?
Solved

How can I find out what is running on port 80?

Posted on 2000-05-15
6
Medium Priority
?
230 Views
Last Modified: 2013-12-19
I have a piece of software that is not working correctly because something is using port 80 on my system (NT 4).  How can I find out *exactly* what is using port 80?  This question has been asked and answered previously in this section;  I know I can search my host files for what processes are supposed to run on which port, and the port scanner software recommended in previous answers to this question don't help.  Maybe I should kill all running processes in my task manager?  Help!
0
Comment
Question by:posconsultant
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 6

Expert Comment

by:Zoplax
ID: 2810892
You can try using an app called @Guard (AT-guard).

When you activate its firewall component, the app will notify you when any app tries to access a network port.  It'll give you the name of the executable and the port number it's trying to access.
0
 
LVL 4

Expert Comment

by:wlaarhov
ID: 2812237
If you use Netstat -n on the machine that you at least see if it is used and what state the port has.
You are right, in c:\winnt\system32\drivers\etc there is a file called services but it is only an information file, no further use.

Installing jet another application to the system pure to see what port is used realy makes no sense.

net you use the Netstat -n command and indeed slowly stop services on the system you can figure out what is using the port without further installations of software.

I find the question however interesting, because if there is a tool (prefer commandline) that could tell right away the status and use of a port it would be easy to monitor e.g. web and ftp servers.
So I will look some further to see if I can find anything.

At least I hope this helps some.

greetings
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 2816656
Difficult..
Once a session is established on port 80 it's passed up to a higher level port.
You could certainly track down which machine these requests are coming from, but as the application layer is 'invisible' to routers, packet sniffers and the likes, you're not going to be able to find out which application is making these calls.
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 

Expert Comment

by:WindSong
ID: 2817560
Emmm..
I think you can try this tool to find out which process use the port.
http://www.ntsecurity.nu/toolbox/inzider/

This is an example on my computer:

Checked C:\WINNT\System32\internat.exe (PID=1208)
Checked C:\Program Files\Internet Explorer\IEXPLORE.EXE (PID=1304)
  Found UDP port  1037 bound at 127.0.0.1 by C:\Program Files\Internet Explorer\IEXPLORE.EXE (PID=1304) [UDP client]
Checked C:\WINNT\Explorer.exe (PID=1056)
Checked C:\Program Files\Internet Explorer\iexplore.exe (PID=1380)
  Found UDP port  1191 bound at 127.0.0.1 by C:\Program Files\Internet Explorer\iexplore.exe (PID=1380) [UDP client]
0
 

Accepted Solution

by:
WindSong earned 500 total points
ID: 2817561
Emmm..
I think you can try this tool to find out which process use the port.
http://www.ntsecurity.nu/toolbox/inzider/

This is an example on my computer:

Checked C:\WINNT\System32\internat.exe (PID=1208)
Checked C:\Program Files\Internet Explorer\IEXPLORE.EXE (PID=1304)
  Found UDP port  1037 bound at 127.0.0.1 by C:\Program Files\Internet Explorer\IEXPLORE.EXE (PID=1304) [UDP client]
Checked C:\WINNT\Explorer.exe (PID=1056)
Checked C:\Program Files\Internet Explorer\iexplore.exe (PID=1380)
  Found UDP port  1191 bound at 127.0.0.1 by C:\Program Files\Internet Explorer\iexplore.exe (PID=1380) [UDP client]
0
 

Author Comment

by:posconsultant
ID: 2817988
Thanks to all who answered!
0

Featured Post

Get real performance insights from real users

Key features:
- Total Pages Views and Load times
- Top Pages Viewed and Load Times
- Real Time Site Page Build Performance
- Users’ Browser and Platform Performance
- Geographic User Breakdown
- And more

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

FIPS stands for the Federal Information Processing Standardisation and FIPS 140-2 is a collection of standards that are generically associated with hardware and software cryptography. In most cases, people can refer to this as the method of encrypti…
Have you ever set up your wireless router at home or in the office to find that you little pop-up bubble in the bottom right-hand corner of Windows read "IP Conflict - One of more computers on the network have been assigned the following IP address"…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question