How To Establish Which Process Is Listening On A Port

How To Establish Which Process Is Listening On A Port
Last Updated: 11 Jul 2004
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

*** PLEASE NOTE: Link(s), If Provided, May Be Wrapped ***


In addition to the native NETSTAT utility, you can use
the following tools to help you determine what process
is listening on a given port.


MICROSOFT TOOLS

• NETSTAT ................ Native Command (XP version)
• Port Reporter .......... http://support.microsoft.com/?id=837243
• PortQry ................ http://support.microsoft.com/?id=832919


TOOLS

• ActivePorts ............ http://www.SnapFiles.com/download/dlactiveports.shtml
• AnalogX Net Tools ...... http://www.analogx.com/contents/download/network.htm
• Atelier Port Scanner ... http://www.atelierweb.com/pscan/
• epdump ................. http://www.nmrc.org/files/nt/
• LanMonitor ............. http://www.karenware.com/powertools/ptlanmon.asp
• Local Port Scanner ..... http://www.jpsoft.dk/products.php
• netcat ................. http://www.l0pht.com/~weld/netcat/
• NetMon ................. http://www.leechsoftware.com/netmon/
• NetStat Live ........... http://www.analogx.com/contents/download/network/nsl.htm
• nmapNT ................. http://www.eeye.com/html/Databases/Software/nmapnt.html
• PacketMon .............. http://www.analogx.com/contents/download/network/pmon.htm
• Port Explorer .......... http://www.diamondcs.com.au/portexplorer/
• TCPview ................ http://www.sysinternals.com/ntw2k/source/tcpview.shtml
• TDImon ................. http://www.sysinternals.com/ntw2k/freeware/tdimon.shtml
• Vision ................. http://www.foundstone.com/products/proddesc/vision.html


COMMON PORT NUMBERS (NORMAL SERVICES)

• http://www.eventid.net/searchprot.asp
• http://www.sockets.com/services.htm
• http://www.iana.org/assignments/port-numbers/
• http://www.normos.org/en/lists/iana/port-numbers.html
• http://www.networkice.com/advice/Exploits/Ports/
• http://macinsearch.com/users/cocomac/PORT-NUMBERS-IP.html
• http://support.microsoft.com/?KBID=289241
• http://support.microsoft.com/?KBID=150543
• http://support.microsoft.com/?KBID=174904
• http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/tcpip/part4/tcpappc.asp
• http://www.con.wesleyan.edu/~triemer/network/docservs.html
• http://www.chebucto.ns.ca/~rakerman/port-table.html
• http://webopedia.internet.com/quick_ref/portnumbers.asp
• http://www.hsph.harvard.edu/it/netmeeting/ports.html
• http://www.practicallynetworked.com/sharing/app_port_list.htm
• http://www.packetattack.com/utilities/portlist.pdf


COMMON PORT NUMBERS (USED BY TROJANS)

• http://www.simovits.com/nyheter9902.html
• http://isc.incidents.org/port_details.html
• http://www.neohapsis.com/neolabs/neo-ports/
• http://www.simovits.com/sve/nyhetsarkiv/1999/nyheter9902.html
• http://www.dark-e.com/archive/trojans/


EXTERNAL PORT SCANNING RESOURCES (Use at your own risk)

• http://www.pedestalsoftware.com/products/se/downloads/webscan/
• http://scan.sygate.com/probe.html
• http://www.dslreports.com/security/
• http://www.hackerwhacker.com/
• http://www.it-sec.de/vulchke.html
• http://security.symantec.com/

• http://grc.com/lt/leaktest.htm
• http://grcsucks.com/


WIN32 FILE ARCHIVES

• http://www.SnapFiles.com/Freeware/network/fwnetmoni.html
• http://www.analogx.com/contents/download/network.htm
• http://www.freshmeat.net/


PERSONAL NOTES

• Be VERY careful using untrusted external resources
  to verify the security of your network. GRC is widely
  regarded as a trustworthy site, although their testing
  is average, and not necessarily indicative of a
  properly secured environment.

• You can also see the default list of Well-known ports
  here: %SystemRoot%\System32\Drivers\Etc\Services

• You can use NETSTAT under XP to find out the owning
  process using the "-o" parameter.  This option is not
  available under older versions of the command.