8/7/2019 How to close an active port

1/3

How to find out which application is using what port

Windows

By: Ted Heich, on 4.9.2009, filed underWindowsand tagged asApache problem|find applications using port 80|port 80problem|Skype on port 80|Web server problem.

UPDATE (June 3, 2009): The original article describes the steps to take on how to

findapplicationsthat are using your port in aWindowsmachine, using only tools that came withyourWindowsinstallationno third party apps. I am updating the article now to include a third partytool; WinNetstat isa GUI tool for netstat, itsatwinnetstat.zapto.org

Network-awareapplicationsare a pain in the __ when they are acting up. They are particularlyannoyingand infuriating when they dont want to start. If you have tried starting Apache or MySQLetc either in stand-alone mode orservice mode (daemon mode in UNIX), youd know what Im

saying.

The first thing to check when network-awareapplicationswont start, is of course their log files, tryto see whats preventing them fromstarting; Almost always, the log file isgoing to tell you the reason

why the app wont start.

Lots of times, I encounter the problem of twoapplicationsusing exactly the same portnumber justto be clear, thats bad What the heck isa portnumber? Id point you to Wikipedia, but its toogeeky and too academe-ish. Ill take ashot of defining what an

application

port

number

is instead; Ill

segue a bit, then Ill come back to the main point, which is how to hunt an app thats hostaginga

portnumber.. (holdingmy breath now)What is an application port number

Everyapplicationthat needs to talk to otherapplications, needs to have a portnumber. Everycomputer can give out portnumbersranging from 0 65535, and once a portnumberisgiven, itcannot be given to anotherapplication(while it is runningat least) so, oneapplicationis to oneportnumber. The reason whyapplicationhave portnumbersisso that, when oneapplication(sayFirefox) wants to talk to anotherapplication(in another computer, say Apache; a web server), Firefoxneeds to know that when he sends out amessage, it will be received by the intended recipient

(Apache), and this can only be done if Firefox knows exactly where Apache is. There are 2

components that make up a unique address ofanapplication one is the IP address of themachine where theapplicationis running, and the other component is you guessed it, theportnumber; Collectively these two (IP addressand portnumber) are known asasocket, but thats

8/7/2019 How to close an active port

2/3

anotherstory, letsstop here Whats important to know is that, portnumbersare well,important; they determine the uniqueness ofanapplicationwithin amachine.How to hunt down applications via their port numbers

Imsure there could be amore neat albeit geekier way of finding out which app is using which

port; but will do it verbosely; easier to follow too.

You will use a command line tool called netstat (networkstatus); netstat isavailable onWindows,UNIX, and Linux, there are few differences in the parameters though, so I will cover UNIX and Linux

separately (in another post that is)

You will also use another command line utility calledfindstr(short for find string), itsaWindowscommand line utility which does well, find strings. It locates patterns ofstrings within astream of otherstrings. So, itsa handy utility when searching forvery specific words (or part of

words) within a large text file. If youve ever used the Find function in a word processor, you get

thepicturealready. The UNIX folks have been enjoying this tool fora long time, its called grep.Anyway, the basic idea is to use the netstat command so that we can list all theapplicationsthat areeitheraccepting orsending network traffic, and wed like to list their portnumbersand their processIDs too. Then, when we find the portnumberwe are looking for, we will list all the running processesand make the match using the process ID then well know who the culprit is.

Letssay that we are looking for port 80 IIS, Apache and other web servers listen in port 80, so

when you are having problemsstarting Apache, this technique will be useful. Here is the command.

C:\>netstat -aon | findstr 0.0:80

-ameans list all active connectionsand their ports. -o means include their process IDs. -n means

display the portnumbersnumerically.The pipe symbol ( | ) means, that instead of the result of netstat being displayed on the screen, feed

its result to the findstr process we are lookingspecifically for the line which has 0.0:80 you

actually dont need findstr, but I dont want to scroll down and hunt down manually which app isusing port 80. You might see something like this.

TCP 0.0.0.0:80 0.0.0.0:0 LISTENING 560

8/7/2019 How to close an active port

3/3

Aha! now we know that process 560 is using port 80 (that last column right there, is the process ID),

you could press CTRL-ALT-DEL now to show the process window, and manually look up which app

has the process ID 560, or you could enter ..

C:\>tasklist | findstr 560

tasklist isanotherWindowscommand line utility which shows you a list ofall active processes, againId feed it to the findstr utility via the pipe operator, and voila Skype is the culprit.

Skype actually doesnt have to use port 80, it can use other portnumbers but forsome reason, itjust does. This topic deservesanother post (Imsuresomebodyelse has this covered). But for now,this is what you do.

1. Shutdown skype, either via the GUI; or if youre feeling geeky enough,you can try taskkill /F /PID 560 (this will be different on your system)

2. Start Apache, or IIS or whatever it is that needs to use port 80

3. Then start skype again

if you repeat the procedure of netstat and tasklist, youll see that skype now happily usesanother

portnumber.Ifyou want to show appreciation for my efforts dear reader, you could buy me a tall hazel nut

Americano ($2) via PayPal. Thanks