How to find the connection between a system port and a process

If you find some port numbers that you've never seen before, how can you tell if the port is open to Trojans or not? Or do you want to know what port the process is opening in your system when you discover unfamiliar processes in the process list?

First, according to the process to check the port number

First enter "cmd.exe" into the command prompt window in the "Run" box of the Start menu, and first type the "tasklist" command to list the processes that the system is running, and write down or copy the "PID" number for the process you are looking for.

Small material: Click on the tag in the right menu, and then the process you want to check the "PID" number selected, click the "Enter" button on it. It is important to note that the same process image name is generally not the same as the PID number running, so once the process restarts, the PID number changes, which requires a review.

Write down the PID number of the process, and then use the PID number to display the port that the process opened.

Continue typing the "Netstat-ano findstr 1140" command under the current command, where the "Netstat-ano" parameter represents a digital display of all active TCP connections and TCP, UDP ports on which the computer is listening and displays the corresponding process ID PID number; "Findstr 1140" indicates a TCP connection that finds a process pid of "1140" and a TCP, UDP port listening condition (in practical applications, you need to replace the PID number you just noted or copied here for 1140). When you press the "Enter" key, the port number that the process opens is displayed.

It is obvious to us that the process with PID "1140" has a port of "3001", and if there is no prompt return, the process does not open any ports.

Second, according to the port number of the search process

Enter the "Netstat-ano" command in the Command Prompt window, listing the current port list for the system, which is already mentioned above. The function of the-o parameter is to display the process PID number of each port, and now write down or copy the process PID number of the port you want to check. Then continue typing "tasklist/fi″pid eq 788″" at the command prompt (in practice, you'll need to replace 788 of the PID numbers you copy or write down), and the line "/FI" parameter represents filtering in "tasklist" and "pid eq 788" is a condition that specifies the filter, and the "Enter" key shows the process of the port corresponding to it.

It can be seen that the PID number "788" corresponds to the process of "svchost.exe", if you check the port does not have any process associated with, this time will return the "does not run with the specified standard task" of the message.

III. identification of procedures corresponding to the process

Once you know the connection between a port and a process, how can you further identify the process as the process of that software or program?

The following actions require one of the tools in the installation CD-ROM (either server or Professional Edition).

First in the "Support\tools\" Directory of the installation CD, use the decompression software to open the "Support.cab" package, find the "Tlist.exe" file, release this file to any directory, such as "D:\Support." Then switch to this directory in the command Prompt window, run the "tlist.exe" command, write down or copy the PID number for the process you want to check (the first column is the PID number of the process), and then continue typing the "tlist.exe 2012" Command (when you enter it, You need to replace the PID number you just wrote down here, and "Cmdline" shows the directory where the process corresponds to the software.

In addition, the return information lists the files that are invoked by the process, which makes it easy to identify process-appropriate programs.

If you want to close a process, you can write down the PID number of the process, enter "Taskkill/pid 2400" 2400 as the PID number under the command, and then turn the PID number 2400 off, and if you want to force the process to close, just add a "/F" parameter to the command.