Port 80 is being used - but by whom?

I run IIS and Tomcat on the same server. Before last week I had specified IIS to "bind" to port 8080, and I edited the server.xml in Tomcat to use port 80.

Last week I made the mistake of clicking on the "install web components" option offered by Visual Studio, and something has now hooked port 80. IIS will run if I bind it to port 80, but if I stop the Web service (or bind IIS to port 8080), and try to set Tomcat to use Port 80, it tells me that the port is already in use.

How do I identify who has laid claim to port 80? If I run netsh / http / sho iplisten there are no bindings.
Bird757Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

sammySeltzerCommented:
If you go to your iis and click on Websites, what does it show to the right of the screen?

something like:

Description      State        IP Address       Port

0
AIC-AdminCommented:
From a command prompt on the local system run "netstat -a" without the quotation marks.
0
sammySeltzerCommented:
yea,  I thought about that but it is very hard to read.

This gives similar result:

NETSTAT -p tcp -ano
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

Bird757Author Commented:
Answering the questions:
sammySetzer: Under State and IP I had
State=Started / Binding = *:80
but I then stopped IIS, stopped the sites, and restarted them on port 8080, so the above became:
State=Started / Binding = *:8080

I ran netstat after each of the following steps and port 80 remained assigned but I could not identify by what??

Starting Point:
1)
NETSTAT -p tcp -ano

Active Connections

  Proto  Local Address          Foreign Address        State           PID
  TCP    0.0.0.0:25             0.0.0.0:0              LISTENING       1284
  TCP    0.0.0.0:80             0.0.0.0:0              LISTENING       4
  TCP    0.0.0.0:135            0.0.0.0:0              LISTENING       692
  TCP    0.0.0.0:445            0.0.0.0:0              LISTENING       4
  TCP    0.0.0.0:1433           0.0.0.0:0              LISTENING       1520
  TCP    0.0.0.0:3389           0.0.0.0:0              LISTENING       2392
  TCP    0.0.0.0:5900           0.0.0.0:0              LISTENING       1840
  TCP    0.0.0.0:8009           0.0.0.0:0              LISTENING       2416
  TCP    0.0.0.0:8080           0.0.0.0:0              LISTENING       2416
  TCP    0.0.0.0:8172           0.0.0.0:0              LISTENING       4
  TCP    0.0.0.0:47001          0.0.0.0:0              LISTENING       4
  TCP    0.0.0.0:49152          0.0.0.0:0              LISTENING       396
  TCP    0.0.0.0:49153          0.0.0.0:0              LISTENING       508
  TCP    0.0.0.0:49154          0.0.0.0:0              LISTENING       904
  TCP    0.0.0.0:49155          0.0.0.0:0              LISTENING       940
  TCP    0.0.0.0:49156          0.0.0.0:0              LISTENING       1140
  TCP    0.0.0.0:49160          0.0.0.0:0              LISTENING       500
  TCP    0.0.0.0:49165          0.0.0.0:0              LISTENING       1284
  TCP    0.0.0.0:49167          0.0.0.0:0              LISTENING       1284
  TCP    0.0.0.0:49168          0.0.0.0:0              LISTENING       1284
  TCP    127.0.0.1:668          0.0.0.0:0              LISTENING       1188
  TCP    127.0.0.1:668          127.0.0.1:49172        ESTABLISHED     1188
  TCP    127.0.0.1:668          127.0.0.1:49173        ESTABLISHED     1188
  TCP    127.0.0.1:8005         0.0.0.0:0              LISTENING       2416
  TCP    127.0.0.1:49166        0.0.0.0:0              LISTENING       1520
  TCP    127.0.0.1:49172        127.0.0.1:668          ESTABLISHED     3640
  TCP    127.0.0.1:49173        127.0.0.1:668          ESTABLISHED     3640
A number of public IPs but none linked to ports 80 or 8080 have been removed here.

2)
Stop IIS and SMTP & Web Publishing (close and reopen the DOS box too):

Active Connections

  Proto  Local Address          Foreign Address        State           PID
  TCP    0.0.0.0:80             0.0.0.0:0              LISTENING       4
....
  TCP    0.0.0.0:8080           0.0.0.0:0              LISTENING       2416
....

3)
Stop Tomcat - port 8080 is no longer in the list.

4)
Bind IIS to port 8080 (Tomcat is Stopped)

Active Connections

  Proto  Local Address          Foreign Address        State           PID
  TCP    0.0.0.0:80             0.0.0.0:0              LISTENING       4
....
  TCP    0.0.0.0:8080           0.0.0.0:0              LISTENING       4
....

 IIS and netstat output
0
sammySeltzerCommented:
Given your posting above, it appears that there are some processes using your port 80.

Take this line for instance:

TCP    0.0.0.0:80             0.0.0.0:0              LISTENING       4

Go to your task manager and see what PID is 4. That's what is using port 80.

I don't know how to remove it from pid 4 but that's a start.
0
sammySeltzerCommented:
Another hint, if you open up your task manager, click on Process tab, then above it, you see View.

Click on that View, Select Columns.

Put a tick mark on PID.

Click on Ok, now under processes, you see the PID column appear and you see which pid is associated with what application or pocess.
0
NT_thyrthCommented:
Get the help of Mark Russinovich

http://technet.microsoft.com/en-us/sysinternals/bb897437

Regards
Steven
0
Bird757Author Commented:
PID 4 is: NT Kernel & System - not much I can do to stop that one...
0
Bird757Author Commented:
After some investigation the Web Deployment Agent Service was the culprit. The only solution to this that I could find was to uninstall the service, and re-install it from the command line (because that way the port could be specified.

2 relevent links are:
http://forums.iis.net/p/1182557/1999767.aspx
http://technet.microsoft.com/en-us/library/dd569059(WS.10).aspx

Thanks for the help guys.

In closing - if there is an easier way to identify the program that had grabbed the port I would appreciate knowing how to do this? I identified the culprit was a process on PID 4, and then it was only luck that I thought it may be the web deploy service, and confirmed this by stopping the service. It would be good to remove the guess-work.
0
Russell_VenableCommented:
I usually use processhacker or processexplorer to troubleshoot unknown process issues. Processhacker has a network tab that allows you to see the program and the network connection side-by-side. Processexplorer can do this as well but is more complicated. When you get a PID of 4 it means that programs is running as a system service and you will need to investigate it further by check what services are under svchost. By this you can search Svchost using a tool from Microsoft codeplex called svchost viewer Available at svchostviewer.codeplex.com and the other tools are available here processhacker.sourceforge.net, http://technet.microsoft.com/en-us/sysinternals/bb896653

There really is not a all-in-one tool to get to a system process. It requires a little bit more knowledge if the operating system internals. As for the web deployment agent. It should always be configured on install as it defaults to 80 without proper configuration as it is designed to run as a available Http web service. Hope this helps clarify your question.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft IIS Web Server

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.