Mapping network connections to Process ID's in Windows

One of the cool features in Linux is the ability to map network requests with process id's (PIDs). This can help any system administrator troubleshoot a number of things, such as "What process is using port 80?".


I struggled for a long time to do the same thing on Windows machines, but I have recently found out that with netstat, run in administrator mode, you can actually get something similar:


Microsoft Windows [Version 10.0.17763.592]
(c) 2018 Microsoft Corporation. All rights reserved.

C:\WINDOWS\system32>netstat -aon

Active Connections

  Proto  Local Address          Foreign Address        State           PID
  TCP    0.0.0.0:80             0.0.0.0:0              LISTENING       4
  TCP    0.0.0.0:135            0.0.0.0:0              LISTENING       1072
  TCP    0.0.0.0:445            0.0.0.0:0              LISTENING       4
  TCP    0.0.0.0:2179           0.0.0.0:0              LISTENING       4428
  TCP    0.0.0.0:2701           0.0.0.0:0              LISTENING       11140
  TCP    0.0.0.0:3000           0.0.0.0:0              LISTENING       10204
  TCP    0.0.0.0:5040           0.0.0.0:0              LISTENING       6916
  TCP    0.0.0.0:8732           0.0.0.0:0              LISTENING       4

No comments: