Security Basics mailing list archives

Re: How to find a process

From: nedk () fltg com
Date: 14 Jun 2007 16:39:47 -0000

With the WinXP and 2k3 Server versions of netstat the '-o' option will also output the Process ID#.  Or '-b' will give 
you the executable name and the PID, using '-v' along with '-b' will display the DLL(s) responsible for that particular 
connected/listening port.  You can also set it automatically dump the info on a set interval.  (NOTE: I don't believe 
some or all of these options work on Win2k, but I don't have a 2k box handy to test)

i.e., the command 'netstat -b -v 30' will dump info on executable and DLL responsible for the ports and it will run 
itself again every 30 seconds until you hit <CTRL>+C.

Now, if you want a Windows GUI, path and command for each executable and the ability to kill process connections, I'd 
check out SysInternals TCPView.

-- Ned

Current thread:

Re: How to find a process, (continued)
- Re: How to find a process Joshua M. Miller (Jun 14)
- Re: How to find a process rmyster (Jun 15)
- Re: How to find a process levinson_k (Jun 14)
  - RE: How to find a process Gressick, Michael (Jun 14)
  - RE: How to find a process Dan Denton (Jun 14)
  - RE: How to find a process Dan Denton (Jun 14)
    - Re: How to find a process Ansgar -59cobalt- Wiechers (Jun 14)
    - Re: How to find a process Michael Painter (Jun 14)
- Re: How to find a process Ned Kratzer (Jun 14)
- Re: How to find a process nicholdeaddis (Jun 14)
- Re: How to find a process nedk (Jun 14)
- Re: How to find a process Jay (Jun 14)
- RE: How to find a process Francisco Rodrigo Cortinas Maseda (Jun 14)