Menu
I'm trying to determine which application or system program is using a particular port on a Windows 2008 R2 machine.
I've run
netstat -a -n -o
And have determined that PID is holding open port 445, which I'm interested in.
But when I run tasklist or Microsoft's pslist program, it tells me that the process holding the port open is simply named 'Sys'.
Is there another tool or approach I can use to find which is the real process holding it open?
384
PID 4 is the system process - if PID 4 is holding a port open, it means that some device driver has opened the port. Given that it's port 445, my guess is that it's the CIFS network filesystem or server. Try doing a "net stop srv" and "net stop rdr" from an elevated command prompt - that should shut down the service using the port.
104
The sysinternals tool procexp (process explorer) shows both processes and if the process is a service - it can show which services are running in the same process. (Windows service processes can contain a number of service threads).
Port 445 is normally the SMB port for Windows domain activities and file sharing and so on.
22
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
