Thursday, March 25, 2010

netstat and troubleshooting tools

I think I know netstat very well. Until today I found it is not true. I miss some great feature.

Netstat -ab

this -ab switch list the firewall port and owner process information. It help to determine which program/file open which TCP port.

Proto Local Address Foreign Address State
TCP 0.0.0.0:135 huajo-win-7:0 LISTENING
RpcSs
[svchost.exe]
TCP 0.0.0.0:445 huajo-win-7:0 LISTENING
Can not obtain ownership information
TCP 0.0.0.0:3389 huajo-win-7:0 LISTENING
CryptSvc
[svchost.exe]
TCP 0.0.0.0:5357 huajo-win-7:0 LISTENING
Can not obtain ownership information
TCP 0.0.0.0:49152 huajo-win-7:0 LISTENING
[wininit.exe]
TCP 0.0.0.0:49153 huajo-win-7:0 LISTENING
eventlog
[svchost.exe]
TCP 0.0.0.0:49154 huajo-win-7:0 LISTENING
Schedule
[svchost.exe]
TCP 0.0.0.0:49157 huajo-win-7:0 LISTENING
[services.exe]
TCP 0.0.0.0:49193 huajo-win-7:0 LISTENING
[lsass.exe]
TCP 10.27.1.23:139 huajo-win-7:0 LISTENING
Can not obtain ownership information
TCP 10.27.1.23:49233 plan-actdir:1026 ESTABLISHED
[OUTLOOK.EXE]
TCP 10.27.1.23:49236 exchange:1167 ESTABLISHED
[OUTLOOK.EXE]
TCP 10.27.1.23:49773 host72:http CLOSE_WAIT
[OUTLOOK.EXE]
TCP 10.27.1.23:49774 www3:http CLOSE_WAIT
[OUTLOOK.EXE]
TCP 10.27.1.23:49779 unset:http CLOSE_WAIT
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)