening ports.

    -b Displays the executable involved in creating each connection or listening port. In some cases well-known executables host multiple independent components, and in these cases the sequence of components involved in creating the connection or listening port is displayed. In this case the executable name is in [] at the bottom, on top is the component it called, and so forth until TCP/IP was reached. Note that this option can be time-consuming and will fail unless you have sufficient permissions.

    -n Displays addresses and port numbers in numerical form.

    -o Displays the owning process ID associated with each connection.

  3. Find the Port that you are listening on under "Local Address"

  4. Look at the process name directly under that.

NOTE: To find the process under Task Manager

  1. Note the PID (process identifier) next to the port you are looking at.

  2. Open Windows Task Manager.

  3. Select the Processes tab.

  4. Look for the PID you noted when you did the netstat in step 1.

    • If you don’t see a PID column, click on View / Select Columns. Select PID.

    • Make sure “Show processes from all users” is selected.


Solution:7

Get PID and Image Name

Use only one command:

for /f "tokens=5" %a in ('netstat -aon ^| findstr 9000') do tasklist /FI "PID eq %a"  

where 9000 should be replaced by your port number.

The output will contain something like this:

Image Name                     PID Session Name        Session#    Mem Usage  ========================= ======== ================ =========== ============  java.exe                      5312 Services                   0    130,768 K  

Explanation:

  • it iterates through every line from the output of the following command:

    netstat -aon | findstr 9000  
  • from every line, the PID (%a - the name is not important here) is extracted (PID is the 5th element in that line) and passed to the following command

    tasklist /FI "PID eq 5312"  

If you want to skip the header and the return of the command prompt, you can use:

echo off & (for /f "tokens=5" %a in ('netstat -aon ^| findstr 9000') do tasklist /NH /FI "PID eq %a") & echo on  

Output:

java.exe                      5312 Services                   0    130,768 K  


Solution:8

First we find process id of that particular task which we need to eliminate in order to get port free

type
netstat -n -a -o

After executing this command in windows command line prompt(cmd) select the pid which i think the last column suppose this is 3312

Now type

taskkill /F /PID 3312

You can now cross check by typing netstat command.

NOTE: sometimes windows doesn`t allow you to run this command directly on CMD so first you need to go with this steps from start-> command prompt (right click on command prompt, and run as administrator)


Solution:9

It is very simple to get the port number from pid in windows.

The following are the steps:

1) Go to run --> type cmd --> press enter.

2) write the following command...

netstat -aon | findstr [port number]  

(Note: Don't include square brackets.)

3) press enter...

4) Then cmd will give you the detail of the service running on that port alongwith pid.

5) Open task manager and hit the service tab and match the pid with that of the cmd and that's it.


Solution:10

To get a list of all the owning process ID associated with each connection:

netstat -ao |find /i "listening"  

If want to kill any process have the id and use this command, so that port become free

Taskkill /F /IM pidof a process  


Solution:11

Just open a command shell and type : (saying your port is 123456)

netstat -a -n -o | find "123456"  

You will see everything you need

The headers are :

 Proto  Local Address          Foreign Address        State           PID   TCP    0.0.0.0:37             0.0.0.0:0              LISTENING       1111  

this is as mentioned here


Solution:12

If you'd like to use a GUI tool to do this there's SysInternals TCPView.


Solution:13

netstat -ao and netstat -ab tell you the application, but if you're not admin you'll get "The requested operation requires elevation".

It's not ideal, but if you use sysinternals Process Explorer you can go to specific processes' properties and look at the TCP tab to see if they're using the port you're interested in. Bit of a needle and haystack thing, but maybe it'll help someone....


Solution:14

Type in the command: netstat -aon | findstr :DESIRED_PORT_NUMBER

For example, if I want to find port 80: netstat -aon | findstr :80

This answer was originally posted in this thread.


Solution:15

I recommend CurrPorts from NirSoft.

CurrPorts can filter the displayed results. TCPView doesn't have this feature.

Note: You can right click a process's socket connection and select "Close Selected TCP Connections" (You can also do this in TCPView). This often fixes connectivity issues I have with Outlook and Lync after I switch VPNs. With CurrPorts, you can also close connections from the command line with the "/close" parameter.


