How can I determine which ports a specific process is using on Windows XP and later?

A. If you want to find out which ports a process is using and you know the process name, you must first determine the process identifier (PID). For example, to identify the PID for the pop3svc.exe process running on my system, I went to the command prompt and typed

c:\> tasklist /fi "IMAGENAME eq pop3svc.exe"

This command returned the following information:

Image Name   PID    Session Name   Session#    Mem Usage 
POP3Svc.exe  3044   RDP-Tcp#9      0           2,072 K 

The second column shows the PID, which I can then use with the Netstat command to search all in-use ports. For example, if I type

c:\> netstat -ano | findstr 3044

my system returns the following information:

TCP     0.0.0.0:110     0.0.0.0:0     LISTENING     3044

This result shows that the POP3 service was using TCP port 110 on all addresses.

You can also perform a reverse operation to find out which process is associated with a port. For example, to identify which process is using port 25, I could go to the command prompt and type

c:\> netstat -ano | findstr :25

On my system, this command returns the following information:

TCP     0.0.0.0:25     0.0.0.0:0     LISTENING     2500

After I identify the process (in this case, 2500), I can determine the process name by typing

c:\> tasklist /fi "PID eq 2500"

which returns the following information on my system:

Image Name   PID    Session Name   Session#    Mem Usage 
inetinfo.exe 2500   RDP-Tcp#9      0           5,584 K 

This information tells me that port 25 is being used by the inetinfo.exe process.

You can also use the TCPView program from http://www.sysinternals.com, which makes the whole process a lot simpler.

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish