Link to home
Start Free TrialLog in
Avatar of Bird757
Bird757Flag for South Africa

asked on

Port 80 is being used - but by whom?

I run IIS and Tomcat on the same server. Before last week I had specified IIS to "bind" to port 8080, and I edited the server.xml in Tomcat to use port 80.

Last week I made the mistake of clicking on the "install web components" option offered by Visual Studio, and something has now hooked port 80. IIS will run if I bind it to port 80, but if I stop the Web service (or bind IIS to port 8080), and try to set Tomcat to use Port 80, it tells me that the port is already in use.

How do I identify who has laid claim to port 80? If I run netsh / http / sho iplisten there are no bindings.
Avatar of sammySeltzer
sammySeltzer
Flag of United States of America image

If you go to your iis and click on Websites, what does it show to the right of the screen?

something like:

Description      State        IP Address       Port

From a command prompt on the local system run "netstat -a" without the quotation marks.
ASKER CERTIFIED SOLUTION
Avatar of sammySeltzer
sammySeltzer
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Bird757

ASKER

Answering the questions:
sammySetzer: Under State and IP I had
State=Started / Binding = *:80
but I then stopped IIS, stopped the sites, and restarted them on port 8080, so the above became:
State=Started / Binding = *:8080

I ran netstat after each of the following steps and port 80 remained assigned but I could not identify by what??

Starting Point:
1)
NETSTAT -p tcp -ano

Active Connections

  Proto  Local Address          Foreign Address        State           PID
  TCP    0.0.0.0:25             0.0.0.0:0              LISTENING       1284
  TCP    0.0.0.0:80             0.0.0.0:0              LISTENING       4
  TCP    0.0.0.0:135            0.0.0.0:0              LISTENING       692
  TCP    0.0.0.0:445            0.0.0.0:0              LISTENING       4
  TCP    0.0.0.0:1433           0.0.0.0:0              LISTENING       1520
  TCP    0.0.0.0:3389           0.0.0.0:0              LISTENING       2392
  TCP    0.0.0.0:5900           0.0.0.0:0              LISTENING       1840
  TCP    0.0.0.0:8009           0.0.0.0:0              LISTENING       2416
  TCP    0.0.0.0:8080           0.0.0.0:0              LISTENING       2416
  TCP    0.0.0.0:8172           0.0.0.0:0              LISTENING       4
  TCP    0.0.0.0:47001          0.0.0.0:0              LISTENING       4
  TCP    0.0.0.0:49152          0.0.0.0:0              LISTENING       396
  TCP    0.0.0.0:49153          0.0.0.0:0              LISTENING       508
  TCP    0.0.0.0:49154          0.0.0.0:0              LISTENING       904
  TCP    0.0.0.0:49155          0.0.0.0:0              LISTENING       940
  TCP    0.0.0.0:49156          0.0.0.0:0              LISTENING       1140
  TCP    0.0.0.0:49160          0.0.0.0:0              LISTENING       500
  TCP    0.0.0.0:49165          0.0.0.0:0              LISTENING       1284
  TCP    0.0.0.0:49167          0.0.0.0:0              LISTENING       1284
  TCP    0.0.0.0:49168          0.0.0.0:0              LISTENING       1284
  TCP    127.0.0.1:668          0.0.0.0:0              LISTENING       1188
  TCP    127.0.0.1:668          127.0.0.1:49172        ESTABLISHED     1188
  TCP    127.0.0.1:668          127.0.0.1:49173        ESTABLISHED     1188
  TCP    127.0.0.1:8005         0.0.0.0:0              LISTENING       2416
  TCP    127.0.0.1:49166        0.0.0.0:0              LISTENING       1520
  TCP    127.0.0.1:49172        127.0.0.1:668          ESTABLISHED     3640
  TCP    127.0.0.1:49173        127.0.0.1:668          ESTABLISHED     3640
A number of public IPs but none linked to ports 80 or 8080 have been removed here.

2)
Stop IIS and SMTP & Web Publishing (close and reopen the DOS box too):

Active Connections

  Proto  Local Address          Foreign Address        State           PID
  TCP    0.0.0.0:80             0.0.0.0:0              LISTENING       4
....
  TCP    0.0.0.0:8080           0.0.0.0:0              LISTENING       2416
....

3)
Stop Tomcat - port 8080 is no longer in the list.

4)
Bind IIS to port 8080 (Tomcat is Stopped)

Active Connections

  Proto  Local Address          Foreign Address        State           PID
  TCP    0.0.0.0:80             0.0.0.0:0              LISTENING       4
....
  TCP    0.0.0.0:8080           0.0.0.0:0              LISTENING       4
....

 User generated image
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Another hint, if you open up your task manager, click on Process tab, then above it, you see View.

Click on that View, Select Columns.

Put a tick mark on PID.

Click on Ok, now under processes, you see the PID column appear and you see which pid is associated with what application or pocess.
Get the help of Mark Russinovich

http://technet.microsoft.com/en-us/sysinternals/bb897437

Regards
Steven
Avatar of Bird757

ASKER

PID 4 is: NT Kernel & System - not much I can do to stop that one...
Avatar of Bird757

ASKER

After some investigation the Web Deployment Agent Service was the culprit. The only solution to this that I could find was to uninstall the service, and re-install it from the command line (because that way the port could be specified.

2 relevent links are:
http://forums.iis.net/p/1182557/1999767.aspx
http://technet.microsoft.com/en-us/library/dd569059(WS.10).aspx

Thanks for the help guys.

In closing - if there is an easier way to identify the program that had grabbed the port I would appreciate knowing how to do this? I identified the culprit was a process on PID 4, and then it was only luck that I thought it may be the web deploy service, and confirmed this by stopping the service. It would be good to remove the guess-work.
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial