I am investigating a production system where there are several Windows services communicating with each other through TCP/IP sockets. I'm trying to figure out which executable is listening to which IP address and which port on a given machine.
Other than rummaging through each windows service's obscure configuration files, is there a system tool that can more easily give me the details I want?
-
Command line netstat tool might help you. To learn available parameters run it with /?: netstat /?
Or there is a better GUI alternative: SysInternals TcpView (freely downloadable from ms site)
-
netstat -abn
-
http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx
SysInternals TCPView is great
-
As already mentioned TCPView by SysInternals (i.e. Microsoft) is a great tool. But on production systems you may not be allowed to install additional software, so I think you may want to try out netstat.exe, which is typically located at C:\WINNT\system32\netstat.exe .
A help page is available with
netstat -?
Examples are:
netstat -a
Lists all local TCP connections and listening ports together with remote TCP endpoint.
netstat -o
Adds the process ID to the output.
netstat -b
Gives you the name of the executable wich was involved in establising this connection/port.
0 comments:
Post a Comment