Command line for looking at specific port - windows

Is there a way to examine the status of a specific port from the Windows command line? I know I can use netstat to examine all ports but netstat is slow and looking at a specific port probably isn't.

Here is the easy solution of port finding...
In cmd:
netstat -na | find "8080"
In bash:
netstat -na | grep "8080"
In PowerShell:
netstat -na | Select-String "8080"

You can use the netstat combined with the -np flags and a pipe to the find or findstr commands.
Basic Usage is as such:
netstat -np <protocol> | find "port #"
So for example to check port 80 on TCP, you can do this: netstat -np TCP | find "80"
Which ends up giving the following kind of output:
TCP 192.168.0.105:50466 64.34.119.101:80 ESTABLISHED
TCP 192.168.0.105:50496 64.34.119.101:80 ESTABLISHED
As you can see, this only shows the connections on port 80 for the TCP protocol.

I use:
netstat –aon | find "<port number>"
here o represents process ID.
now you can do whatever with the process ID.
To terminate the process, for e.g., use:
taskkill /F /pid <process ID>

when I have problem with WAMP apache , I use this code for find which program is using port 80.
netstat -o -n -a | findstr 0.0:80
3068 is PID, so I can find it from task manager and stop that process.

As noted elsewhere: use netstat, with appropriate switches, and then filter the results with find[str]
Most basic:
netstat -an | find ":N"
or
netstat -a -n | find ":N"
To find a foreign port you could use:
netstat -an | findstr ":N[^:]*$"
To find a local port you might use:
netstat -an | findstr ":N.*:[^:]*$"
Where N is the port number you are interested in.
-n ensures all ports will be numerical, i.e. not returned as translated to service names.
-a will ensure you search all connections (TCP, UDP, listening...)
In the find string you must include the colon, as the port qualifier, otherwise the number may match either local or foreign addresses.
You can further narrow narrow the search using other netstat switches as necessary...
Further reading (^0^)
netstat /?
find /?
findstr /?

netstat -a -n | find /c "10.240.199.9:8080"
it will give you number of sockets active on a specific IP and port(Server port number)

It will give you all active sockets on a specific IP:
netstat -an | find "172.20.1.166"

To improve upon #EndUzr's response:
To find a foreign port (IPv4 or IPv6) you can use:
netstat -an | findstr /r /c:":N [^:]*$"
To find a local port (IPv4 or IPv6) you can use:
netstat -an | findstr /r /c:":N *[^ ]*:[^ ]* "
Where N is the port number you are interested in. The "/r" switch tells it to process it as regexp. The "/c" switch allows findstr to include spaces within search strings instead of treating a space as a search string delimiter. This added space prevents longer ports being mistreated - for example, ":80" vs ":8080" and other port munging issues.
To list remote connections to the local RDP server, for example:
netstat -an | findstr /r /c:":3389 *[^ ]*:[^ ]*"
Or to see who is touching your DNS:
netstat -an | findstr /r /c:":53 *[^ ]*:[^ ]*"
If you want to exclude local-only ports you can use a series of exceptions with "/v" and escape characters with a backslash:
netstat -an | findstr /v "0.0.0.0 127.0.0.1 \[::\] \[::1\] \*\:\*" | findstr /r /c:":80 *[^ ]*:[^ ]*"

For Windows 8 User : Open Command Prompt, type netstat -an | find "your port number" , enter .
If reply comes like LISTENING then the port is in use, else it is free .

This will help you
netstat -atn | grep <port no> # For tcp
netstat -aun | grep <port no> # For udp
netstat -atun | grep <port no> # For both

For port 80, the command would be : netstat -an | find "80"
For port n, the command would be : netstat -an | find "n"
Here, netstat is the instruction to your machine
-a : Displays all connections and listening ports
-n : Displays all address and instructions in numerical format (This is required because output from -a can contain machine names)
Then, a find command to "Pattern Match" the output of previous command.

In RHEL 7, I use this command to filter several ports in LISTEN State:
sudo netstat -tulpn | grep LISTEN | egrep '(8080 |8082 |8083 | etc )'

in linux:
To find a foreign port you could use:
netstat -anp |grep port|awk '{ print $5 }' |grep port
To find a local port you might use:
netstat -anp |grep port|awk '{ print $4 }' |grep port

For exact match [windows command prompt]
netstat -aon | findstr "\<5000\>"

If you need to check several ports - the simplest way to do it use findstr with several strings for search:
findstr /C:":80 " /C:":443 " /C:":8080"
Spaces after the port numbers are important, without the space findstr will select everything which starts e.g. from ":80".
In my case complete command looks like this:
netstat -an | findstr /C:":80 " /C:":443 " /C:":8080"

Use the lsof command "lsof -i tcp:port #", here is an example.
$ lsof -i tcp:1555
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
java 27330 john 121u IPv4 36028819 0t0 TCP 10.10.10.1:58615->10.10.10.10:livelan (ESTABLISHED)
java 27330 john 201u IPv4 36018833 0t0 TCP 10.10.10.1:58586->10.10.10.10:livelan (ESTABLISHED)
java 27330 john 264u IPv4 36020018 0t0 TCP 10.10.10.1:58598->10.10.10.10:livelan (ESTABLISHED)
java 27330 john 312u IPv4 36058194 0t0 TCP 10.10.10.1:58826->10.10.10.10:livelan (ESTABLISHED)

This command will show all the ports and their destination address:
netstat -f

Related

How to query ports are using by one process with knowing its name or pid on mac?

I want to query ports are using by one process,I have known the pid of the process using ps aux | grep <name regex of process>,but I don't know how to get the ports being used by it.On linux,we can use netstat -anp | grep <pid>,but the command doesn't work on mac,it throws such hint:
netstat: option requires an argument -- p
Usage: netstat [-AaLlnW] [-f address_family | -p protocol]
netstat [-gilns] [-f address_family]
netstat -i | -I interface [-w wait] [-abdgRtS]
netstat -s [-s] [-f address_family | -p protocol] [-w wait]
netstat -i | -I interface -s [-f address_family | -p protocol]
netstat -m [-m]
netstat -r [-Aaln] [-f address_family]
netstat -rs [-s]
Looks like it needs one parameter for -p to specify the types of protocol,but I don't want and don't know the type,then how to solve my question,thanks!
It's a problem on Mac and easy to check,so I wish all the answers can test your solution on your mac machine at first.And maybe the answer is not single,So I'm waiting for your different but useful answers.Thanks for all who pay attention to this question.
On OS X you can get the PID of the process holding a port using the -v switch. The -v switch actually turns on verbose output which includes the PID.
If you are using netstat -anp on Linux then I believe you should be able to get a similar result on OS X using netstat -anv.
If you are only interested in inet ports then you can use:
netstat -anvf inet
Or TCP sockets:
netstat -anvp tcp
Or UDP sockets:
netstat -anvp udp
To only return TCP entries for a specific PID, for example PID == 86 you can pipe the output of netstat through awk:
netstat -anvp tcp | awk '{ if ($9 == 86) print }'
In the verbose output from netstat the PID is in the ninth column, hence the test of $9 == 86.
For example, if you would like to find memcached as a background process on mac. It is far more better to use below code instead of netstat.
sudo lsof -i -P|grep memcached
Use lsof, like lsof -p <pid> | egrep 'TCP \*|UDP \*', tweak the egrep pattern to meet your requirements.
As mttrb said: (but easy to filter with grep)
For tcp:
netstat -anvp tcp | grep <pid>
For udp:
netstat -anvp udp | grep <pid>
Tested in my El Capitan, working ok.
BSD netstat is a bit different from Linux netstat, and OSX uses BSD netstat.
Instead of the -p switch, (limits display to a single protocol), use -f inet, (limits display to a single protocol family, e.g. inet, inet6 etc.). Or use -4 which is short for -f inet.
-4 Is shorthand for -f inet
-6 Is shorthand for -f inet6
-f address_family, -p protocol
Limit display to those records of the specified address_family or a
single protocol. The following address families and protocols are
recognized:
Family Protocols
inet (AF_INET) divert, icmp, igmp, ip, ipsec, pim,
sctp, tcp, udp
inet6 (AF_INET6) icmp6, ip6, ipsec6, rip6, tcp, udp
pfkey (PF_KEY) pfkey
atalk (AF_APPLETALK) ddp
netgraph, ng (AF_NETGRAPH) ctrl, data
ipx (AF_IPX) ipx, spx
unix (AF_UNIX)
link (AF_LINK)
-from BSD 'man netstat'.

How to find the java process that is using a port

I have a small Java ServerSocket application that is running on port 4444. I wanted to see the process using that port in my OSX terminal, and my first thought was to do the following:
netstat -a | grep 4444 however, this doesn't give me any results.
lsof -i :4444 and I get the following (correct) result:
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
java 66389 admin 18u IPv6 0x1ae123a422ebe931 0t0 TCP *:krb524 (LISTEN)
Could someone tell me why netstat doesn't show the port but lsof does?
Netstat probably does list your task, but with an alias 'krb524' instead of the port number. Those aliases are listed in /etc/services.
$ grep 4444 /etc/services
krb524 4444/udp # KRB524
krb524 4444/tcp # KRB524
To see just port numbers with netstat, add the -n parameter.
netstat -a -n | grep 4444

find and kill process which running on port

I'm trying to kill the process associated with port 161 (SNMP) on OS X.
I tried to get the process ID associated with this port using netstat and lsof but none of these seem to list PIDs:
$ netstat -an | grep 161
udp4 0 0 *.161 *.*
$ netstat -anp udp | grep 161
udp4 0 0 *.161 *.*
lsof -i :161
SNMP is UDP, not TCP. It does't "listen" because there is no such concept for UDP sockets.
Look for the process by its name or process ID instead.

Get the port number from the process id in UNIX

I am trying to get the port number for the running process in UNIX.
below command gives me process ID:
ps -ef | grep process_name
502 741 389 0 11:02AM ttys000 0:00.00 grep process_name
Can someone please help me on how to get the ports used by the process. Thanks!
You can use lsof command to list ports in Mac OS X.
# This will list all the ports
sudo lsof -i -P | grep -i LISTEN
# This will list ports used by PID# <pid>
sudo lsof -i -P | grep -i LISTEN | grep <pid>

Who is listening on a given TCP port on Mac OS X?

