You may find yourself frequently going to network tools to determine traffic patterns from one server to another; Windows Servers (and earlier versions of Windows OS) can allow you to get that information locally on its connections. You can combine the netstat and tasklist commands to determine what process is using a port on the Windows Server.
The following command will show what network traffic is in use at the port level:
Netstat -a -n -o
The -o parameter will display the associated process identifier (PID) using the port. This command will produce an output similar to what is in Figure 1.
Figure 1
With the PIDs listed in the netstat output, you can follow up with the Windows Task Manager (taskmgr.exe) or run a script with a specific PID that is using a port from the previous step. You can then use the tasklist command with the specific PID that corresponds to a port in question. From the previous example, ports 5800 and 5900 are used by PID 1812, so using the tasklist command will show you the process using the ports. Figure 2 shows this query.
Figure 2
This identifies VNC as the culprit to using the port. While a quick Google search on ports could possibly obtain the same result, this procedure can be extremely helpful when you’re trying to identify a viral process that may be running on the Windows Server.
Else You can use Netstat -b to get the full task details like Port number and related PID of a Application or Image name
1 comments:
Good One :)
there is a GUI tool for this, http://download.cnet.com/Active-Ports/3000-2651_4-29653.html?tag=mncol
which will give the process name along with the ports where you can kill the sessions etc as needed
Keep up the good work :)
Post a Comment