All Windows ports and the programs corresponding to them
1. Query the port of Windows
Run in CMD window:
Netstat -ano
result example:
活动连接
协议 本地地址 外部地址 状态 PID
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 1156
TCP 0.0.0.0:443 0.0.0.0:0 LISTENING 8336
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:902 0.0.0.0:0 LISTENING 6336
TCP 0.0.0.0:912 0.0.0.0:0 LISTENING 6336
TCP 0.0.0.0:3526 0.0.0.0:0 LISTENING 936
TCP 0.0.0.0:5040 0.0.0.0:0 LISTENING 5724
TCP 0.0.0.0:5242 0.0.0.0:0 LISTENING 520584
TCP 0.0.0.0:7680 0.0.0.0:0 LISTENING 7708
TCP 0.0.0.0:9173 0.0.0.0:0 LISTENING 26268
TCP 0.0.0.0:49664 0.0.0.0:0 LISTENING 944
TCP 0.0.0.0:49665 0.0.0.0:0 LISTENING 860
TCP 0.0.0.0:49666 0.0.0.0:0 LISTENING 2128
TCP 0.0.0.0:49667 0.0.0.0:0 LISTENING 1868
TCP 127.0.0.1:1029 0.0.0.0:0 LISTENING 5992
TCP 127.0.0.1:3334 0.0.0.0:0 LISTENING 12112
TCP 127.0.0.1:3334 127.0.0.1:1713 TIME_WAIT 0
TCP 127.0.0.1:3334 127.0.0.1:9848 TIME_WAIT 0
It can also be output to a file for easy query:
netstat -ano > netstat.txt
Note:
1. External addresses, except for 0.0.0.0 and 127.0.0.1 addresses, non-local addresses, non-intranet addresses, especially external network addresses, need to be paid attention to.
2. The last column is PID. You can check the corresponding program through the PID number.
2. Query application tasks
Query application and PID numbers
tasklist
映像名称 PID 会话名 会话# 内存使用
========================= ======== ================ =========== ============
System Idle Process 0 Services 0 8 K
System 4 Services 0 20 K
Registry 120 Services 0 51,700 K
smss.exe 500 Services 0 548 K
csrss.exe 736 Services 0 3,012 K
wininit.exe 860 Services 0 1,584 K
csrss.exe 880 Console 1 4,664 K
services.exe 936 Services 0 10,012 K
lsass.exe 944 Services 0 22,208 K
fontdrvhost.exe 92 Services 0 2,352 K
svchost.exe 536 Services 0 1,236 K
svchost.exe 760 Services 0 28,704 K
WUDFHost.exe 996 Services 0 5,652 K
winlogon.exe 1072 Console 1 5,820 K
fontdrvhost.exe 1136 Console 1 26,752 K
svchost.exe 1156 Services 0 16,444 K
You can also output to a file:
tasklist > tasklist.txt
3. Query the corresponding program through the port
映像名称 PID 会话名 会话# 内存使用
========================= ======== ================ =========== ============
TCP 192.168.132.166:2471 221.238.80.29:443 CLOSE_WAIT 28700
TCP 192.168.132.166:2472 122.9.121.25:8602 CLOSE_WAIT 125624
TCP 192.168.132.166:2473 122.9.121.25:8602 CLOSE_WAIT 125624
TCP 192.168.132.166:2496 121.52.252.58:8602 CLOSE_WAIT 125624
TCP 192.168.132.166:2600 43.137.190.184:443 ESTABLISHED 3628
TCP 192.168.132.166:2841 36.25.246.49:443 ESTABLISHED 27004
Use find to query the application name
tasklist | find “27004”
C:\Users\Test>tasklist | find "27004"
SogouExplorer.exe 27004 Console 1 50,612 K
C:\Users\Test>
C:\Users\Test>tasklist | find "28700"
QQ.exe 28700 Console 1 151,096 K
C:\Users\Test>tasklist | find "1156"
svchost.exe 1156 Services 0 16,492 K
C:\Users\Test>tasklist | find "3628"
WeChat.exe 3628 Console 1 337,452 K