Investigating which Windows service is listening to which IP and port

Question

I am investigating a production system where there are several Windows services communicating with each other through TCP/IP sockets. I'm trying to figure out which executable is listening to which IP address and which port on a given machine.

Other than rummaging through each windows service's obscure configuration files, is there a system tool that can more easily give me the details I want?

Answer 1

As already mentioned TCPView by SysInternals (i.e. Microsoft) is a great tool. But on production systems you may not be allowed to install additional software, so I think you may want to try out netstat.exe, which is typically located at C:\WINNT\system32\netstat.exe .

A help page is available with

netstat -?

Examples are:

netstat -a

Lists all local TCP connections and listening ports together with remote TCP endpoint.

netstat -o

Adds the process ID to the output.

netstat -b 

Gives you the name of the executable wich was involved in establishing this connection/port.

Answer 2

Thanks everyone. Very helpful indeed. A friend also introduced me to a freeware utility called "Active Ports" from DeviceLock: http://www.devicelock.com/freeware.html/

Answer 3

Give this a whirl.

netstat -abn

Answer 4

http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx

SysInternals TCPView is great

Answer 5

Command line netstat tool might help you. To learn available parameters run it with /?: netstat /?

Or there is a better GUI alternative: SysInternals TcpView (freely downloadable from ms site)