Bird757
asked on
Port 80 is being used - but by whom?
I run IIS and Tomcat on the same server. Before last week I had specified IIS to "bind" to port 8080, and I edited the server.xml in Tomcat to use port 80.
Last week I made the mistake of clicking on the "install web components" option offered by Visual Studio, and something has now hooked port 80. IIS will run if I bind it to port 80, but if I stop the Web service (or bind IIS to port 8080), and try to set Tomcat to use Port 80, it tells me that the port is already in use.
How do I identify who has laid claim to port 80? If I run netsh / http / sho iplisten there are no bindings.
Last week I made the mistake of clicking on the "install web components" option offered by Visual Studio, and something has now hooked port 80. IIS will run if I bind it to port 80, but if I stop the Web service (or bind IIS to port 8080), and try to set Tomcat to use Port 80, it tells me that the port is already in use.
How do I identify who has laid claim to port 80? If I run netsh / http / sho iplisten there are no bindings.
From a command prompt on the local system run "netstat -a" without the quotation marks.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Answering the questions:
sammySetzer: Under State and IP I had
State=Started / Binding = *:80
but I then stopped IIS, stopped the sites, and restarted them on port 8080, so the above became:
State=Started / Binding = *:8080
I ran netstat after each of the following steps and port 80 remained assigned but I could not identify by what??
Starting Point:
1)
NETSTAT -p tcp -ano
Active Connections
Proto Local Address Foreign Address State PID
TCP 0.0.0.0:25 0.0.0.0:0 LISTENING 1284
TCP 0.0.0.0:80 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 692
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:1433 0.0.0.0:0 LISTENING 1520
TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING 2392
TCP 0.0.0.0:5900 0.0.0.0:0 LISTENING 1840
TCP 0.0.0.0:8009 0.0.0.0:0 LISTENING 2416
TCP 0.0.0.0:8080 0.0.0.0:0 LISTENING 2416
TCP 0.0.0.0:8172 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:47001 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:49152 0.0.0.0:0 LISTENING 396
TCP 0.0.0.0:49153 0.0.0.0:0 LISTENING 508
TCP 0.0.0.0:49154 0.0.0.0:0 LISTENING 904
TCP 0.0.0.0:49155 0.0.0.0:0 LISTENING 940
TCP 0.0.0.0:49156 0.0.0.0:0 LISTENING 1140
TCP 0.0.0.0:49160 0.0.0.0:0 LISTENING 500
TCP 0.0.0.0:49165 0.0.0.0:0 LISTENING 1284
TCP 0.0.0.0:49167 0.0.0.0:0 LISTENING 1284
TCP 0.0.0.0:49168 0.0.0.0:0 LISTENING 1284
TCP 127.0.0.1:668 0.0.0.0:0 LISTENING 1188
TCP 127.0.0.1:668 127.0.0.1:49172 ESTABLISHED 1188
TCP 127.0.0.1:668 127.0.0.1:49173 ESTABLISHED 1188
TCP 127.0.0.1:8005 0.0.0.0:0 LISTENING 2416
TCP 127.0.0.1:49166 0.0.0.0:0 LISTENING 1520
TCP 127.0.0.1:49172 127.0.0.1:668 ESTABLISHED 3640
TCP 127.0.0.1:49173 127.0.0.1:668 ESTABLISHED 3640
A number of public IPs but none linked to ports 80 or 8080 have been removed here.
2)
Stop IIS and SMTP & Web Publishing (close and reopen the DOS box too):
Active Connections
Proto Local Address Foreign Address State PID
TCP 0.0.0.0:80 0.0.0.0:0 LISTENING 4
....
TCP 0.0.0.0:8080 0.0.0.0:0 LISTENING 2416
....
3)
Stop Tomcat - port 8080 is no longer in the list.
4)
Bind IIS to port 8080 (Tomcat is Stopped)
Active Connections
Proto Local Address Foreign Address State PID
TCP 0.0.0.0:80 0.0.0.0:0 LISTENING 4
....
TCP 0.0.0.0:8080 0.0.0.0:0 LISTENING 4
....
sammySetzer: Under State and IP I had
State=Started / Binding = *:80
but I then stopped IIS, stopped the sites, and restarted them on port 8080, so the above became:
State=Started / Binding = *:8080
I ran netstat after each of the following steps and port 80 remained assigned but I could not identify by what??
