Determining which program is listening on a port under Windows

If you want to know which application is listening on a particular network port on a Microsoft Windows system, e.g., port 80, the port used for HTTP connections to a web server, you can obtain that information from a command line interface (CLI) by obtaining a command prompt and using the netstat and tasklist commands which are provided with the operating system; you do not need to install any additional software, though there are programs that will allow you to view that information from a graphical user interface (GUI).

First use the netstat command with the -a, -n, and -o options.

Learning Network Technology and Security
Learning Network Technology and Security
1x1 px

-aDisplays all connections and listening ports.
-nDisplays addresses and port numbers in numerical form.
-oDisplays the owning process ID associated with each connection.
c:\>netstat -ano | find ":80" | find "LISTENING"
  TCP                 LISTENING       33984
  TCP              LISTENING       33984

The process ID (PID) for the process is listed at the end of each line. In the above example, an additional line is displayed for a process listening on another port that has port 80 as part of the port number, which happens to be the same process as the process for port 80, but if I'm interested only in finding which program is listening on port 80, I can eliminate any extraneous entries by putting a space after the ":80" in the search pattern. E.g.:

c:\>netstat -ano | find ":80 " | find "LISTENING"
  TCP                 LISTENING       33984


I can determine the file name for the executable program associated with that PID using the tasklist command. The /fi option can be used to filter the results displayed by the tasklist command to only display the task where the PID is equal to 33984.

c:\>tasklist /fi "PID eq 33984"

Image Name                     PID Session Name        Session#    Mem Usage
========================= ======== ================ =========== ============
PRTG Server.exe              33984 Services                   0     22,956 K


If I want to find the location for that program, "PRTG Server.exe", on the system's hard drive, I can make the root directory of the system the current working directory and use the dir /s command to search all subdirectories below the current directory. If I want to be able to change the directory and immediately after the command has run switch back to the prior directory I had been in, I can use the pushd and popd commands rather than the cd command.

c:\Users\JDoe\Documents>pushd c:\

c:\>dir /s "PRTG Server.exe"
 Volume in drive C has no label.
 Volume Serial Number is AADE-A57B

 Directory of c:\Program Files (x86)\Network\PRTG Network Monitor

07/01/2015  02:57 AM         8,043,720 PRTG Server.exe
               1 File(s)      8,043,720 bytes

 Directory of c:\Program Files (x86)\Network\PRTG Network Monitor\64 bit

07/01/2015  02:57 AM         8,892,416 PRTG Server.exe
               1 File(s)      8,892,416 bytes

     Total Files Listed:
               2 File(s)     16,936,136 bytes
               0 Dir(s)  670,200,631,296 bytes free




TechRabbit ad 300x250

Justdeals Daily Electronics Deals1x1 px