Solution:16

If you want to find the process name based on port number.
I found this one with a bit of surfing through multiple sites.
Open command prompt as administrator.
1. Find the pid of the process running in the port number. Ex-8080
      netstat -abon | findStr "8080"
2. Find the process Name by pid
      tasklist /fi "pid eq 13556"

Finding process name from port num


Solution:17

Follow these tools :- From cmd :- C:\> netstat -anob with Administrator privilege.

http://technet.microsoft.com/en-us/sysinternals/bb896653 - Process Explorer

http://technet.microsoft.com/en-us/sysinternals/bb896645 - Process Dump

http://technet.microsoft.com/en-us/sysinternals/bb896644 - Port Monitor

All from sysinternals.com

If you just want to know process running and threads under each process, I recommend to learn about wmic. Wonderful cmd line tool, which gives you much more than you can know.

Exampe :-

c:\> wmic process list brief /every:5  

Above command will show all process list in brief every 5 seconds. To know more, you can just go with /? command of windows , for E.g,

c:\>wmic /?  c:\>wmic process /?  c:\>wmic prcess list /?  

and so on and so forth. :)


Solution:18

netstat -a -o This shows the PID of the process running on a particular port.

Keep in mind the process id and go to Task manager and services or details tab and end the process which has the same PID.

Thus you can kill a process running on a particular port in windows.


Solution:19

With PowerShell 5 on Windows 10 or Windows Server 2016, run Get-NetTCPConnection cmdlet. I guess that it should also work on older Windows versions.

The default output of Get-NetTCPConnection does not include Process ID by some reason and it is a bit confusing. However, you could always get it by formatting the output. The property you are looking for is OwningProcess.

  • If you want to find out the ID of the process that is listening on port 443, run this command:

    PS C:\> Get-NetTCPConnection -LocalPort 443 | Format-List    LocalAddress   : ::  LocalPort      : 443  RemoteAddress  : ::  RemotePort     : 0  State          : Listen  AppliedSetting :  OwningProcess  : 4572  CreationTime   : 02.11.2016 21:55:43  OffloadState   : InHost  
  • Format the output to a table with the properties you look for:

    PS C:\> Get-NetTCPConnection -LocalPort 443 | Format-Table -Property LocalAddress, LocalPort, State, OwningProcess    LocalAddress LocalPort  State OwningProcess  ------------ ---------  ----- -------------  ::                 443 Listen          4572  0.0.0.0            443 Listen          4572  
  • If you want to find out a name of the process, run this command:

    PS C:\> Get-Process -Id (Get-NetTCPConnection -LocalPort 443).OwningProcess    Handles  NPM(K)    PM(K)      WS(K)     CPU(s)     Id  SI ProcessName  -------  ------    -----      -----     ------     --  -- -----------  143      15     3448      11024              4572   0 VisualSVNServer  


Solution:20

For those using Powershell, try Get-NetworkStatistics:

> Get-NetworkStatistics | where Localport -eq 8000      ComputerName  : DESKTOP-JL59SC6  Protocol      : TCP  LocalAddress  : 0.0.0.0  LocalPort     : 8000  RemoteAddress : 0.0.0.0  RemotePort    : 0  State         : LISTENING  ProcessName   : node  PID           : 11552  


Solution:21

Using Powershell...
...this would be your friend (replace 8080 with your port number):

 netstat -abno | Select-String -Context 0,1 -Pattern 8080  

Sample output

>   TCP    0.0.0.0:8080           0.0.0.0:0              LISTENING         2920     [tnslsnr.exe]  >   TCP    [::]:8080              [::]:0                 LISTENING         2920     [tnslsnr.exe]  

So in this example tnslsnr.exe (OracleXE database) is listening on port 8080.

Quick explanation
Select-String is used to filter the lengthy output of netstat for the relevant lines.
-Pattern tests each line against a regular expression.
-Context 0,1 will output 0 leading lines and 1 trailing line for each pattern match.


Solution:22

For Windows, if you want to find stuff listening or connected to port 1234, execute the following at the cmd prompt:

netstat -na | find "1234"  

Note:If u also have question or solution just comment us below or mail us on toontricks1994@gmail.com
Previous
Next Post »