原文出处:http://www.winntmag.com/Article/ArticleID/39955/39955.html
How can I determine which ports a specific process is using on Windows XP and later?
A. If you want to find out which ports a process is using and you know the process name, you must first determine the process identifier (PID). For example, to identify the PID for the pop3svc.exe process running on my system, I went to the command prompt and typed
c:/> tasklist /fi "IMAGENAME eq pop3svc.exe"
This command returned the following information:
Image Name PID Session Name Session# Mem Usage
POP3Svc.exe 3044 RDP-Tcp#9 0 2,072 K
The second column shows the PID, which I can then use with the Netstat command to search all in-use ports. For example, if I type
c:/> netstat -ano | findstr 3044
my system returns the following information:
TCP 0.0.0.0:110 0.0.0.0:0 LISTENING 3044
This result shows that the POP3 service was using TCP port 110 on all addresses.
You can also perform a reverse operation to find out which process is associated with a port. For example, to identify which process is using port 25, I could go to the command prompt and type
c:/> netstat -ano | findstr :25
On my system, this command returns the following information:
TCP 0.0.0.0:25 0.0.0.0:0 LISTENING 2500
After I identify the process (in this case, 2500), I can determine the process name by typing
c:/> tasklist /fi "PID eq 2500"
which returns the following information on my system:
Image Name PID Session Name Session# Mem Usage
inetinfo.exe 2500 RDP-Tcp#9 0 5,584 K
This information tells me that port 25 is being used by the inetinfo.exe process.
You can also use the TCPView program from http://www.sysinternals.com, which makes the whole process a lot simpler.
如何在Windows XP以上的版本中得知一个进程所使用的端口?
如果你想知道一个进程正在使用着哪个端口并且你知道此进程的名字,首先必须确定此进程的进程标识符(PID)。例如,标识运行在系统中的pop3svc.exe的PID,输入以下命令:
c:/> tasklist /fi "IMAGENAME eq pop3svc.exe"
此命令返回以下信息:
Image Name PID Session Name Session# Mem Usage
POP3Svc.exe 3044 RDP-Tcp#9 0 2,072 K
其中第二列显示了进程的PID,则我可以使用Netstat命令来搜索所有使用中的端口。如下所示:
c:/> netstat -ano | findstr 3044
系统返回以下信息:
TCP 0.0.0.0:110 0.0.0.0:0 LISTENING 3044
此结果显示了POP3服务正在所有地址上使用TCP端口110监听。
也可以使用反向的操作来找出哪一个进程给分配到一个指定的端口,例如,为了找出哪一个进程正在使用端口25,可以使用以下命令:
c:/> netstat -ano | findstr :25
系统返回了以下信息:
Image Name PID Session Name Session# Mem Usage
inetinfo.exe 2500 RDP-Tcp#9 0 5,584 K
此信息告诉我们端口25正在被inetinfo.exe进程使用着。
当然你也可以使用第三方提供的TCPView程序来完成此功能,更多有关TCPView的信息请访问http://www.sysinternals.com。