Use command lines to view ports and processes

1. Check the port number based on the process
First, enter cmd.exe In the Startup menu to enter the Command Prompt window. The "tasklist" command will list the processes that are running in the system, and write down or copy the "PID" corresponding to the processes you want to query. For example:

Note that the "PID" of the same process image name is usually not the same each time, so the "PID" number will change once the process is restarted, in this case, you need to review it.
After you write down the PID of the process, use the PID to display the port opened by the process.
For example, if you want to see the progress "qq.exe" (which indicates that the idnumber of the process is 1332) has enabled those ports, continue typing the "netstat-ano | findstr 1332" command under the current command line, the "netstat-ano" parameter indicates that all active TCP connections and TCP and UDP ports being listened on by the computer are displayed in numerical form, and the corresponding process id pid is displayed; "| findstr 1332" indicates the TCP connection where the PID of the process is "1332" and the listening status of TCP and UDP ports (in actual application, replace the PID you just noted down or copied with 1332 ). Press enter to display the port number opened by the process. For example:

We can clearly see that all the ports opened by the process whose PID is "1332". If no prompt is returned at this time, it means that the process has not enabled any ports.

2. Check the process by port number
Enter the "netstat-ano" command in the Command Prompt window to list the current port list of the system. The function of this command has been mentioned above. -O parameters are mainly used to display the process PID numbers corresponding to each port. Now, write down or copy the process PID numbers corresponding to the port you want to check. Then, enter "tasklist/fi" pid eq 788 "at the command prompt. (In actual applications, replace the PID you copied or noted down with 788 ), the "/fi" parameter of this line of statement indicates filtering in "tasklist", while "pid eq 788" indicates the filtering condition. Press "enter, the process corresponding to the port is displayed. It can be seen that the PID Number is "cmd788.exe" and the process is "cmdsvchost.exe". If the port you are querying is not associated with any process, the system will return the prompt message "no running tasks with the specified standard.

3. Find out the corresponding processProgram After knowing the connection between the port and the process, how can we further find out that the process is the process of that software or program? The following operation requires a tool on the Windows 2000 (server or professional) installation disc.
First, open the support.cab.pdf compressed package with the decompressed software, find the ttlist.exe file, and release the file to any directory, such as "D: support ". Then, run the "cmdtlist.exe" command in the prompt window to write down or copy the PID Number of the process to be queried (the first column is the PID Number of the process). Then, run the "cmdtlist.exe 2012" command (when you enter, you need to replace the PID Number you noted down with 2012). The "cmdline" is followed by the directory where the software corresponding to the process is located.
In addition, the returned information also lists the files called by the process. With this information, you can easily find the program corresponding to the process.
If you want to close a process, you can write down the PID of the process and enter "taskkill/PID 2400" 2400 as the PID in the command prompt) you can disable a process whose PID is 2400. to disable the process forcibly, you only need to add the "/F" parameter after this command, or use ntsd-C q-p pid (in actual application, replace the PID with the actual PID Number) Iv. Port Monitoring Each computer must open a port in the computer to establish a network connection with the external network. A port is like a door connecting a computer to an external network. It makes connection to the network possible and brings many security risks. hackers may open a port backdoor, use Trojans to control your computer. Network Viruses may also attack your computer through ports. The netstat command can complete the simple port monitoring function and execute netstat-ano 10> C: \ port.txt to generate a network port status record file named port.txt under drive C, append the refreshed status to the text every 10 seconds. Press <Ctrl> + <C> to stop monitoring. This port monitoring record can be used to check whether illegal intrusion connections exist.