How do I find out which process is listening on a TCP or UDP port on Windows?
PowerShell
TCP
Get-Process -Id (Get-NetTCPConnection -LocalPort YourPortNumberHere).OwningProcess
UDP
Get-Process -Id (Get-NetUDPEndpoint -LocalPort YourPortNumberHere).OwningProcess
cmd
netstat -a -b
(Add -n to stop it trying to resolve hostnames, which will make it a lot faster.)
Note Dane's recommendation for TCPView. It looks very useful!
-a Displays all connections and listening ports.
-b Displays the executable involved in creating each connection or listening port. In some cases well-known executables host multiple independent components, and in these cases the sequence of components involved in creating the connection or listening port is displayed. In this case the executable name is in [] at the bottom, on top is the component it called, and so forth until TCP/IP was reached. Note that this option can be time-consuming and will fail unless you have sufficient permissions.
-n Displays addresses and port numbers in numerical form.
-o Displays the owning process ID associated with each connection.
Find the PID of a process that uses a port on Windows
Just open a command shell and type (saying your port is 123456):
netstat -a -n -o | find "123456"
You will see everything you need.
The headers are:
Proto Local Address Foreign Address State PID
TCP 0.0.0.0:37 0.0.0.0:0 LISTENING 1111
How can I identify which process is using port 18780 on Windows?
Caught this happening again.
Turns out that my application had spawned three child processes, and those were still running. Windows apparently doesn't release a TCP port until the owning process record is cleaned up, and child processes maintain this record. Even though the parent process was stopped, and showed in TCPViewer as <non-existent>
, the port was still unavailable.
This is also described here: https://serverfault.com/questions/181015/how-do-you-free-up-a-port-being-held-open-by-dead-process
I used wmic process where (ParentProcessId=7188) get Caption,ProcessId
to identify which child processes to kill, and that did the trick. Windows released the port straight away.
How do I kill the process currently using a port on localhost in Windows?
Step 1:
Open up cmd.exe (note: you may need to run it as an administrator, but this isn't always necessary), then run the below command:
netstat -ano | findstr :<PORT>
(Replace <PORT>
with the port number you want, but keep the colon)
The area circled in red shows the PID (process identifier). Locate the PID of the process that's using the port you want.
Step 2:
Next, run the following command:
taskkill /PID <PID> /F
(No colon this time)
Lastly, you can check whether the operation succeeded or not by re-running the command in "Step 1". If it was successful you shouldn't see any more search results for that port number.
Find process owning a port programmatically
GetExtendedTcpTable is the function you need to call, with one of the flags that indicates you want the owning process id (TCP_TABLE_OWNER_PID_*
). This will cause it to return a MIB_TCPTABLE_OWNER_PID
structure, which contains an array of MIB_TCPROW_OWNER_PID. There is a flag to specify if you want IPv4 or IPv6. For Udp, there is GetExtendedUdpTable with similar behavior.
How can I detect what program is listening to a TCP/IP port in Windows?
Use:
netstat -n -o
That will show the process ID and from there you can either look in the Task Manager's process viewer, go to menu View → Columns... and check the Process ID (PID). Then you can see the name of the process listening on that port.
Of course, you're wanting a programmatic way of accomplishing this and the GetTCPTable2 API is best as was already suggested. In fact, if you look at the IAT (Import Address Table) for netstat.exe, it actually uses that API to get that information.
There is a way to communicate directly with a command window and get its output using pipes and it would work fine, but the ideal way is to simply use the same API netstat uses.
How can I find a process using a TCP port?
If you are on Unix-like system, you can use netstat to find out which process is listening on a port:
sudo netstat -nlp | grep 9000
It turns out the -p option is not available on OS X. If you are using OS X, you can do this:
lsof -n -i4TCP:$PORT | grep LISTEN
Who is listening on a given TCP port on Mac OS X?
How do I find which program is using port 80 in Windows?
Start menu → Accessories → right click on "Command prompt". In the menu, click "Run as Administrator" (on Windows XP you can just run it as usual), run netstat -anb
, and then look through output for your program.
BTW, Skype by default tries to use ports 80 and 443 for incoming connections.
You can also run netstat -anb >%USERPROFILE%\ports.txt
followed by start %USERPROFILE%\ports.txt
to open the port and process list in a text editor, where you can search for the information you want.
You can also use PowerShell to parse netstat
output and present it in a better way (or process it any way you want):
$proc = @{};
Get-Process | ForEach-Object { $proc.Add($_.Id, $_) };
netstat -aon | Select-String "\s*([^\s]+)\s+([^\s]+):([^\s]+)\s+([^\s]+):([^\s]+)\s+([^\s]+)?\s+([^\s]+)" | ForEach-Object {
$g = $_.Matches[0].Groups;
New-Object PSObject |
Add-Member @{ Protocol = $g[1].Value } -PassThru |
Add-Member @{ LocalAddress = $g[2].Value } -PassThru |
Add-Member @{ LocalPort = [int]$g[3].Value } -PassThru |
Add-Member @{ RemoteAddress = $g[4].Value } -PassThru |
Add-Member @{ RemotePort = $g[5].Value } -PassThru |
Add-Member @{ State = $g[6].Value } -PassThru |
Add-Member @{ PID = [int]$g[7].Value } -PassThru |
Add-Member @{ Process = $proc[[int]$g[7].Value] } -PassThru;
#} | Format-Table Protocol,LocalAddress,LocalPort,RemoteAddress,RemotePort,State -GroupBy @{Name='Process';Expression={$p=$_.Process;@{$True=$p.ProcessName; $False=$p.MainModule.FileName}[$p.MainModule -eq $Null] + ' PID: ' + $p.Id}} -AutoSize
} | Sort-Object PID | Out-GridView
Also it does not require elevation to run.
Related Topics
Ada Program Works in Linux But Not in Gps Windows 10
Fail If a Script Expects Input or Entering Passwords
R Programming - Submitting Jobs on a Multiple Node Linux Cluster Using Pbs
Bash: How to Perform Arithmetic on Numbers in a Pipe
How to Ask Bash for the Current Options
Dotnetcore: Cross Platform Version of Getinvalidfilenamechars
How Come _Exit(0) (Exiting by Syscall) Prevents Me from Receiving Any Stdout Content
One-Liner: Print All Lines Except the Last 3
Libcurl Ssl Error After Fork()
Limit Output of All Linux Commands
Asp Net Core Linux Err_Connection_Refused
How to Create Shell Variable with Dashes
Delete Repeated Characters Without Back-Referencing with Sed