Monitor a specific port

I see that netstat can tell me if an IP port is in use and can give me per-protocol traffic, but I need to know if there is any traffic over a specific port.

Specifically, we have an application that keeps port 15032 open all the time.  There will be times when we need to unload that app, do some things, the restart the app, but I don't want to stop that app until the port has been idle for several minutes.

If possible, I'd like to use an extant utility whose stdout I can parse for port-specific traffic counts, otherwise it will take me a week or so to write one.

Anyone know of such a utility?  Undocumented options to netstat?  Something everyone knows about that my pea brain has overlooked in its dotage?

LVL 22
Who is Participating?
Pete LongConnect With a Mentor Technical ConsultantCommented:
Network monitoring and troubleshooting


Fluke Gear

One Touch (approx $5000)

NetTool (approx $1400)

OptiView (approx $17000)

Optiview Workgroup analyser

DSP-4300 Tester (approx $5000)

Wave Runner Wireless Tester (For Compaq Ipaq) (approx $4000)


Fluke Optiview (Network Inspector) (approx $8000),mss__cat_id--320,prod_id--6609426,rf--wgg.html

Ethereal (FREEWARE) - Best for sniffing traffic in and out of an interface

Sniffer Pro - Investigator (approx $5000)

Sniffer Basic (approx $1000)

Solarwinds Engineers Toolkit (price £688.00 sterling)
(This is a fantastic product - I use it every day)

MTRG (Multi Router Traffic Grapher) (FREEWARE)


NetworkActiv Scanner 4.0  (FREEWARE)

Pete LongTechnical ConsultantCommented:
Hi cookre,
Finding out what Ports are open

TO find out what ports are open/exposed do the following

Start >Run >type "cmd" {enter}
At the command line type "netstat -a" {enter}

The list displayed shows "Listening ports" and established "Who is on the other end" connections to yout computer.

This is a list of common Trojan/Backdoor Port numbers

Who is listening? Use this syntax: netstat -an |find /i "listening"
Save who is listening to a text file: netstat -an |find /i "listening" > c:\openports.txt
Who is established? Use this syntax: netstat -an |find /i "established"

Note: In Windows XP, you can type NETSTAT -O to get a list of all the owning process ID associated with each connection: netstat -ao |find /i "listening"


You can use PULIST from the W2K Resource Kit to find the PID and see what process uses it and who started it. For example, you found out that your computer had an open connection to a remote IP address on TCP port 80, and you don't have any Internet Explorer or other browser windows open. You want to find out what process is using that session.


Port Assignments for Commonly-Used Services

TCP/UDP Ports Used By Exchange 2000 Server;en-us;278339

Nice shiny Port List :0)

*****Portscan Software*****

Scan Yourself (Free)

Scan your Ports with Port Detective: lets you scan your PC ports to see which are open, in use, or blocked. This will help you find out how vulnerable your system is to hackers, and will also let you know which ports you can use for applications such as Web servers

Scan Remote COmputers (Free)

Advanced port scanner is a small, fast, robust and easy-to use port scanner for Win32 platform. It uses a multithread technique, so on fast machines you can scan ports very fast. Also, it contains descriptions for common ports, and can perform scans on predefined port ranges. You can use it for FREE. Download now!

cookreAuthor Commented:
Looks like I'm gonna hafta do some coding.

WinPCap's a winner.
Pete LongTechnical ConsultantCommented:
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.