Blog

Identifying Processes Using Specific TCP/UDP Ports on Windows

When developing or deploying applications, a common challenge arises when a required network port is already occupied by another process.

Understanding which application is listening on a specific TCP or UDP port is crucial for troubleshooting and resolving these conflicts. This article outlines several methods available on Windows systems to identify the process associated with a particular port, using both command-line and graphical tools.

Understanding the Problem: Port Conflicts

Network communication relies on ports, unique identifiers for specific services or applications running on a system. Only one process can actively listen on a specific IP address and port combination at any given time.

When an application attempts to bind to a port already in use, it typically results in an error, preventing the application from starting correctly. Identifying the existing process holding the port open is the first step toward resolution.

Solutions for Identifying Port Usage

Windows offers built-in tools and readily available utilities to diagnose port usage. Below are common approaches.

Read: How to Close a Specific Port on Linux and Windows

1. Using `netstat` in Command Prompt

The `netstat` command is a versatile tool for displaying network connections, listening ports, Ethernet statistics, the IP routing table, IPv4 statistics (for IP, ICMP, TCP, and UDP protocols), IPv6 statistics, and network adapter statistics. It can reveal which process ID (PID) is associated with a port.

Basic Identification with PID

To list all active TCP connections and listening ports along with their associated PIDs, open Command Prompt (cmd.exe) and run:

netstat -ano

This command displays:

  • -a: All active TCP connections and the TCP and UDP ports on which the computer is listening.
  • -n: Addresses and port numbers in numerical form (faster as it avoids DNS lookups).
  • -o: The process identifier (PID) associated with each connection.

Methods Comparison

Identifying the Executable (Requires Administrator Privileges)

To directly see the executable name associated with the port, use the -b flag. This often requires running Command Prompt as Administrator.

netstat -abno

The -b flag attempts to find the executable involved in creating each connection or listening port. This can be time-consuming and might fail without sufficient permissions.

Common `netstat` Flags
Flag Description Admin Required
-a Displays all connections and listening ports. No
-b Displays the executable involved. Yes
-n Displays numerical addresses and ports. No
-o Displays the owning process ID (PID). No

Read: How to kill and Find processes listening to port 3000 on Mac

Filtering Output with `find` or `findstr`

The output of `netstat` can be extensive. Piping the output to `find` or `findstr` helps isolate specific ports or states.

To find a specific port (e.g., 8080):

netstat -ano | findstr ":8080"

Or, using `find`:

netstat -ano | find ":8080"

To find only listening ports:

netstat -ano | findstr "LISTENING"

Note: On non-English Windows systems, replace “LISTENING” with the equivalent term in the system’s language (e.g., “ABHÖREN” for German).

Combine filters to find a specific listening port (e.g., 8080):

netstat -ano | findstr "LISTENING" | findstr ":8080"

Or, using `netstat -aof` variant mentioned in discussions:

netstat -aof | findstr :8080

Identifying Process Name from PID (No Admin Rights Needed)

If you cannot use `netstat -b` due to permission restrictions, first find the PID using `netstat -ano | findstr “:”`, then use `tasklist` to find the process name associated with that PID.

1. Find the PID (e.g., for port 8080, assume the PID found is 2216):

netstat -ano | findstr ":8080"

2. Find the process name using the PID:

tasklist /fi "pid eq 2216"

Combined Command to Find Process Name

A more advanced command prompt technique uses a `for` loop to extract the PID and directly query `tasklist` for the process name (replace `9000` with the target port):

for /f "tokens=5" %a in ('netstat -aon ^| findstr ":9000"') do tasklist /FI "PID eq %a"

To suppress command headers, use:

echo off & (for /f "tokens=5" %a in ('netstat -aon ^| findstr ":9000"') do tasklist /NH /FI "PID eq %a") & echo on

Read: How to Display Environment Variables in Windows Command Prompt

2. Using PowerShell

PowerShell provides modern cmdlets for network information retrieval.

Using `Get-NetTCPConnection` and `Get-NetUDPEndpoint`

These cmdlets allow querying active TCP connections and UDP endpoints respectively.

To find the process using a specific TCP port (e.g., 443):

Get-NetTCPConnection -LocalPort 443

The output includes the `OwningProcess` property (the PID). To get more details, including the PID clearly:

Get-NetTCPConnection -LocalPort 443 | Format-List

Or format as a table:

Get-NetTCPConnection -LocalPort 443 | Format-Table -Property LocalAddress, LocalPort, State, OwningProcess

Finding the Process Name from PID

Combine with `Get-Process` to retrieve the process details directly:

For TCP:

Get-Process -Id (Get-NetTCPConnection -LocalPort 443).OwningProcess

For UDP:

Get-Process -Id (Get-NetUDPEndpoint -LocalPort 5353).OwningProcess

Note: Ensure you replace the placeholder port number (e.g., `443`, `5353`) with the actual port number you are investigating. Failure to provide a number might result in errors.

