Thoughts from the EPS Windows Server Performance Team
We deal with application and service issues on a daily basis. Normally the problems relate to applications not performing as expected, hanging or crashing. However, every so often someone will ask us what network port a service is using. Unless we are talking about one of the well known services such as SMTP, FTP, HTTP, RDP, LDAP, basic RPC etc, the ports being used are potentially subject to change. That does make life a little more challenging – but it’s nothing that we can’t figure out using some simple tools.
When considering network port numbers, the numbers are divided into three ranges: the Well Known ports, the Registered ports and the Dynamic (Private) ports. The Internet Assigned Numbers Authority (IANA) is responsible for the global coordination of the port assignments. The Well Known port range is from 0 – 1023, Registered ports run from 1024 – 49151, and the Dynamic ports run from 49152 – 65535.
So how do we determine the port that a service is using? Without using Network Monitor, Wireshark or a similar utility, there are a couple of very handy utilities provided with the operating system that we can use – NETSTAT.EXE and TASKLIST.EXE. Most administrators are familiar with NETSTAT.EXE already, but for those who are not, you can use NETSTAT.EXE to identify what ports are being used by a particular process. The syntax that we will be using for NETSTAT.EXE is as follows: netstat.exe –a –n –o. The switches we are using provide the following:
When the command is run, you will see output similar to what is below. Something to keep in mind is that in the Proto column, the protocol may be TCP or UDP.
If there is a specific port in use that we want to examine, we need the PID of the owning process, and TASKLIST.EXE. Turning our attention to TASKLIST.EXE, we covered some of the functionality in our post, Getting Started with SVCHOST.EXE Troubleshooting. The command that we use to dump out all of the processes and their PID’s is simply tasklist.exe. When I run this command, this is what the output looks like:
So, looking at the output from these two utilities, I can take the port number, and then map the PID to a specific process. If the process that you are looking at is an instance of SVCHOST.EXE – let’s use PID 4784 as our example, then you will need to use slightly different switches for TASKLIST.EXE as shown below:
And thus I can tell exactly what services are running in that instance of SVCHOST.EXE.
And with that, we’ve reached the end of our post. Until next time …
- CC Hameed
And how do I know, which of the two services in the example (RapiMgr, WcesComm) is using port 5679?