How do I find out which program and process ID accesses a given IP address in Windows?
Is it possible to catch, which program is accessing a specific IP address?
I found my computer is flooding and wish to check addresses one by one.
May be it is possible to set up some audit for this?
windows windows-8.1 ip process network-monitoring
edited Feb 15 '15 at 8:19
DavidPostill♦
108k27235270
asked Feb 14 '15 at 12:04
DimsDims
3,15245113190
add a comment |
Is it possible to catch, which program is accessing a specific IP address?
I found my computer is flooding and wish to check addresses one by one.
May be it is possible to set up some audit for this?
windows windows-8.1 ip process network-monitoring
edited Feb 15 '15 at 8:19
DavidPostill♦
108k27235270
asked Feb 14 '15 at 12:04
DimsDims
3,15245113190
add a comment |
Is it possible to catch, which program is accessing a specific IP address?
I found my computer is flooding and wish to check addresses one by one.
May be it is possible to set up some audit for this?
windows windows-8.1 ip process network-monitoring
edited Feb 15 '15 at 8:19
DavidPostill♦
108k27235270
asked Feb 14 '15 at 12:04
DimsDims
3,15245113190
Is it possible to catch, which program is accessing a specific IP address?
I found my computer is flooding and wish to check addresses one by one.
May be it is possible to set up some audit for this?
windows windows-8.1 ip process network-monitoring
windows windows-8.1 ip process network-monitoring
edited Feb 15 '15 at 8:19
DavidPostill♦
108k27235270
asked Feb 14 '15 at 12:04
DimsDims
3,15245113190
edited Feb 15 '15 at 8:19
DavidPostill♦
108k27235270
asked Feb 14 '15 at 12:04
DimsDims
3,15245113190
edited Feb 15 '15 at 8:19
DavidPostill♦
108k27235270
edited Feb 15 '15 at 8:19
DavidPostill♦
108k27235270
edited Feb 15 '15 at 8:19
DavidPostill♦
108k27235270
108k27235270
asked Feb 14 '15 at 12:04
DimsDims
3,15245113190
asked Feb 14 '15 at 12:04
DimsDims
3,15245113190
asked Feb 14 '15 at 12:04
DimsDims
3,15245113190
3,15245113190
add a comment |
add a comment |
4 Answers
4
active
oldest
votes
TCPView Solution
TCPView from SystemInternals will display "detailed listings of all TCP and UDP endpoints on your system, including the local and remote addresses and state of TCP connections."
TCPView is a Windows program that will show you detailed listings of all TCP and UDP endpoints on your system, including the local and remote addresses and state of TCP connections. On Windows Server 2008, Vista, and XP, TCPView also reports the name of the process that owns the endpoint. TCPView provides a more informative and conveniently presented subset of the Netstat program that ships with Windows. The TCPView download includes Tcpvcon, a command-line version with the same functionality.
Make sure you have "Resolve Addresses" unticked to get IP Addresses instead of Domain Names.
You can sort the results by "Remote Address" to find the IP Address you are interested in.
Example:
This screenshot shows Firefox connecting to stackoverflow.com.
CurrPorts Solution
CurrPorts from Nirsoft provides very similar functionality.
CurrPorts is network monitoring software that displays the list of all currently opened TCP/IP and UDP ports on your local computer. For each port in the list, information about the process that opened the port is also displayed, including the process name, full path of the process, version information of the process (product name, file description, and so on), the time that the process was created, and the user that created it.
Example:
This screenshot shows Firefox connecting to stackoverflow.com.
What if I want to log the results?
TcpLogView also from Nirsoft provides logging of TCP connnections.
TcpLogView is a simple utility that monitors the opened TCP connections on your system, and adds a new log line every time that a TCP connection is opened or closed. For every log line, the following information is displayed: Even Time, Event Type (Open, Close, Listen), Local Address, Remote Address, Remote Host Name, Local Port, Remote Port, Process ID, Process Name, and the country information of the Remote IP (Requires to download IP to country file separately.)
Disclaimer
I am not affiliated with SystemInternals (part of Microsoft) or Nirsoft in any way, I am just an end user of their (free) utilities.
answered Feb 14 '15 at 12:24
DavidPostill♦DavidPostill
108k27235270
I am afraid it is impossible to catch few packets this way, since it is disappearing fast. I need logging.
– Dims
Feb 14 '15 at 12:34
Imagine I wish to catch who is sending packets to88.221.132.207. How to see that? This application even has no search or filtering capabilities. I.e. I even will be unable to catch it by eye if it is disappearing fast.
– Dims
Feb 14 '15 at 12:38
1
Then you probably need a packet sniffer like Wireshark
– DavidPostill♦
Feb 14 '15 at 12:41
1
Wiresharkdoes not show process ID. I need to know (1) process (2) IP; both
– Dims
Feb 14 '15 at 12:42
6
@Dims Use TCPLogView also from Nirsoft. Answer updated
– DavidPostill♦
Feb 14 '15 at 12:54
add a comment |
In Windows 7/8*/10 you can use Resource Monitor -> Network Tab.
Easiest way to open the resource monitor is:
- Open Task Manager (right taskbar -> Start Task Manager)
- Click Performance tab
- Click Resource Monitor button
* = unconfirmed
answered Feb 15 '15 at 8:05
Salman ASalman A
92811125
add a comment |
You can achieve this without downloading additional tools from an admin command shell as well.
Run an admin command shell:
- Press start button
- Type "cmd"
- Press Ctrl + Shift + Enter
Enter the command: netstat -tabn
The switches mean the following:
- -t Displays the current connection offload state.
- ie. ESTABLISHED, LISTENING, TIME_WAIT
- -a Displays all connections and listening ports.
- -b Displays the executable involved in creating each connection or listening port. In some cases well-known executables host multiple independent components, and in these cases the sequence of components involved in creating the connection or listening port is displayed. In this case the executablen ame is in at the bottom, on top is the component it called, and so forth until TCP/IP was reached. Note that this option can be time-consuming and will fail unless you have sufficient
permissions. - -n Displays addresses and port numbers in numerical form.
This admittedly isn't nearly as sophisticated as the output achieved by the many GUI options but it is present and available without downloading additional tools. It works on Linux too with slightly different switches.
answered Feb 18 '15 at 1:43
antikantik
22438
add a comment |
As antik said, you can use netstat from within an admin command prompt. I'd suggest, though, that you use o instead of b, that way the output will be on one line for an entry and you can further filter it with find. You won't have the process name, but the process id:
E.g.
netstat -aon | find ":80"
displays all connections using port 80 (either locally or remotely)
You could then check that process in Task Manager or do another filter in the command prompt, using tasklist this time:
tasklist | find "1100"
or
tasklist /FI "PID eq 1100"
edited Feb 18 '15 at 7:58
Jawa
3,15982435
answered Feb 18 '15 at 2:12
Razvan PopaRazvan Popa
111
add a comment |
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f877879%2fhow-do-i-find-out-which-program-and-process-id-accesses-a-given-ip-address-in-wi%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
4 Answers
4
active
oldest
votes
4 Answers
4
active
oldest
votes
active
oldest
votes
active
oldest
votes
TCPView Solution
TCPView from SystemInternals will display "detailed listings of all TCP and UDP endpoints on your system, including the local and remote addresses and state of TCP connections."
TCPView is a Windows program that will show you detailed listings of all TCP and UDP endpoints on your system, including the local and remote addresses and state of TCP connections. On Windows Server 2008, Vista, and XP, TCPView also reports the name of the process that owns the endpoint. TCPView provides a more informative and conveniently presented subset of the Netstat program that ships with Windows. The TCPView download includes Tcpvcon, a command-line version with the same functionality.
Make sure you have "Resolve Addresses" unticked to get IP Addresses instead of Domain Names.
You can sort the results by "Remote Address" to find the IP Address you are interested in.
Example:
This screenshot shows Firefox connecting to stackoverflow.com.
CurrPorts Solution
CurrPorts from Nirsoft provides very similar functionality.
CurrPorts is network monitoring software that displays the list of all currently opened TCP/IP and UDP ports on your local computer. For each port in the list, information about the process that opened the port is also displayed, including the process name, full path of the process, version information of the process (product name, file description, and so on), the time that the process was created, and the user that created it.
Example:
This screenshot shows Firefox connecting to stackoverflow.com.
What if I want to log the results?
TcpLogView also from Nirsoft provides logging of TCP connnections.
TcpLogView is a simple utility that monitors the opened TCP connections on your system, and adds a new log line every time that a TCP connection is opened or closed. For every log line, the following information is displayed: Even Time, Event Type (Open, Close, Listen), Local Address, Remote Address, Remote Host Name, Local Port, Remote Port, Process ID, Process Name, and the country information of the Remote IP (Requires to download IP to country file separately.)
Disclaimer
I am not affiliated with SystemInternals (part of Microsoft) or Nirsoft in any way, I am just an end user of their (free) utilities.
answered Feb 14 '15 at 12:24
DavidPostill♦DavidPostill
108k27235270
I am afraid it is impossible to catch few packets this way, since it is disappearing fast. I need logging.
– Dims
Feb 14 '15 at 12:34
Imagine I wish to catch who is sending packets to88.221.132.207. How to see that? This application even has no search or filtering capabilities. I.e. I even will be unable to catch it by eye if it is disappearing fast.
– Dims
Feb 14 '15 at 12:38
1
Then you probably need a packet sniffer like Wireshark
– DavidPostill♦
Feb 14 '15 at 12:41
1
Wiresharkdoes not show process ID. I need to know (1) process (2) IP; both
– Dims
Feb 14 '15 at 12:42
6
@Dims Use TCPLogView also from Nirsoft. Answer updated
– DavidPostill♦
Feb 14 '15 at 12:54
add a comment |
TCPView Solution
TCPView from SystemInternals will display "detailed listings of all TCP and UDP endpoints on your system, including the local and remote addresses and state of TCP connections."
TCPView is a Windows program that will show you detailed listings of all TCP and UDP endpoints on your system, including the local and remote addresses and state of TCP connections. On Windows Server 2008, Vista, and XP, TCPView also reports the name of the process that owns the endpoint. TCPView provides a more informative and conveniently presented subset of the Netstat program that ships with Windows. The TCPView download includes Tcpvcon, a command-line version with the same functionality.
Make sure you have "Resolve Addresses" unticked to get IP Addresses instead of Domain Names.
You can sort the results by "Remote Address" to find the IP Address you are interested in.
Example:
This screenshot shows Firefox connecting to stackoverflow.com.
CurrPorts Solution
CurrPorts from Nirsoft provides very similar functionality.
CurrPorts is network monitoring software that displays the list of all currently opened TCP/IP and UDP ports on your local computer. For each port in the list, information about the process that opened the port is also displayed, including the process name, full path of the process, version information of the process (product name, file description, and so on), the time that the process was created, and the user that created it.
Example:
This screenshot shows Firefox connecting to stackoverflow.com.
What if I want to log the results?
TcpLogView also from Nirsoft provides logging of TCP connnections.
TcpLogView is a simple utility that monitors the opened TCP connections on your system, and adds a new log line every time that a TCP connection is opened or closed. For every log line, the following information is displayed: Even Time, Event Type (Open, Close, Listen), Local Address, Remote Address, Remote Host Name, Local Port, Remote Port, Process ID, Process Name, and the country information of the Remote IP (Requires to download IP to country file separately.)
Disclaimer
I am not affiliated with SystemInternals (part of Microsoft) or Nirsoft in any way, I am just an end user of their (free) utilities.
answered Feb 14 '15 at 12:24
DavidPostill♦DavidPostill
108k27235270
I am afraid it is impossible to catch few packets this way, since it is disappearing fast. I need logging.
– Dims
Feb 14 '15 at 12:34
Imagine I wish to catch who is sending packets to88.221.132.207. How to see that? This application even has no search or filtering capabilities. I.e. I even will be unable to catch it by eye if it is disappearing fast.
– Dims
Feb 14 '15 at 12:38
1
Then you probably need a packet sniffer like Wireshark
– DavidPostill♦
Feb 14 '15 at 12:41
1
Wiresharkdoes not show process ID. I need to know (1) process (2) IP; both
– Dims
Feb 14 '15 at 12:42
6
@Dims Use TCPLogView also from Nirsoft. Answer updated
– DavidPostill♦
Feb 14 '15 at 12:54
add a comment |
TCPView Solution
TCPView from SystemInternals will display "detailed listings of all TCP and UDP endpoints on your system, including the local and remote addresses and state of TCP connections."
TCPView is a Windows program that will show you detailed listings of all TCP and UDP endpoints on your system, including the local and remote addresses and state of TCP connections. On Windows Server 2008, Vista, and XP, TCPView also reports the name of the process that owns the endpoint. TCPView provides a more informative and conveniently presented subset of the Netstat program that ships with Windows. The TCPView download includes Tcpvcon, a command-line version with the same functionality.
Make sure you have "Resolve Addresses" unticked to get IP Addresses instead of Domain Names.
You can sort the results by "Remote Address" to find the IP Address you are interested in.
Example:
This screenshot shows Firefox connecting to stackoverflow.com.
CurrPorts Solution
CurrPorts from Nirsoft provides very similar functionality.
CurrPorts is network monitoring software that displays the list of all currently opened TCP/IP and UDP ports on your local computer. For each port in the list, information about the process that opened the port is also displayed, including the process name, full path of the process, version information of the process (product name, file description, and so on), the time that the process was created, and the user that created it.
Example:
This screenshot shows Firefox connecting to stackoverflow.com.
What if I want to log the results?
TcpLogView also from Nirsoft provides logging of TCP connnections.
TcpLogView is a simple utility that monitors the opened TCP connections on your system, and adds a new log line every time that a TCP connection is opened or closed. For every log line, the following information is displayed: Even Time, Event Type (Open, Close, Listen), Local Address, Remote Address, Remote Host Name, Local Port, Remote Port, Process ID, Process Name, and the country information of the Remote IP (Requires to download IP to country file separately.)
Disclaimer
I am not affiliated with SystemInternals (part of Microsoft) or Nirsoft in any way, I am just an end user of their (free) utilities.
answered Feb 14 '15 at 12:24
DavidPostill♦DavidPostill
108k27235270
TCPView Solution
TCPView from SystemInternals will display "detailed listings of all TCP and UDP endpoints on your system, including the local and remote addresses and state of TCP connections."
TCPView is a Windows program that will show you detailed listings of all TCP and UDP endpoints on your system, including the local and remote addresses and state of TCP connections. On Windows Server 2008, Vista, and XP, TCPView also reports the name of the process that owns the endpoint. TCPView provides a more informative and conveniently presented subset of the Netstat program that ships with Windows. The TCPView download includes Tcpvcon, a command-line version with the same functionality.
Make sure you have "Resolve Addresses" unticked to get IP Addresses instead of Domain Names.
You can sort the results by "Remote Address" to find the IP Address you are interested in.
Example:
This screenshot shows Firefox connecting to stackoverflow.com.
CurrPorts Solution
CurrPorts from Nirsoft provides very similar functionality.
CurrPorts is network monitoring software that displays the list of all currently opened TCP/IP and UDP ports on your local computer. For each port in the list, information about the process that opened the port is also displayed, including the process name, full path of the process, version information of the process (product name, file description, and so on), the time that the process was created, and the user that created it.
Example:
This screenshot shows Firefox connecting to stackoverflow.com.
What if I want to log the results?
TcpLogView also from Nirsoft provides logging of TCP connnections.
TcpLogView is a simple utility that monitors the opened TCP connections on your system, and adds a new log line every time that a TCP connection is opened or closed. For every log line, the following information is displayed: Even Time, Event Type (Open, Close, Listen), Local Address, Remote Address, Remote Host Name, Local Port, Remote Port, Process ID, Process Name, and the country information of the Remote IP (Requires to download IP to country file separately.)
Disclaimer
I am not affiliated with SystemInternals (part of Microsoft) or Nirsoft in any way, I am just an end user of their (free) utilities.
answered Feb 14 '15 at 12:24
DavidPostill♦DavidPostill
108k27235270
edited Aug 1 '15 at 8:10
answered Feb 14 '15 at 12:24
DavidPostill♦DavidPostill
108k27235270
answered Feb 14 '15 at 12:24
DavidPostill♦DavidPostill
108k27235270
answered Feb 14 '15 at 12:24
DavidPostill♦DavidPostill
108k27235270
108k27235270
I am afraid it is impossible to catch few packets this way, since it is disappearing fast. I need logging.
– Dims
Feb 14 '15 at 12:34
Imagine I wish to catch who is sending packets to88.221.132.207. How to see that? This application even has no search or filtering capabilities. I.e. I even will be unable to catch it by eye if it is disappearing fast.
– Dims
Feb 14 '15 at 12:38
1
Then you probably need a packet sniffer like Wireshark
– DavidPostill♦
Feb 14 '15 at 12:41
1
Wiresharkdoes not show process ID. I need to know (1) process (2) IP; both
– Dims
Feb 14 '15 at 12:42
6
@Dims Use TCPLogView also from Nirsoft. Answer updated
– DavidPostill♦
Feb 14 '15 at 12:54
add a comment |
I am afraid it is impossible to catch few packets this way, since it is disappearing fast. I need logging.
– Dims
Feb 14 '15 at 12:34
Imagine I wish to catch who is sending packets to88.221.132.207. How to see that? This application even has no search or filtering capabilities. I.e. I even will be unable to catch it by eye if it is disappearing fast.
– Dims
Feb 14 '15 at 12:38
1
Then you probably need a packet sniffer like Wireshark
– DavidPostill♦
Feb 14 '15 at 12:41
1
Wiresharkdoes not show process ID. I need to know (1) process (2) IP; both
– Dims
Feb 14 '15 at 12:42
6
@Dims Use TCPLogView also from Nirsoft. Answer updated
– DavidPostill♦
Feb 14 '15 at 12:54
I am afraid it is impossible to catch few packets this way, since it is disappearing fast. I need logging.
– Dims
Feb 14 '15 at 12:34
I am afraid it is impossible to catch few packets this way, since it is disappearing fast. I need logging.
– Dims
Feb 14 '15 at 12:34
Imagine I wish to catch who is sending packets to
88.221.132.207. How to see that? This application even has no search or filtering capabilities. I.e. I even will be unable to catch it by eye if it is disappearing fast.– Dims
Feb 14 '15 at 12:38
Imagine I wish to catch who is sending packets to
88.221.132.207. How to see that? This application even has no search or filtering capabilities. I.e. I even will be unable to catch it by eye if it is disappearing fast.– Dims
Feb 14 '15 at 12:38
1
1
Then you probably need a packet sniffer like Wireshark
– DavidPostill♦
Feb 14 '15 at 12:41
Then you probably need a packet sniffer like Wireshark
– DavidPostill♦
Feb 14 '15 at 12:41
1
1
Wireshark does not show process ID. I need to know (1) process (2) IP; both– Dims
Feb 14 '15 at 12:42
Wireshark does not show process ID. I need to know (1) process (2) IP; both– Dims
Feb 14 '15 at 12:42
6
6
@Dims Use TCPLogView also from Nirsoft. Answer updated
– DavidPostill♦
Feb 14 '15 at 12:54
@Dims Use TCPLogView also from Nirsoft. Answer updated
– DavidPostill♦
Feb 14 '15 at 12:54
add a comment |
In Windows 7/8*/10 you can use Resource Monitor -> Network Tab.
Easiest way to open the resource monitor is:
- Open Task Manager (right taskbar -> Start Task Manager)
- Click Performance tab
- Click Resource Monitor button
* = unconfirmed
answered Feb 15 '15 at 8:05
Salman ASalman A
92811125
add a comment |
In Windows 7/8*/10 you can use Resource Monitor -> Network Tab.
Easiest way to open the resource monitor is:
- Open Task Manager (right taskbar -> Start Task Manager)
- Click Performance tab
- Click Resource Monitor button
* = unconfirmed
answered Feb 15 '15 at 8:05
Salman ASalman A
92811125
add a comment |
In Windows 7/8*/10 you can use Resource Monitor -> Network Tab.
Easiest way to open the resource monitor is:
- Open Task Manager (right taskbar -> Start Task Manager)
- Click Performance tab
- Click Resource Monitor button
* = unconfirmed
answered Feb 15 '15 at 8:05
Salman ASalman A
92811125
In Windows 7/8*/10 you can use Resource Monitor -> Network Tab.
Easiest way to open the resource monitor is:
- Open Task Manager (right taskbar -> Start Task Manager)
- Click Performance tab
- Click Resource Monitor button
* = unconfirmed
answered Feb 15 '15 at 8:05
Salman ASalman A
92811125
edited Feb 29 '16 at 7:52
answered Feb 15 '15 at 8:05
Salman ASalman A
92811125
answered Feb 15 '15 at 8:05
Salman ASalman A
92811125
answered Feb 15 '15 at 8:05
Salman ASalman A
92811125
92811125
add a comment |
add a comment |
You can achieve this without downloading additional tools from an admin command shell as well.
Run an admin command shell:
- Press start button
- Type "cmd"
- Press Ctrl + Shift + Enter
Enter the command: netstat -tabn
The switches mean the following:
- -t Displays the current connection offload state.
- ie. ESTABLISHED, LISTENING, TIME_WAIT
- -a Displays all connections and listening ports.
- -b Displays the executable involved in creating each connection or listening port. In some cases well-known executables host multiple independent components, and in these cases the sequence of components involved in creating the connection or listening port is displayed. In this case the executablen ame is in at the bottom, on top is the component it called, and so forth until TCP/IP was reached. Note that this option can be time-consuming and will fail unless you have sufficient
permissions. - -n Displays addresses and port numbers in numerical form.
This admittedly isn't nearly as sophisticated as the output achieved by the many GUI options but it is present and available without downloading additional tools. It works on Linux too with slightly different switches.
answered Feb 18 '15 at 1:43
antikantik
22438
add a comment |
You can achieve this without downloading additional tools from an admin command shell as well.
Run an admin command shell:
- Press start button
- Type "cmd"
- Press Ctrl + Shift + Enter
Enter the command: netstat -tabn
The switches mean the following:
- -t Displays the current connection offload state.
- ie. ESTABLISHED, LISTENING, TIME_WAIT
- -a Displays all connections and listening ports.
- -b Displays the executable involved in creating each connection or listening port. In some cases well-known executables host multiple independent components, and in these cases the sequence of components involved in creating the connection or listening port is displayed. In this case the executablen ame is in at the bottom, on top is the component it called, and so forth until TCP/IP was reached. Note that this option can be time-consuming and will fail unless you have sufficient
permissions. - -n Displays addresses and port numbers in numerical form.
This admittedly isn't nearly as sophisticated as the output achieved by the many GUI options but it is present and available without downloading additional tools. It works on Linux too with slightly different switches.
answered Feb 18 '15 at 1:43
antikantik
22438
add a comment |
You can achieve this without downloading additional tools from an admin command shell as well.
Run an admin command shell:
- Press start button
- Type "cmd"
- Press Ctrl + Shift + Enter
Enter the command: netstat -tabn
The switches mean the following:
- -t Displays the current connection offload state.
- ie. ESTABLISHED, LISTENING, TIME_WAIT
- -a Displays all connections and listening ports.
- -b Displays the executable involved in creating each connection or listening port. In some cases well-known executables host multiple independent components, and in these cases the sequence of components involved in creating the connection or listening port is displayed. In this case the executablen ame is in at the bottom, on top is the component it called, and so forth until TCP/IP was reached. Note that this option can be time-consuming and will fail unless you have sufficient
permissions. - -n Displays addresses and port numbers in numerical form.
This admittedly isn't nearly as sophisticated as the output achieved by the many GUI options but it is present and available without downloading additional tools. It works on Linux too with slightly different switches.
answered Feb 18 '15 at 1:43
antikantik
22438
You can achieve this without downloading additional tools from an admin command shell as well.
Run an admin command shell:
- Press start button
- Type "cmd"
- Press Ctrl + Shift + Enter
Enter the command: netstat -tabn
The switches mean the following:
- -t Displays the current connection offload state.
