Re: How to find a process

["Ned Kratzer" <NedK () fltg com>]

With the WinXP and 2k3 Server versions of netstat the '-o' option will
also output the Process ID#.  Or '-b' will give you the executable name
and the PID, using '-v' along with '-b' will display the DLL(s)
responsible for that particular connected/listening port.  You can also
set it automatically dump the info on a set interval.  (NOTE: I don't
believe some or all of these options work on Win2k, but I don't have a
2k box handy to test)

i.e., the command 'netstat -b -v 30' will dump info on executable and
DLL responsible for the ports and it will run itself again every 30
seconds until you hit <CTRL>+C.

Now, if you want a GUI, path and command for each executable and the
ability to kill process connections, I'd check out SysInternals
TCPView.

-- Ned

> > > "Francisco Rodrigo Cortinas Maseda"
<francisco.cortinas () jazztel com> 06/13/07 05:32AM >>>
Hello,

my name is Fran, im a network and system administrator, and i have a
strange case, but sure somenone have had the same problem before me.

My problem is that we have some strange traffic on the firewalls,
going
from a server on a DMZ to public client pools.

10:09:10.511978 00:0e:0c:71:7f:cd > 10:00:00:00:26:01, ethertype IPv4
(0x0800), length 61: IP XXXXX.44267 > XXXXXX.3072: UDP, length 19

The problem is: with netstat i only see the ports daemons are
listening
on. I want to know the process that is using the outgoing port, that
is,
44267.

Is there a way to know this?

Thanks in advance.
Regards.