|Home||Reviews||Tools||Forums||FAQs||Find Service||ISP News||Maps||About|
how-to block ads
(a) Open a command prompt window. From Start / Run enter: cmd
(b) From the command prompt enter: netstat -ano
(c) Note the PID (process identifier) associated with the ports you are concerned about. (Also note the Local Address, Foreign Address, Protocol and State.)
(d) Then do ctrl-alt-del to bring up the Windows Task Manager.
(e) In Windows Task Manager, select the Processes tab.
(f) Look for the PID you noted when you did the netstat in step (c). Look to left to the “image name” and that tells you which process has that PID.
- If you don’t see a PID column, click on View / Select Columns. Make sure PID is selected. Click OK.
- Make sure “Show processes from all users” is selected.
2. On Windows NT/2000/XP, the following products will provide the ability to locate which software is using which port:
- TCPView (free)
- Active Ports (free)
- OpenPorts (free)
- Foundstone Vision (free)
3. On Windows 95/98/NT/2000/XP, the following product will provide the ability to locate which software is using which port:
- Port Explorer (30-day free trial)
4. You can research the port using the links in this FAQ:
/faq/8226 (Why am I being probed on port XXX?)
or these sites:
5. You can research the IP address using this FAQ:
How do I look up an IP Address?
6. If you’re stuck, feel free to post what information you have been able to gather in the BBR Security Forum and let us know your question. Be sure to give the full port description: port number and protocol (TCP or UDP).
7. If you are a business, organization or professional that depends on the security of your computer system, we strongly urge you to consider using the services of an IT security professional to review the security of your system.
Other useful links on BBR:
Useful links elsewhere:
On Internet protocols:
On firewall forensics:
SANS Reading Room:
Packet analysis (note, you probably do not want to reduce firewall protection unless you have a test computer you can put outside your firewall):
The advice given here is general in nature and not adequate for high-value or highly attractive targets.
when using command netstat -ano the disbox(?) window closes instantly processing finishes so you have no time to get the details
All the links in point 2 fail to reach their targets
Top Notch, Thanx!!
you can also see the process by adding the pid to the task manager ~jim
Thanks - You just helped me resolve a software conflict that was killing my syslog server. Found out that another program I installed took over UDP port 514 and I was not getting syslog messages any more. Thank you So much for the assist.
Really helpful...... was stuck with a problem.... it really helped me in fixing that.... thanks a ton !!!!!!!!!! Usha
how can I give a program a port to use ?!