11
1
Port 22 specifically. I installed freeSSHd on a Windows Server 2008 box that only runs IIS. When I try to start the SSH Service, it tells me that the port is already being used. How can I find out what service is using this port?
11
1
Port 22 specifically. I installed freeSSHd on a Windows Server 2008 box that only runs IIS. When I try to start the SSH Service, it tells me that the port is already being used. How can I find out what service is using this port?
15
Sysinternals TCPView will show you TCP/UDP ports that are in use and the processes that are using them.
19
netstat -b
in the command prompt will also work. Sysinternals TCPView is basically a prettier GUI version, netstat
is a tool that comes with Windows.
Sample output:
Active Connections Proto Local Address Foreign Address State PID TCP john:2817 localhost:2818 ESTABLISHED 972 [firefox.exe] TCP john:2818 localhost:2817 ESTABLISHED 972 [firefox.exe] TCP john:2821 localhost:2822 ESTABLISHED 972 [firefox.exe] TCP john:2822 localhost:2821 ESTABLISHED 972 [firefox.exe] TCP john:3177 peak-colo-196-219.peak.org:http ESTABLISHED 972 [firefox.exe] TCP john:3182 peak-colo-196-219.peak.org:http ESTABLISHED 972 [firefox.exe] TCP john:2879 67.69.247.70:http CLOSE_WAIT 972 [firefox.exe] TCP john:2880 67.69.247.70:http CLOSE_WAIT 972 [firefox.exe] TCP john:2881 67.69.247.70:http CLOSE_WAIT 972 [firefox.exe] TCP john:2882 67.69.247.70:http CLOSE_WAIT 972 [firefox.exe] TCP john:2883 67.69.247.70:http CLOSE_WAIT 972 [firefox.exe] TCP john:2884 67.69.247.70:http CLOSE_WAIT 972 [firefox.exe]
Casually I would use netstat -ano | findstr "port PORTNUMBER" but for something serious I would always use TCPview – pun – 2015-05-09T19:51:22.770
1Agreed, although I find the live-updating/highlighting in TCPView to be quite useful in tracking ports/processes down. – arathorn – 2009-08-21T17:01:28.723
TCPView is better no doubt, although if he wants to avoid a download this is an alternative. – John T – 2009-08-21T17:03:59.107
Yeah, definitely. – arathorn – 2009-08-21T17:04:53.223
+1 For the simplicity but TCPView is better with it's GUI – Hondalex – 2009-08-21T17:25:17.253
+1 for the builtin solution. "Use sysinternals" seems to be the answer to every Windows question here, but it's good to know how to solve problems without 3rd party software. – John Fouhy – 2009-08-22T02:06:41.340
3
netstat -an
will show all the ports which are currently open with their address in numerical form.
To find info about a particular port use via Power Shell's prompt as Administrator: netstat -an | Select-String 10000
.
3
netstat in Windows 2008:
Start Command prompt with "Run as administrator", then type netstat -anb
.
Command runs faster in numerical form (-n
), and the -b
option requires elevation.
To filter the output and check only udp ports: use netstat -anb -p udp
2
Take it to the next level with CurrPorts by NirSoft:
CurrPorts displays the list of all currently opened TCP/IP and UDP ports on your local computer. For each port in the list, information about the process that opened the port is also displayed, including the process name, full path of the process, version information of the process (product name, file description, and so on), the time that the process was created, and the user that created it.
Not only that but:
In addition, CurrPorts allows you to close unwanted TCP connections, kill the process that opened the ports, and save the TCP/UDP ports information to HTML file , XML file, or to tab-delimited text file. CurrPorts also automatically mark with pink color suspicious TCP/UDP ports owned by unidentified applications (Applications without version information and icons)
0
Run netstat –ano | find “0.0.0.0:22”
under the evaluated rights and get the process ID (number in the last column).
Then use Task Manager (Ctrl+Shift+Esc) to identify process. If it doesn't show PID column then turn it on (“View” > “Select Columns” > “PID (Process identifier)”)
0
Windows Resource Monitor (not Widows performance monitor, or the monitor from the task manager) will also show the port and PID of all open connections.
Start --> Search --> "Resource Monitor" --> Netowrk tab
1
(An image-only answer isn't index-friendly :-) TCPView, the tool shown, can be found here: http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx
– Chris W. Rea – 2009-08-21T16:47:13.650@cwrea: Had trouble with the link -- fixed now. – arathorn – 2009-08-21T16:47:42.167
+1 for Sysinternals. I've always used netstat -ab and it has worked for me but this is definitely better. – Hondalex – 2009-08-21T17:24:29.567