6.12. Viewing the Network Ports a Process Has Open
You want to view the network ports on which a process is communicating. This is useful if you want to see the type of traffic a particular process is generating.
Using a graphical user interface
Open the Sysinternals TCPView tool (tcpview.exe).
The complete list of processes and associated ports are displayed by default. New connections show up in green and terminating connections show up in red.
Using a command-line interface
The following command displays the open ports and the process
ID of the process associated with the port. The
-o option is new to netstat.exe in Windows XP and Windows
> netstat -o
The Sysinternals netstatp.exe command is similar to netstat.exe, except it displays the process name associated with each port:
And for yet another extremely useful port querying tool, check out portqry.exe (see MS KB 310099 for more information). With portqry you can get even more information than netstatp. Run this command to output all of the ports and their associated processes:
> portqry -local
That command also breaks port usage down by service (e.g., DnsCache). You can watch the port usage for a particular PID and log it to a file. The following command does this for PID 1234:
> portqry -wpid 1234 -wt 5 -l portoutput.txt -v
-wt defines the watch
time, which is how long portqry
waits before examining the process again (the default is 60
-v option is for