Reputation: 2630
Windows Process from PID
I'm trying to determine which application or system program is using a particular port on a Windows 2008 R2 machine.
I've run
netstat -a -n -o
And have determined that PID is holding open port 445, which I'm interested in.
But when I run tasklist or Microsoft's pslist program, it tells me that the process holding the port open is simply named 'Sys'.
Is there another tool or approach I can use to find which is the real process holding it open?
Upvotes: 4
Views: 23769
Answers (4)
Reputation: 9
There is a free tool on Nirsoft's website called "CPORTS" with both 32 and 64 bit versions that might help you. Port 445 is used by Server 2008 R2 and later for communicating with other systens using SAMBA /TCP. I got the list below from "cyberciti.biz"
■netbios-ns - 137/tcp # NETBIOS Name Service ■netbios-dgm - 138/tcp # NETBIOS Datagram Service ■netbios-ssn - 139/tcp # NETBIOS session service ■microsoft-ds - 445/tcp # if you are using Active Directory ■Port 389 (TCP) - for LDAP (Active Directory Mode) ■Port 445 (TCP) - NetBIOS was moved to 445 after 2000 and beyond, (CIFS) ■Port 901 (TCP) - for SWAT service (not related to client communication
If you can run "grep" this is their recommended format: "$ grep -i NETBIOS /etc/services". If not, "AstroGrep" is a little more "user-friendly" Both can be gotten from SourceForge. My own interest lies in a solution to why some systems are unable to map network drives to a server 2008 R2 box yet they have no problem making a VPN connection and running the SQL software on the same server. Port 445 is the one I am most closely looking at due to NETBIOS needs but I really don't have a clue. One person can be unable to map a drive letter from their laptop on their home internet, but then use their cellphone as a tethered modem and map it with no problem. Same system same everything else.
I hope one of these helps you, as my problem is still ongoing but the Nirsoft tool is the easiest to use by far and the listed use of grep did give me other information that may be of use to you. The tool from Nirsoft provides an excellent map of all ports in use and plenty of other information. Requires no installation and small enough to keep handy on a flashdrive. Grep or Astrogrep from SourceForge.
Happy Holidays
Upvotes: 0
Reputation: 16142
PID 4 is the system process - if PID 4 is holding a port open, it means that some device driver has opened the port. Given that it's port 445, my guess is that it's the CIFS network filesystem or server. Try doing a "net stop srv" and "net stop rdr" from an elevated command prompt - that should shut down the service using the port.
Upvotes: 6
Reputation: 9924
Have you looked at TCPView http://technet.microsoft.com/en-us/sysinternals/bb897437? It's another tool from sysinternals.
Upvotes: 1
Reputation: 33193
The sysinternals tool procexp (process explorer) shows both processes and if the process is a service - it can show which services are running in the same process. (Windows service processes can contain a number of service threads).
Port 445 is normally the SMB port for Windows domain activities and file sharing and so on.
Upvotes: 3
Related Questions
- Find the PID of a process that uses a port on Windows
- ms c++ get pid of current process
- Retrieving process running dir from PID
- How to get only process id that runs on specific port at Windows?
- How can i get a pid of a process generated by cmd line?
- Get pid of started process c++
- Which PID listens on a given port in c#
- Get the PID of the process started by CreateProcess()
- How to get the pid of a process that is listening on a certain port programmatically?
- Getting a pid of a process created in C#