A. If you want to find out which ports a process is using and you know the process name, you must first determine the process identifier (PID). For example, to identify the PID for the pop3svc.exe process running on my system, I went to the command prompt and typed
c:\> tasklist /fi "IMAGENAME eq pop3svc.exe"
This command returned the following information:
Image Name PID Session Name Session# Mem Usage POP3Svc.exe 3044 RDP-Tcp#9 0 2,072 K
The second column shows the PID, which I can then use with the Netstat command to search all in-use ports. For example, if I type
c:\> netstat -ano | findstr 3044
my system returns the following information:
TCP 0.0.0.0:110 0.0.0.0:0 LISTENING 3044
This result shows that the POP3 service was using TCP port 110 on all addresses.
You can also perform a reverse operation to find out which process is associated with a port. For example, to identify which process is using port 25, I could go to the command prompt and type
c:\> netstat -ano | findstr :25
On my system, this command returns the following information:
TCP 0.0.0.0:25 0.0.0.0:0 LISTENING 2500
After I identify the process (in this case, 2500), I can determine the process name by typing
c:\> tasklist /fi "PID eq 2500"
which returns the following information on my system:
Image Name PID Session Name Session# Mem Usage inetinfo.exe 2500 RDP-Tcp#9 0 5,584 K
This information tells me that port 25 is being used by the inetinfo.exe process.
You can also use the TCPView program from http://www.sysinternals.com, which makes the whole process a lot simpler.