Command line for looking at specific port

Mastering Command Line Tools to Inspect Specific Ports

Learn how to effectively use various command-line utilities in Windows to identify, monitor, and troubleshoot network port usage. This article covers essential tools like netstat, Get-NetTCPConnection, and Tasklist to help you diagnose connectivity issues and manage processes.

Understanding which applications are listening on specific ports is crucial for network troubleshooting, security auditing, and managing server applications. This article will guide you through several powerful command-line tools available in Windows, providing practical examples and explanations to help you quickly identify and manage port usage.

Using netstat for Port Inspection

netstat (network statistics) is a fundamental command-line tool that displays active TCP connections, listening ports, Ethernet statistics, the IP routing table, and more. It's an indispensable utility for network administrators and developers alike.

netstat -ano

Displays all active connections and listening ports, along with the associated process ID (PID).

The -a switch shows all connections and listening ports. The -n switch displays addresses and port numbers in numerical form, preventing DNS lookups and speeding up the output. The -o switch is particularly useful as it displays the owning process ID (PID) associated with each connection or port. Once you have the PID, you can easily identify the process using Tasklist.

netstat -ano | findstr :8080

Filters netstat output to show only entries related to port 8080.

Workflow for identifying a process by port using netstat and Tasklist.

PowerShell for Advanced Port Monitoring (Get-NetTCPConnection)

PowerShell offers a more object-oriented approach to network management. The Get-NetTCPConnection cmdlet provides detailed information about TCP connections and listening ports, making it a modern alternative to netstat.

Get-NetTCPConnection

Retrieves all active TCP connections and listening ports.

Get-NetTCPConnection | Where-Object {$_.LocalPort -eq 3389}

Filters TCP connections to show only those using local port 3389 (Remote Desktop Protocol).

(Get-NetTCPConnection -LocalPort 80).OwningProcess | Get-Process

Finds the process listening on port 80 by first getting the OwningProcess ID and then piping it to Get-Process.

Identifying Processes from PIDs with Tasklist

Once you have a Process ID (PID) from netstat or Get-NetTCPConnection, Tasklist is the command-line tool to identify the corresponding process name and other details.

tasklist /fi "PID eq 1234"

Displays information about the process with PID 1234.

Replace 1234 with the actual PID you obtained. This command will show you the Image Name (executable name), PID, Session Name, Session#, and Mem Usage for the specified process. This is essential for understanding which application is using a particular port.

1. Step 1

Open Command Prompt or PowerShell as an administrator.

2. Step 2

To find processes listening on a specific port (e.g., 8080) using netstat, execute: netstat -ano | findstr :8080.

3. Step 3

Note down the PID from the last column of the netstat output for the desired port.

4. Step 4

To identify the process associated with that PID (e.g., PID 1234), execute: tasklist /fi "PID eq 1234".

5. Step 5

Alternatively, using PowerShell, to find the process on a specific port (e.g., 80), execute: (Get-NetTCPConnection -LocalPort 80).OwningProcess | Get-Process.

By mastering these command-line tools, you gain powerful capabilities to monitor and troubleshoot network activity on your Windows system. Whether you're a developer debugging a server, a security analyst investigating suspicious connections, or an administrator managing services, these commands are invaluable.