SOLUTION - 1
Windows SysInternals TCPView can show you UDP/TCP ports that are in use and which process is using them.
You can download this utility from Microsoft website http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx
After TCPView download, Unzip it, and run the executable Tcpview.exe to install the software. After install, it should show a pretty GUI listing all TCP/UDP connections with the processes involved.
SOLUTION - 2
Run the command below from windows command prompt:
netstat -aon | findstr "\<port_number\>"
-a: To display all connections and listening ports
-o: To display process id associated with connections
-n: To display the ports and address in numerical form
| : To pipe the output of the previous command into next command
port_number: Replace this text with your port number and do not remove the < or > sign.
this command shall give you the process number associated with the port.
Type the process number in the command below on windows command prompt which will return the associated process or service.
tasklist | findstr "PID"
So, in this example, port 49154 is associated with process svchost.exe
SOLUTION - 3
Linux' string search utility, grep, is very useful when working on command prompt and we can utilize the functionalities of this utility on windows as well.
To download the utility on windows, either use http://gnuwin32.sourceforge.net/packages/grep.htm or search google for "Grep for windows" and download from some trusted source and install it. (Be careful when you download and you should have anti-virus on your system to avoid browsing malicious websites/software.)
After install, run the command below from windows command prompt (For windows 2008 and above - Open cmd as administrator) to list down all TCP/UDP connections with Ports and process details and grep it to match the port:
-a: To display all connections and listening ports
-b: To display executable involved in creating connections and ports
-n: To display the ports and address in numerical form
-A 1: To print number of line leading context
-B 1: To print number of line trailing context
<port_number>: Replace this entire text including < and > with your port number
As you can see, port 49154 is used by process svchost.exe
I hope this helps.
Windows SysInternals TCPView can show you UDP/TCP ports that are in use and which process is using them.
You can download this utility from Microsoft website http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx
After TCPView download, Unzip it, and run the executable Tcpview.exe to install the software. After install, it should show a pretty GUI listing all TCP/UDP connections with the processes involved.
SOLUTION - 2
Run the command below from windows command prompt:
netstat -aon | findstr "\<port_number\>"
-a: To display all connections and listening ports
-o: To display process id associated with connections
-n: To display the ports and address in numerical form
| : To pipe the output of the previous command into next command
port_number: Replace this text with your port number and do not remove the < or > sign.
this command shall give you the process number associated with the port.
Type the process number in the command below on windows command prompt which will return the associated process or service.
tasklist | findstr "PID"
So, in this example, port 49154 is associated with process svchost.exe
SOLUTION - 3
Linux' string search utility, grep, is very useful when working on command prompt and we can utilize the functionalities of this utility on windows as well.
To download the utility on windows, either use http://gnuwin32.sourceforge.net/packages/grep.htm or search google for "Grep for windows" and download from some trusted source and install it. (Be careful when you download and you should have anti-virus on your system to avoid browsing malicious websites/software.)
After install, run the command below from windows command prompt (For windows 2008 and above - Open cmd as administrator) to list down all TCP/UDP connections with Ports and process details and grep it to match the port:
netstat -abn | grep -A 1 -B 1 <port number>
-a: To display all connections and listening ports
-b: To display executable involved in creating connections and ports
-n: To display the ports and address in numerical form
-A 1: To print number of line leading context
-B 1: To print number of line trailing context
<port_number>: Replace this entire text including < and > with your port number
As you can see, port 49154 is used by process svchost.exe
I hope this helps.