- ie. ESTABLISHED, LISTENING, TIME_WAIT
- -a Displays all connections and listening ports.
- -b Displays the executable involved in creating each connection or listening port. In some cases well-known executables host multiple independent components, and in these cases the sequence of components involved in creating the connection or listening port is displayed. In this case the executablen ame is in at the bottom, on top is the component it called, and so forth until TCP/IP was reached. Note that this option can be time-consuming and will fail unless you have sufficient
permissions. - -n Displays addresses and port numbers in numerical form.
This admittedly isn't nearly as sophisticated as the output achieved by the many GUI options but it is present and available without downloading additional tools. It works on Linux too with slightly different switches.
answered Feb 18 '15 at 1:43
antikantik
22438
answered Feb 18 '15 at 1:43
antikantik
22438
answered Feb 18 '15 at 1:43
antikantik
22438
answered Feb 18 '15 at 1:43
antikantik
22438
22438
add a comment |
add a comment |
As antik said, you can use netstat from within an admin command prompt. I'd suggest, though, that you use o instead of b, that way the output will be on one line for an entry and you can further filter it with find. You won't have the process name, but the process id:
E.g.
netstat -aon | find ":80"
displays all connections using port 80 (either locally or remotely)
You could then check that process in Task Manager or do another filter in the command prompt, using tasklist this time:
tasklist | find "1100"
or
tasklist /FI "PID eq 1100"
edited Feb 18 '15 at 7:58
Jawa
3,15982435
answered Feb 18 '15 at 2:12
Razvan PopaRazvan Popa
111
add a comment |
As antik said, you can use netstat from within an admin command prompt. I'd suggest, though, that you use o instead of b, that way the output will be on one line for an entry and you can further filter it with find. You won't have the process name, but the process id:
E.g.
netstat -aon | find ":80"
displays all connections using port 80 (either locally or remotely)
You could then check that process in Task Manager or do another filter in the command prompt, using tasklist this time:
tasklist | find "1100"
or
tasklist /FI "PID eq 1100"
edited Feb 18 '15 at 7:58
Jawa
3,15982435
answered Feb 18 '15 at 2:12
Razvan PopaRazvan Popa
111
add a comment |
As antik said, you can use netstat from within an admin command prompt. I'd suggest, though, that you use o instead of b, that way the output will be on one line for an entry and you can further filter it with find. You won't have the process name, but the process id:
E.g.
netstat -aon | find ":80"
displays all connections using port 80 (either locally or remotely)
You could then check that process in Task Manager or do another filter in the command prompt, using tasklist this time:
tasklist | find "1100"
or
tasklist /FI "PID eq 1100"
edited Feb 18 '15 at 7:58
Jawa
3,15982435
answered Feb 18 '15 at 2:12
Razvan PopaRazvan Popa
111
As antik said, you can use netstat from within an admin command prompt. I'd suggest, though, that you use o instead of b, that way the output will be on one line for an entry and you can further filter it with find. You won't have the process name, but the process id:
E.g.
netstat -aon | find ":80"
displays all connections using port 80 (either locally or remotely)
You could then check that process in Task Manager or do another filter in the command prompt, using tasklist this time:
tasklist | find "1100"
or
tasklist /FI "PID eq 1100"
edited Feb 18 '15 at 7:58
Jawa
3,15982435
answered Feb 18 '15 at 2:12
Razvan PopaRazvan Popa
111
edited Feb 18 '15 at 7:58
Jawa
3,15982435
edited Feb 18 '15 at 7:58
Jawa
3,15982435
edited Feb 18 '15 at 7:58
Jawa
3,15982435
3,15982435
answered Feb 18 '15 at 2:12
Razvan PopaRazvan Popa
111
answered Feb 18 '15 at 2:12
Razvan PopaRazvan Popa
111
answered Feb 18 '15 at 2:12
Razvan PopaRazvan Popa
111
111
add a comment |
add a comment |
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f877879%2fhow-do-i-find-out-which-program-and-process-id-accesses-a-given-ip-address-in-wi%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