Starting Point:
1)
NETSTAT -p tcp -ano
Active Connections
Proto Local Address Foreign Address State PID
TCP 0.0.0.0:25 0.0.0.0:0 LISTENING 1284
TCP 0.0.0.0:80 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 692
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:1433 0.0.0.0:0 LISTENING 1520
TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING 2392
TCP 0.0.0.0:5900 0.0.0.0:0 LISTENING 1840
TCP 0.0.0.0:8009 0.0.0.0:0 LISTENING 2416
TCP 0.0.0.0:8080 0.0.0.0:0 LISTENING 2416
TCP 0.0.0.0:8172 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:47001 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:49152 0.0.0.0:0 LISTENING 396
TCP 0.0.0.0:49153 0.0.0.0:0 LISTENING 508
TCP 0.0.0.0:49154 0.0.0.0:0 LISTENING 904
TCP 0.0.0.0:49155 0.0.0.0:0 LISTENING 940
TCP 0.0.0.0:49156 0.0.0.0:0 LISTENING 1140
TCP 0.0.0.0:49160 0.0.0.0:0 LISTENING 500
TCP 0.0.0.0:49165 0.0.0.0:0 LISTENING 1284
TCP 0.0.0.0:49167 0.0.0.0:0 LISTENING 1284
TCP 0.0.0.0:49168 0.0.0.0:0 LISTENING 1284
TCP 127.0.0.1:668 0.0.0.0:0 LISTENING 1188
TCP 127.0.0.1:668 127.0.0.1:49172 ESTABLISHED 1188
TCP 127.0.0.1:668 127.0.0.1:49173 ESTABLISHED 1188
TCP 127.0.0.1:8005 0.0.0.0:0 LISTENING 2416
TCP 127.0.0.1:49166 0.0.0.0:0 LISTENING 1520
TCP 127.0.0.1:49172 127.0.0.1:668 ESTABLISHED 3640
TCP 127.0.0.1:49173 127.0.0.1:668 ESTABLISHED 3640
A number of public IPs but none linked to ports 80 or 8080 have been removed here.
2)
Stop IIS and SMTP & Web Publishing (close and reopen the DOS box too):
Active Connections
Proto Local Address Foreign Address State PID
TCP 0.0.0.0:80 0.0.0.0:0 LISTENING 4
....
TCP 0.0.0.0:8080 0.0.0.0:0 LISTENING 2416
....
3)
Stop Tomcat - port 8080 is no longer in the list.
4)
Bind IIS to port 8080 (Tomcat is Stopped)
Active Connections
Proto Local Address Foreign Address State PID
TCP 0.0.0.0:80 0.0.0.0:0 LISTENING 4
....
TCP 0.0.0.0:8080 0.0.0.0:0 LISTENING 4
....
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Another hint, if you open up your task manager, click on Process tab, then above it, you see View.
Click on that View, Select Columns.
Put a tick mark on PID.
Click on Ok, now under processes, you see the PID column appear and you see which pid is associated with what application or pocess.
Click on that View, Select Columns.
Put a tick mark on PID.
Click on Ok, now under processes, you see the PID column appear and you see which pid is associated with what application or pocess.
Get the help of Mark Russinovich
http://technet.microsoft.com/en-us/sysinternals/bb897437
Regards
Steven
http://technet.microsoft.com/en-us/sysinternals/bb897437
Regards
Steven
ASKER
PID 4 is: NT Kernel & System - not much I can do to stop that one...
ASKER
After some investigation the Web Deployment Agent Service was the culprit. The only solution to this that I could find was to uninstall the service, and re-install it from the command line (because that way the port could be specified.
2 relevent links are:
http://forums.iis.net/p/1182557/1999767.aspx
http://technet.microsoft.com/en-us/library/dd569059(WS.10).aspx
Thanks for the help guys.
In closing - if there is an easier way to identify the program that had grabbed the port I would appreciate knowing how to do this? I identified the culprit was a process on PID 4, and then it was only luck that I thought it may be the web deploy service, and confirmed this by stopping the service. It would be good to remove the guess-work.
2 relevent links are:
http://forums.iis.net/p/1182557/1999767.aspx
http://technet.microsoft.com/en-us/library/dd569059(WS.10).aspx
Thanks for the help guys.
In closing - if there is an easier way to identify the program that had grabbed the port I would appreciate knowing how to do this? I identified the culprit was a process on PID 4, and then it was only luck that I thought it may be the web deploy service, and confirmed this by stopping the service. It would be good to remove the guess-work.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
something like:
Description State IP Address Port