How do I find out what service is using a certain port?

11

1

Port 22 specifically. I installed freeSSHd on a Windows Server 2008 box that only runs IIS. When I try to start the SSH Service, it tells me that the port is already being used. How can I find out what service is using this port?

Russ Bradberry

Posted 2009-08-21T16:41:48.170

Reputation: 829

Answers

15

Sysinternals TCPView will show you TCP/UDP ports that are in use and the processes that are using them.

alt text

arathorn

Posted 2009-08-21T16:41:48.170

Reputation: 8 559

1

(An image-only answer isn't index-friendly :-) TCPView, the tool shown, can be found here: http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx

– Chris W. Rea – 2009-08-21T16:47:13.650

@cwrea: Had trouble with the link -- fixed now. – arathorn – 2009-08-21T16:47:42.167

+1 for Sysinternals. I've always used netstat -ab and it has worked for me but this is definitely better. – Hondalex – 2009-08-21T17:24:29.567

19

netstat -b in the command prompt will also work. Sysinternals TCPView is basically a prettier GUI version, netstat is a tool that comes with Windows.

Sample output:

Active Connections

  Proto  Local Address          Foreign Address        State           PID
  TCP    john:2817              localhost:2818         ESTABLISHED     972
  [firefox.exe]

  TCP    john:2818              localhost:2817         ESTABLISHED     972
  [firefox.exe]

  TCP    john:2821              localhost:2822         ESTABLISHED     972
  [firefox.exe]

  TCP    john:2822              localhost:2821         ESTABLISHED     972
  [firefox.exe]

  TCP    john:3177    peak-colo-196-219.peak.org:http  ESTABLISHED     972
  [firefox.exe]

  TCP    john:3182    peak-colo-196-219.peak.org:http  ESTABLISHED     972
  [firefox.exe]

  TCP    john:2879              67.69.247.70:http      CLOSE_WAIT      972
  [firefox.exe]

  TCP    john:2880              67.69.247.70:http      CLOSE_WAIT      972
  [firefox.exe]

  TCP    john:2881              67.69.247.70:http      CLOSE_WAIT      972
  [firefox.exe]

  TCP    john:2882              67.69.247.70:http      CLOSE_WAIT      972
  [firefox.exe]

  TCP    john:2883              67.69.247.70:http      CLOSE_WAIT      972
  [firefox.exe]

  TCP    john:2884              67.69.247.70:http      CLOSE_WAIT      972
  [firefox.exe]

John T

Posted 2009-08-21T16:41:48.170

Reputation: 149 037

Casually I would use netstat -ano | findstr "port PORTNUMBER" but for something serious I would always use TCPview – pun – 2015-05-09T19:51:22.770

1Agreed, although I find the live-updating/highlighting in TCPView to be quite useful in tracking ports/processes down. – arathorn – 2009-08-21T17:01:28.723

TCPView is better no doubt, although if he wants to avoid a download this is an alternative. – John T – 2009-08-21T17:03:59.107

Yeah, definitely. – arathorn – 2009-08-21T17:04:53.223

+1 For the simplicity but TCPView is better with it's GUI – Hondalex – 2009-08-21T17:25:17.253

+1 for the builtin solution. "Use sysinternals" seems to be the answer to every Windows question here, but it's good to know how to solve problems without 3rd party software. – John Fouhy – 2009-08-22T02:06:41.340

3

netstat -an will show all the ports which are currently open with their address in numerical form.
To find info about a particular port use via Power Shell's prompt as Administrator: netstat -an | Select-String 10000.

Abhishek Gupta

Posted 2009-08-21T16:41:48.170

Reputation: 131

3

netstat in Windows 2008:

Start Command prompt with "Run as administrator", then type netstat -anb.

Command runs faster in numerical form (-n), and the -b option requires elevation.

To filter the output and check only udp ports: use netstat -anb -p udp

Einar

Posted 2009-08-21T16:41:48.170

Reputation: 31

2

Take it to the next level with CurrPorts by NirSoft:

CurrPorts displays the list of all currently opened TCP/IP and UDP ports on your local computer. For each port in the list, information about the process that opened the port is also displayed, including the process name, full path of the process, version information of the process (product name, file description, and so on), the time that the process was created, and the user that created it.

Not only that but:

In addition, CurrPorts allows you to close unwanted TCP connections, kill the process that opened the ports, and save the TCP/UDP ports information to HTML file , XML file, or to tab-delimited text file. CurrPorts also automatically mark with pink color suspicious TCP/UDP ports owned by unidentified applications (Applications without version information and icons)

alt text

Molly7244

Posted 2009-08-21T16:41:48.170

Reputation:

0

Run netstat –ano | find “0.0.0.0:22” under the evaluated rights and get the process ID (number in the last column).

Then use Task Manager (Ctrl+Shift+Esc) to identify process. If it doesn't show PID column then turn it on (“View” > “Select Columns” > “PID (Process identifier)”)

Lu55

Posted 2009-08-21T16:41:48.170

Reputation: 109

0

Windows Resource Monitor (not Widows performance monitor, or the monitor from the task manager) will also show the port and PID of all open connections.

Start --> Search --> "Resource Monitor" --> Netowrk tab

BrianHVB

Posted 2009-08-21T16:41:48.170

Reputation: 141

Asked: 2009-08-21T16:41:48.170

Viewed: 111 150 times

Active: 2020-02-28T17:28:22.750