Generating a Combined Process and Port List

For a clearer overview of listening TCP ports and their associated process names:

Get-NetTCPConnection -State Listen | Select-Object -Property *, `
    @{'Name' = 'ProcessName';'Expression'={(Get-Process -Id $_.OwningProcess).Name}} `
    | Select-Object ProcessName,LocalAddress,LocalPort

For UDP endpoints:

Get-NetUDPEndpoint | Select-Object -Property *, `
   @{'Name' = 'ProcessName';'Expression'={(Get-Process -Id $_.OwningProcess).Name}} `
   | Select-Object ProcessName,LocalAddress,LocalPort

Alternative: `Get-NetworkStatistics`

Some environments might have the `Get-NetworkStatistics` cmdlet available:

Get-NetworkStatistics | where Localport -eq 8000

This command filters network statistics for the specified local port (e.g., 8000).

3. Using Graphical Tools (GUI)

For users preferring a graphical interface, several tools are available.

Graphical Tools for Network Process Identification

Read: How to Configure X11 Forwarding for WSL2

Resource Monitor (Built-in)

Windows includes the Resource Monitor, which provides detailed real-time information about system resources, including network activity.

  • Launch it by running `resmon.exe`.
  • Alternatively, open Task Manager, go to the “Performance” tab, and click “Open Resource Monitor”.
  • Navigate to the “Network” tab.
  • Expand the “Listening Ports” section to see processes listening on specific ports.
  • The “TCP Connections” section shows active connections.

Resource Monitor also displays the firewall status for listening ports.

Note: Running Resource Monitor typically requires administrator privileges.

TCPView (Sysinternals/Microsoft)

TCPView is a popular free utility from Microsoft (originally Sysinternals) that provides a detailed listing of all TCP and UDP endpoints on your system, including the remote address and state of TCP connections.

It highlights changes in real-time and allows closing connections or terminating processes directly from the interface. It often works without requiring explicit administrator elevation for viewing information.

CurrPorts (NirSoft)

CurrPorts is another third-party utility that displays the list of all currently opened TCP/IP and UDP ports. It offers advanced filtering capabilities and allows closing connections, potentially from the command line using parameters.

Process Explorer (Sysinternals/Microsoft)

While primarily a Task Manager replacement, Process Explorer allows inspecting individual processes. By viewing the properties of a specific process, the TCP/IP tab shows the ports that process is using.

This is less direct for finding which process uses a specific port but can be useful if you suspect a particular application.

4. Checking Reserved Port Ranges

Sometimes, a port might be unusable not because an application is actively listening, but because it falls within a range reserved by the operating system or features like Hyper-V. Use `netsh` to check these ranges:

netsh int ipv4 show excludedportrange protocol=tcp

This lists ranges of ports that are excluded from general use.

Terminating the Process Holding the Port

Once the PID of the offending process is identified, you might need to terminate it to free the port.

Using `taskkill` (Command Prompt)

Replace “ with the actual process ID:

taskkill /PID  /F

The `/F` flag forcefully terminates the process. This may require administrator privileges.

Using `Stop-Process` (PowerShell)

Replace “ with the actual process ID:

Stop-Process -Id  -Force

Alternatively, combine the lookup and termination (use with caution):

$processToStop = Get-Process -Id (Get-NetTCPConnection -LocalPort ).OwningProcess
Stop-Process -Id $processToStop.Id -Force

Using GUI Tools

Tools like Task Manager, Resource Monitor, TCPView, and CurrPorts often provide options to end a selected process directly from their interface.

Caution: Forcefully terminating processes can lead to data loss or system instability. Ensure you understand the role of the process before terminating it.

Verification

After applying a solution (e.g., stopping the process), verify the port is now free by:

  • Re-running the `netstat` or PowerShell command used for identification to see if the port is no longer listed as listening.
  • Attempting to start the application that initially failed due to the port conflict.
  • Checking the relevant GUI tool again.

Potential Considerations

  • Administrator Privileges: Some commands (`netstat -b`) and tools (Resource Monitor) require elevated permissions to display executable names or access all process information.
  • Large Output: Commands like `netstat -a` without filtering can produce very large outputs, potentially exceeding the command prompt buffer size. Filtering is recommended.
  • System Language: When using `findstr` or `find` with state keywords like “LISTENING”, ensure you use the term appropriate for your Windows display language.
  • PowerShell Versions: While the `Get-NetTCPConnection` cmdlets are standard in modern Windows, older systems might have different PowerShell versions or lack certain cmdlets like `Get-NetworkStatistics`.
  • Tool Accuracy: In complex scenarios (e.g., involving WSL or specific network configurations), different tools might report slightly different information. Resource Monitor is often cited as highly accurate.

Conclusion

Identifying which process is listening on a specific TCP or UDP port on Windows is a common administrative and development task. By utilizing built-in command-line tools like `netstat` and PowerShell cmdlets (`Get-NetTCPConnection`, `Get-NetUDPEndpoint`), combined with filtering and process identification commands (`findstr`, `tasklist`, `Get-Process`), users can effectively diagnose port usage.

Graphical tools like Resource Monitor, TCPView, and CurrPorts offer user-friendly alternatives with real-time monitoring and additional features. Understanding these methods allows for efficient troubleshooting of port conflicts and better management of network services.

 

Sara Esmiralda

Sara specializes in the Microsoft ecosystem, bringing a wealth of knowledge from managing enterprise environments. Her expertise covers Windows Server administration, Active Directory design and management, Group Policy optimization, PowerShell scripting, and Azure cloud services. She enjoys demystifying complex Windows concepts and sharing practical tips for system configuration, security hardening, and troubleshooting common issues.