How Can We Help?
How To Establish Which Process Is Listening On A Port
How To Establish Which Process Is Listening On A Port Last Updated: 11 Jul 2004 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ *** PLEASE NOTE: Link(s), If Provided, May Be Wrapped *** In addition to the native NETSTAT utility, you can use the following tools to help you determine what process is listening on a given port. MICROSOFT TOOLS • NETSTAT ................ Native Command (XP version) • Port Reporter .......... http://support.microsoft.com/?id=837243 • PortQry ................ http://support.microsoft.com/?id=832919 TOOLS • ActivePorts ............ http://www.SnapFiles.com/download/dlactiveports.shtml • AnalogX Net Tools ...... http://www.analogx.com/contents/download/network.htm • Atelier Port Scanner ... http://www.atelierweb.com/pscan/ • epdump ................. http://www.nmrc.org/files/nt/ • LanMonitor ............. http://www.karenware.com/powertools/ptlanmon.asp • Local Port Scanner ..... http://www.jpsoft.dk/products.php • netcat ................. http://www.l0pht.com/~weld/netcat/ • NetMon ................. http://www.leechsoftware.com/netmon/ • NetStat Live ........... http://www.analogx.com/contents/download/network/nsl.htm • nmapNT ................. http://www.eeye.com/html/Databases/Software/nmapnt.html • PacketMon .............. http://www.analogx.com/contents/download/network/pmon.htm • Port Explorer .......... http://www.diamondcs.com.au/portexplorer/ • TCPview ................ http://www.sysinternals.com/ntw2k/source/tcpview.shtml • TDImon ................. http://www.sysinternals.com/ntw2k/freeware/tdimon.shtml • Vision ................. http://www.foundstone.com/products/proddesc/vision.html COMMON PORT NUMBERS (NORMAL SERVICES) • http://www.eventid.net/searchprot.asp • http://www.sockets.com/services.htm • http://www.iana.org/assignments/port-numbers/ • http://www.normos.org/en/lists/iana/port-numbers.html • http://www.networkice.com/advice/Exploits/Ports/ • http://macinsearch.com/users/cocomac/PORT-NUMBERS-IP.html • http://support.microsoft.com/?KBID=289241 • http://support.microsoft.com/?KBID=150543 • http://support.microsoft.com/?KBID=174904 • http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/tcpip/part4/tcpappc.asp • http://www.con.wesleyan.edu/~triemer/network/docservs.html • http://www.chebucto.ns.ca/~rakerman/port-table.html • http://webopedia.internet.com/quick_ref/portnumbers.asp • http://www.hsph.harvard.edu/it/netmeeting/ports.html • http://www.practicallynetworked.com/sharing/app_port_list.htm • http://www.packetattack.com/utilities/portlist.pdf COMMON PORT NUMBERS (USED BY TROJANS) • http://www.simovits.com/nyheter9902.html • http://isc.incidents.org/port_details.html • http://www.neohapsis.com/neolabs/neo-ports/ • http://www.simovits.com/sve/nyhetsarkiv/1999/nyheter9902.html • http://www.dark-e.com/archive/trojans/ EXTERNAL PORT SCANNING RESOURCES (Use at your own risk) • http://www.pedestalsoftware.com/products/se/downloads/webscan/ • http://scan.sygate.com/probe.html • http://www.dslreports.com/security/ • http://www.hackerwhacker.com/ • http://www.it-sec.de/vulchke.html • http://security.symantec.com/ • http://grc.com/lt/leaktest.htm • http://grcsucks.com/ WIN32 FILE ARCHIVES • http://www.SnapFiles.com/Freeware/network/fwnetmoni.html • http://www.analogx.com/contents/download/network.htm • http://www.freshmeat.net/ PERSONAL NOTES • Be VERY careful using untrusted external resources to verify the security of your network. GRC is widely regarded as a trustworthy site, although their testing is average, and not necessarily indicative of a properly secured environment. • You can also see the default list of Well-known ports here: %SystemRoot%\System32\Drivers\Etc\Services • You can use NETSTAT under XP to find out the owning process using the "-o" parameter. This option is not available under older versions of the command.