In another article, nosotros explained computer ports and what they're used for. Other than that, what tin nosotros practice with port information? Since all traffic in and out of the computer goes through ports, we tin check on them to come across what they're doing. Peradventure the port isn't listening for traffic? Mayhap something is using a port that shouldn't be?

We're going to utilise the Windows command netstat to see our listening ports and PID (Procedure ID). We're also going to see what we can practise with that information.

What Is Netstat?

The netstat control is a combination of the words 'network' and 'statistics'. The netstat control works in all versions of Windows from Windows XP correct up to Windows 10. Information technology's as well used in other operating systems (OS) like Unix and Linux, but we'll stick to Windows here.

Netstat can provide u.s.a. with:

  • The proper name of the protocol the port is using (TCP or UDP).
  • The local IP address and proper name of the computer and the port number being used.
  • The IP address and port number to which nosotros're connecting.
  • The state of a TCP connection. For details on what these states are, read the Event Processing section of RFC 793.

Using Netstat To See Listening Ports & PID

  • Use the key combination Win Key + Ten. In the menu that opens, select Command Prompt.
  • Enter the command <pre>netstat -a -due north -o</pre>. The parameters for netstat are preceded with a hyphen, not a forward slash like many other commands. The -a tells information technology to show us all active connections and the ports on which the computer is listening.

    The -n tells netstat to show the IP addresses and ports as numbers only. Nosotros're telling it to not try to resolve the names. This makes for a quicker and neater display. The -o tells netstat to include the PID. We'll employ the PID afterward to discover out what process is using a specific port.

  • View the results and take note of the addresses, port numbers, state, and PID. Let's say nosotros want to know what's using port 63240. Note that its PID is 8552 and information technology's connecting to the IP address 172.217.12.138 on port 443.

What's Using That Port?

  • Open Task Manager. That's most hands done past using the key combination Ctrl + Shift + Esc.
  • Click on the Details tab. To make this easier to detect, click on the PID column header to sort the PIDs numerically.
  • Scroll down to PID 8552 and see what procedure it is. In this case, it's googledrivesync.exe. But is it really? Sometimes viruses can brand themselves expect like legitimate processes.
  • In a web browser, go to ipinfo.io. Enter the IP address 172.217.12.138. As we can see, the IP address is registered to Google. So this googledrivesync.exe is a legitimate 1.

How To Get Port, PID, & Process Name In PowerShell

PowerShell is Microsoft's newer manner to apply a command-line interface with Windows. We say newer, just it's been around for several versions. You should learn PowerShell even if yous're a home user.

Most Windows commands also work in PowerShell, plus nosotros tin can combine them with PowerShell'south cmdlets – pronounced command-lets. Joe at Winteltools.com provides the script for this method.

  • Open up Notepad and enter the following code:
$netstat = netstat -aon | Select-Cord -design "(TCP|UDP)" $processList = Get-Process  foreach ($result in $netstat) {    $splitArray = $result -split " "    $procID = $splitArray[$splitArray.length – 1]    $processName = $processList | Where-Object {$_.id -eq $procID} |    select processname    $splitArray[$splitArray.length – i] = $procID + " " +      $processName.processname    $splitArray -join " " }
  • Relieve the file equally get-NetstatProcessName.ps1. Make sure to note where it's existence saved. It's of import to alter the Save every bit type: to All Files (*.*) or information technology will get saved as get-NetstatProcessName.ps1.txt and it won't work for u.s.a..
  • Open up PowerShell and navigate to the location in which the script was saved. In this example, information technology's <pre>cd C:\Scripts</pre>. Striking Enter to run the command.
  • Run the script using dot-sourcing to make it piece of work. That ways use ./ before the name of the file. The command will be <pre>./go-NetstatProcessName.ps1</pre>
  • Now nosotros tin can see all the traditional netstat info plus the procedure proper noun. No need to open up Task Director anymore.

Go Get Them

We've covered two means to use the netstat command to encounter listening ports. Information technology tin be used either in the old Command Prompt or within a PowerShell script. With the data it tin can give us, we've looked at how it can assistance us figure out what our calculator is doing.

If you thought netstat is a great utility, take a look at some other Windows TCP/IP utilities like tracert, ipconfig, and nslookup. Or use Resource Monitor to get a ameliorate look into subconscious website and Cyberspace connections. There is a lot you tin exercise to see exactly what your figurer is doing.

Accept you used netstat to solve a trouble? Please tell us what yous did. Any questions about how to use netstat? Please enquire us in the comments below.