In many situations, it's helpful to identify which TCP connections are associated with which processes on a computer. With this information, you can determine whether a TCP connection is valid or unauthorized, determine whether a connection that's been active for a long time should be disconnected, or troubleshoot other types of problems.

You can use two simple commands to quickly match TCP connections with processes. First, you use the following Netstat command: 

netstat -aenos -p tcp

In the output, you need to locate the Active Connections section. As Figure 1 shows, this section includes the Foreign Address, State, and PID columns. The Foreign Address column contains the TCP/IP address and port (which appears after the colon) of the remote computer to which the local computer is connected. The State column specifies the connection's state when the Netstat command executed. The PID column shows the process identifier (PID) associated with the TCP connection.

The PID is the information you're after, but few people can identify a process by its PID. To get the name of the process, you can run the following Tasklist command: 

tasklist /v /fo List /fi "pid eq xxx"

where xxx is the PID. As Figure 2 shows, the output includes the process's image name (e.g., iexplore. exe) and display name (e.g., Microsoft Internet Explorer).
—Fritz Shad

End of Article


You must log on before posting a comment.

If you don't have a username & password, please register now.

Reader Comments

Hi Fritz,

This is great - Thanks!

Regards, Bret Bennett

bretabennett- April 25, 2007

Article Rating 5 out of 5

tried it and for some reason windows won't let me enter multiple switches

bugmenot- June 11, 2007

Article Rating 3 out of 5

 
 

ADS BY GOOGLE