On Linux, I can use netstat -pntl | grep $PORT or fuser -n tcp $PORT to find out which process (PID) is listening on the specified TCP port. How do I get the same information on Mac OS X?
On macOS Big Sur and later, use this command:
sudo lsof -i -P | grep LISTEN | grep :$PORT
or to just see just IPv4:
sudo lsof -nP -i4TCP:$PORT | grep LISTEN
On older versions, use one of the following forms:
sudo lsof -nP -iTCP:$PORT | grep LISTEN
sudo lsof -nP -i:$PORT | grep LISTEN
Substitute $PORT with the port number or a comma-separated list of port numbers.
Prepend sudo (followed by a space) if you need information on ports below #1024.
The -n flag is for displaying IP addresses instead of host names. This makes the command execute much faster, because DNS lookups to get the host names can be slow (several seconds or a minute for many hosts).
The -P flag is for displaying raw port numbers instead of resolved names like http, ftp or more esoteric service names like dpserve, socalia.
See the comments for more options.
For completeness, because frequently used together:
To kill the PID:
sudo kill -9 <PID>
# kill -9 60401
Up to macOS 13 Ventura, every version of macOS supports this:
sudo lsof -iTCP -sTCP:LISTEN -n -P
Personally I've end up with this simple function in my ~/.bash_profile:
listening() {
if [ $# -eq 0 ]; then
sudo lsof -iTCP -sTCP:LISTEN -n -P
elif [ $# -eq 1 ]; then
sudo lsof -iTCP -sTCP:LISTEN -n -P | grep -i --color $1
else
echo "Usage: listening [pattern]"
fi
}
Then listening command gives you a listing of processes listening on some port and listening smth greps this for some pattern.
Having this, it's quite easy to ask about particular process, e.g. listening dropbox, or port, e.g. listening 22.
lsof command has some specialized options for asking about port, protocol, process etc. but personally I've found above function much more handy, since I don't need to remember all these low-level options. lsof is quite powerful tool, but unfortunately not so comfy to use.
You can also use:
sudo lsof -i -n -P | grep TCP
This works in Mavericks.
Update January 2016
Really surprised no-one has suggested:
lsof -i :PORT_NUMBER
to get the basic information required. For instance, checking on port 1337:
lsof -i :1337
Other variations, depending on circumstances:
sudo lsof -i :1337
lsof -i tcp:1337
You can easily build on this to extract the PID itself. For example:
lsof -t -i :1337
which is also equivalent (in result) to this command:
lsof -i :1337 | awk '{ print $2; }' | head -n 2 | grep -v PID
Quick illustration:
For completeness, because frequently used together:
To kill the PID:
kill -9 <PID>
# kill -9 60401
or as a one liner:
kill -9 $(lsof -t -i :1337)
For the LISTEN, ESTABLISHED and CLOSED ports
sudo lsof -n -i -P | grep TCP
For the LISTEN ports only
sudo lsof -n -i -P | grep LISTEN
For a specific LISTEN port, ex: port 80
sudo lsof -n -i -P | grep ':80 (LISTEN)'
Or if you just want a compact summary [no service/apps described], go by NETSTAT. The good side here is, no sudo needed
netstat -a -n | grep 'LISTEN '
Explaining the items used:
-n suppress the host name
-i for IPv4 and IPv6 protocols
-P omit port names
-a [over netstat] for all sockets
-n [over netstat] don't resolve names, show network addresses as numbers
Tested on High Sierra 10.13.3 and Mojave 10.14.3
the last syntax netstat works on linux too
on OS X you can use the -v option for netstat to give the associated pid.
type:
netstat -anv | grep [.]PORT
the output will look like this:
tcp46 0 0 *.8080 *.* LISTEN 131072 131072 3105 0
The PID is the number before the last column, 3105 for this case
On macOS, here's an easy way to get the process ID that's listening on a specific port with netstat. This example looks for a process serving content on port 80:
find server running on port 80
netstat -anv | egrep -w [.]80.*LISTEN
sample output
tcp4 0 0 *.80 *.* LISTEN 131072 131072 715 0
The 2nd from the last column is the PID. In above, it's 715.
options
-a - show all ports, including those used by servers
-n - show numbers, don't look up names. This makes the command a lot faster
-v - verbose output, to get the process IDs
-w - search words. Otherwise the command will return info for ports 8000 and 8001, not just "80"
LISTEN - give info only for ports in LISTEN mode, i.e. servers
