Solved

How can I find out what is running on port 80?

Posted on 2000-05-15
6
213 Views
Last Modified: 2013-12-19
I have a piece of software that is not working correctly because something is using port 80 on my system (NT 4).  How can I find out *exactly* what is using port 80?  This question has been asked and answered previously in this section;  I know I can search my host files for what processes are supposed to run on which port, and the port scanner software recommended in previous answers to this question don't help.  Maybe I should kill all running processes in my task manager?  Help!
0
Comment
Question by:posconsultant
6 Comments
 
LVL 6

Expert Comment

by:Zoplax
Comment Utility
You can try using an app called @Guard (AT-guard).

When you activate its firewall component, the app will notify you when any app tries to access a network port.  It'll give you the name of the executable and the port number it's trying to access.
0
 
LVL 4

Expert Comment

by:wlaarhov
Comment Utility
If you use Netstat -n on the machine that you at least see if it is used and what state the port has.
You are right, in c:\winnt\system32\drivers\etc there is a file called services but it is only an information file, no further use.

Installing jet another application to the system pure to see what port is used realy makes no sense.

net you use the Netstat -n command and indeed slowly stop services on the system you can figure out what is using the port without further installations of software.

I find the question however interesting, because if there is a tool (prefer commandline) that could tell right away the status and use of a port it would be easy to monitor e.g. web and ftp servers.
So I will look some further to see if I can find anything.

At least I hope this helps some.

greetings
0
 
LVL 23

Expert Comment

by:Tim Holman
Comment Utility
Difficult..
Once a session is established on port 80 it's passed up to a higher level port.
You could certainly track down which machine these requests are coming from, but as the application layer is 'invisible' to routers, packet sniffers and the likes, you're not going to be able to find out which application is making these calls.
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 

Expert Comment

by:WindSong
Comment Utility
Emmm..
I think you can try this tool to find out which process use the port.
http://www.ntsecurity.nu/toolbox/inzider/

This is an example on my computer:

Checked C:\WINNT\System32\internat.exe (PID=1208)
Checked C:\Program Files\Internet Explorer\IEXPLORE.EXE (PID=1304)
  Found UDP port  1037 bound at 127.0.0.1 by C:\Program Files\Internet Explorer\IEXPLORE.EXE (PID=1304) [UDP client]
Checked C:\WINNT\Explorer.exe (PID=1056)
Checked C:\Program Files\Internet Explorer\iexplore.exe (PID=1380)
  Found UDP port  1191 bound at 127.0.0.1 by C:\Program Files\Internet Explorer\iexplore.exe (PID=1380) [UDP client]
0
 

Accepted Solution

by:
WindSong earned 125 total points
Comment Utility
Emmm..
I think you can try this tool to find out which process use the port.
http://www.ntsecurity.nu/toolbox/inzider/

This is an example on my computer:

Checked C:\WINNT\System32\internat.exe (PID=1208)
Checked C:\Program Files\Internet Explorer\IEXPLORE.EXE (PID=1304)
  Found UDP port  1037 bound at 127.0.0.1 by C:\Program Files\Internet Explorer\IEXPLORE.EXE (PID=1304) [UDP client]
Checked C:\WINNT\Explorer.exe (PID=1056)
Checked C:\Program Files\Internet Explorer\iexplore.exe (PID=1380)
  Found UDP port  1191 bound at 127.0.0.1 by C:\Program Files\Internet Explorer\iexplore.exe (PID=1380) [UDP client]
0
 

Author Comment

by:posconsultant
Comment Utility
Thanks to all who answered!
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Sometimes you might need to configure routing based not only on destination IP address, but also on a combination of destination IP address (or hostname) and destination port number. I will describe a method how to accomplish this with free tools. …
I'm a big fan of Windows' offline folder caching and have used it on my laptops for over a decade.  One thing I don't like about it, however, is how difficult Microsoft has made it for the cache to be moved out of the Windows folder.  Here's how to …
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now