In order for processes and applications to communicate over a network, TCP/IP ports will be claimed In the form of a port number, thereby locking out other applications from using one that's already In use. However for diagnostic, troubleshooting or any other purpose, sometimes you'd want to know exactly what apps and processes are utilizing your ports. As such, In this tutorial, I will show you how to check exactly what ports are In use.
Without the tech jargon, the easiest way I can explain what a port does, Is that It allows your computer or an application to connect to another computer within your network, or on the Internet. On other words, It's simply a gateway that allows Information to travel from one point to another, and vice versa.
Ports are constantly In use by applications and processes and whilst there's usually no cause for concern, there are times that you'll need to know exactly what's going on. For Instance, some apps will attempt to listen for traffic on a port that's already In use, or perhaps a piece of malware Is communicating with It's author on a particular port.
As a result, I will be using the good old Windows Command Prompt, with the aid of netstat to see which applications and processes are using which ports. You'll then have a clear picture of what's actively running on your computer/network. So without further delay, let's rip Into this tutorial.
The first thing we need to do, Is access the Command Prompt with elevated privileges. Open the Search bar, enter cmd and then right-click the entry at the top and select Run as administrator.
The Command Prompt will now execute, so type the following command and hit Enter.
This will now display a list of ports, as well as the processes that're actively using them. The port numbers are those listed after the colon.
Upon scrolling through the list, you may come across CLOSE_WAIT, ESTABLISHED and LISTENING as shown below.
CLOSE_WAIT Is when an active connection Is ending. ESTABLISHED Is an active connection of traffic being exchanged. And LISTENING Is an open port, that's listening for Inbound connections.
If you haven't already, you will come across can not obtain ownership Information. This doesn't tell you anything about what It relates to. So to Identify It, you first need to grab It's port number. In my case, I will use port number 8034.
Now you need to match the port number with It's corresponding PID (Process Identifier), by entering the following command Into the Command Prompt.
Hit the Enter key on your keyboard, and (of relevance here), the Local Address and PID entries will be displayed. As you can see, the port number 8034, corresponds to PID 4. In the next step, we'll open Task Manager and see the Description of PID 4.
Upon opening Task Manager and selecting the Details tab, the PID number 4 has been Identified as NT Kernel & System. You can use this method for every other unknown running process.
I'm aware that the above PID Is safe, but If you're not sure, simply right-click It and select Search online. This actually provides a wealth of Information on the net.
You now have a clear understanding, of how to lookup and Identify applications & processes that're actively using your ports. Irrespective of whether everything Is running fine with no signs of Inconsistencies nor malicious behavior, It's good practice to check your ports every now and then. It only takes a few minutes, so there's no excuse not to.