On the latest macOS version you can use this command:
lsof -nP -i4TCP:$PORT | grep LISTEN
If you find it hard to remember then maybe you should create a bash function and export it with a friendlier name like so
vi ~/.bash_profile
and then add the following lines to that file and save it.
function listening_on() {
lsof -nP -i4TCP:"$1" | grep LISTEN
}
Now you can type listening_on 80 in your Terminal and see which process is listening on port 80.
On Snow Leopard (OS X 10.6.8), running 'man lsof' yields:
lsof -i 4 -a
(actual manual entry is 'lsof -i 4 -a -p 1234')
The previous answers didn't work on Snow Leopard, but I was trying to use 'netstat -nlp' until I saw the use of 'lsof' in the answer by pts.
I am a Linux guy. In Linux it is extremely easy with netstat -ltpn or any combination of those letters. But in Mac OS X netstat -an | grep LISTEN is the most humane. Others are very ugly and very difficult to remember when troubleshooting.
checkout this project/tool: procs
install on MacOs: brew install procs
This allows you control what to display with procs.
To see TCP/UDP Ports, add below to ~/.procs.toml after installing the tool.
[[columns]]
kind = "TcpPort"
style = "BrightYellow|Yellow"
numeric_search = true
nonnumeric_search = false
align = "Left"
[[columns]]
kind = "UdpPort"
style = "BrightGreen|Green"
numeric_search = false
nonnumeric_search = true
align = "Left"
Here is a sample output:
lsof -n -i | awk '{ print $1,$9; }' | sort -u
This displays who's doing what. Remove -n to see hostnames (a bit slower).
This did what I needed.
ps -eaf | grep `lsof -t -i:$PORT`
I made a small script to see not only who is listening where but also to display established connections and to which countries. Works on OSX Siera
#!/bin/bash
printf "\nchecking established connections\n\n"
for i in $(sudo lsof -i -n -P | grep TCP | grep ESTABLISHED | grep -v IPv6 |
grep -v 127.0.0.1 | cut -d ">" -f2 | cut -d " " -f1 | cut -d ":" -f1); do
printf "$i : " & curl freegeoip.net/xml/$i -s -S | grep CountryName |
cut -d ">" -f2 | cut -d"<" -f1
done
printf "\ndisplaying listening ports\n\n"
sudo lsof -i -n -P | grep TCP | grep LISTEN | cut -d " " -f 1,32-35
#EOF
Sample output
checking established connections
107.178.244.155 : United States
17.188.136.186 : United States
17.252.76.19 : United States
17.252.76.19 : United States
17.188.136.186 : United States
5.45.62.118 : Netherlands
40.101.42.66 : Ireland
151.101.1.69 : United States
173.194.69.188 : United States
104.25.170.11 : United States
5.45.62.49 : Netherlands
198.252.206.25 : United States
151.101.1.69 : United States
34.198.53.220 : United States
198.252.206.25 : United States
151.101.129.69 : United States
91.225.248.133 : Ireland
216.58.212.234 : United States
displaying listening ports
mysqld TCP *:3306 (LISTEN)
com.avast TCP 127.0.0.1:12080 (LISTEN)
com.avast TCP [::1]:12080 (LISTEN)
com.avast TCP 127.0.0.1:12110 (LISTEN)
com.avast TCP [::1]:12110 (LISTEN)
com.avast TCP 127.0.0.1:12143 (LISTEN)
com.avast TCP [::1]:12143 (LISTEN)
com.avast TCP 127.0.0.1:12995 (LISTEN)
com.avast [::1]:12995 (LISTEN)
com.avast 127.0.0.1:12993 (LISTEN)
com.avast [::1]:12993 (LISTEN)
Google TCP 127.0.0.1:34013 (LISTEN)
This may be useful to check if you are connected to north-korea! ;-)
This is a good way on macOS High Sierra:
netstat -an |grep -i listen
Inspired by user Brent Self:
lsof -i 4 -a | grep LISTEN
For macOS I use two commands together to show information about the processes listening on the machine and process connecting to remote servers. In other words, to check the listening ports and the current (TCP) connections on a host you could use the two following commands together
1. netstat -p tcp -p udp
2. lsof -n -i4TCP -i4UDP
Thought I would add my input, hopefully it can end up helping someone.
Just a slight improvement on Michał Kalinowski's answer (I don't have enough reputation to leave a comment there): if you are trying to find the process listening on a port numbered 255 and below, the grep command might print lines related to the IP address, and which do not correspond to the desired result. For a port with any number, the grep command might also erroneously match the device's MAC address or PID. To improve on this, I suggest changing the command to grep --color ":$1 "

Resources