windows - How to find out what is running on localhost port
2014-04
I have something running at port 9090 on my local machine.
It's probably something I set up long ago and forgot about... how can I find out what it is?
I am using Windows 8.
Run netstat -a -o | find "9090"
and have a look at the far right column. That's the Process ID (PID) of the owning process. Match it up with running processes in Task Manager.
Did you ever install Zeus admin server or Zyxel VoIP or CiscoSecure on that machine? Other possibilities include a Trojan such as Aphex's Remote Packet Sniffer or the IANA WebSM designation.
Take a look here or search the web for port 9090 or any other for that matter.
You can always do a basic intrusion testing using the GRC ShieldsUp! service.
Port 22 specifically. I installed freeSSHd on a windows server 2008 box that only runs IIS. When i try to start the SSH Service, it tells me that the port is already being used. How can I find out what service is utilizing this port?
Sysinternals TCPView will show you TCP/UDP ports that are in use and the processes that are using them.
netstat -b
in the command prompt will also work. Sysinternals TCPView is basically a prettier GUI version, netstat
is a tool that comes with Windows.
Sample output:
Active Connections Proto Local Address Foreign Address State PID TCP john:2817 localhost:2818 ESTABLISHED 972 [firefox.exe] TCP john:2818 localhost:2817 ESTABLISHED 972 [firefox.exe] TCP john:2821 localhost:2822 ESTABLISHED 972 [firefox.exe] TCP john:2822 localhost:2821 ESTABLISHED 972 [firefox.exe] TCP john:3177 peak-colo-196-219.peak.org:http ESTABLISHED 972 [firefox.exe] TCP john:3182 peak-colo-196-219.peak.org:http ESTABLISHED 972 [firefox.exe] TCP john:2879 67.69.247.70:http CLOSE_WAIT 972 [firefox.exe] TCP john:2880 67.69.247.70:http CLOSE_WAIT 972 [firefox.exe] TCP john:2881 67.69.247.70:http CLOSE_WAIT 972 [firefox.exe] TCP john:2882 67.69.247.70:http CLOSE_WAIT 972 [firefox.exe] TCP john:2883 67.69.247.70:http CLOSE_WAIT 972 [firefox.exe] TCP john:2884 67.69.247.70:http CLOSE_WAIT 972 [firefox.exe]
Take it to the next level with CurrPorts by NirSoft:
CurrPorts displays the list of all currently opened TCP/IP and UDP ports on your local computer. For each port in the list, information about the process that opened the port is also displayed, including the process name, full path of the process, version information of the process (product name, file description, and so on), the time that the process was created, and the user that created it.
Not only that but:
In addition, CurrPorts allows you to close unwanted TCP connections, kill the process that opened the ports, and save the TCP/UDP ports information to HTML file , XML file, or to tab-delimited text file. CurrPorts also automatically mark with pink color suspicious TCP/UDP ports owned by unidentified applications (Applications without version information and icons)
netstat -an
will show all the ports which are currently open with their address in numerical form.
To find info about a particular port use netstat -an | grep PORTNO
.
netstat in Windows 2008:
Start Command prompt with "Run as administrator", then type netstat -anb
.
Command runs faster in numerical form (-n
), and the -b
option requires elevation.
To filter the output and check only udp ports: use netstat -anb -p udp