How do I find out which process is listening on a TCP or UDP port on Windows?

Identifying Processes Listening on TCP/UDP Ports in Windows

Learn how to effectively identify which applications or services are utilizing specific TCP or UDP ports on your Windows system, a crucial skill for network troubleshooting and security.

Understanding which process is listening on a particular TCP or UDP port is fundamental for network diagnostics, resolving port conflicts, and ensuring system security. On Windows, several command-line tools and utilities can help you pinpoint the exact application or service bound to a port. This article will guide you through the most common and effective methods.

Using netstat with Process ID (PID)

The netstat command-line utility is a powerful tool for displaying network connections, routing tables, and network interface statistics. When combined with the -o (or --all and --program on some systems) option, it can show the Process ID (PID) associated with each connection or listening port. This PID can then be used to identify the process in Task Manager.

netstat -ano | findstr :<PortNumber>

Using netstat -ano to find processes listening on a specific port.

Replace <PortNumber> with the actual port you are investigating (e.g., 80, 443, 3389). The findstr command filters the output to show only lines containing your specified port. The output will include the Local Address (IP:Port), Foreign Address, State, and most importantly, the PID.

flowchart TD
    A[Start: Identify Port] --> B{Open Command Prompt as Admin}
    B --> C[Run `netstat -ano | findstr :<PortNumber>`]
    C --> D{Extract PID from Output}
    D --> E[Open Task Manager]
    E --> F[Go to 'Details' Tab]
    F --> G{Sort by PID and Locate Process}
    G --> H[End: Process Identified]

Workflow for identifying a process by port using netstat and Task Manager.

Identifying the Process with Task Manager

Once you have the PID from netstat, the next step is to find the corresponding process. Task Manager is the easiest way to do this.

1. Open Task Manager

Press Ctrl+Shift+Esc or right-click the taskbar and select 'Task Manager'.

2. Navigate to the 'Details' Tab

In Task Manager, switch to the 'Details' tab. If you don't see this tab, click 'More details' at the bottom left.

3. Sort by PID

Click on the 'PID' column header to sort processes by their Process ID. If the 'PID' column is not visible, right-click any column header, select 'Select columns', and check 'PID'.

4. Locate the Process

Scroll through the list to find the process matching the PID you obtained from netstat. The 'Name' column will show the executable name, and the 'Description' column will often provide more details about the application.

Using Get-NetTCPConnection and Get-NetUDPEndpoint in PowerShell

For more advanced users or scripting scenarios, PowerShell offers cmdlets that provide similar functionality to netstat but with more structured output, making it easier to filter and manipulate data. These cmdlets are available in Windows 8/Server 2012 and later.

# For TCP connections
Get-NetTCPConnection | Where-Object { $_.LocalPort -eq <PortNumber> -and $_.State -eq 'Listen' } | Select-Object LocalAddress, LocalPort, OwningProcess, State

# For UDP endpoints
Get-NetUDPEndpoint | Where-Object { $_.LocalPort -eq <PortNumber> } | Select-Object LocalAddress, LocalPort, OwningProcess

Using PowerShell cmdlets to find processes listening on TCP/UDP ports.

The OwningProcess property directly gives you the PID, which you can then use with Task Manager or other PowerShell cmdlets like Get-Process to get more information about the process.

$pid = (Get-NetTCPConnection | Where-Object { $_.LocalPort -eq 80 -and $_.State -eq 'Listen' }).OwningProcess
Get-Process -Id $pid

Getting process details directly using the PID from PowerShell.