Using netstat -a -o -n I can get the list of ports and PID
then I need to go to task manager and add the PID and see who is it. (pretty frustrating)
I was wonder if there is a CMD command which does it all ( using find , for , powershell)
so that I could get the process name
27 Answers
Solution
Use the -b parameter:
-b Displays the executable involved in creating each connection or listening port. In some cases well-known executables host multiple independent components, and in these cases the sequence of components involved in creating the connection or listening port is displayed. In this case the executable name is in [] at the bottom, on top is the component it called, and so forth until TCP/IP was reached. Note that this option can be time-consuming and will fail unless you have sufficient permissions.Note The netstat -b command will fail unless run from an elevated command prompt.
Workaround
Filter the process list and find the PID you're interested in:
tasklist | findstr /c:"PID" Alternate solution
You can use Tcpvcon.exe instead. No admin rights required.
Tcpvcon usage is similar to that of the built-in Windows
netstatutility.
Usage: tcpvcon [-a] [-c] [-n] [process name or PID] -a Show all endpoints (default is to show established TCP connections). -c Print output as CSV. -n Don't resolve addresses.I think you are looking for TCPView from SysInternals.
6Here is an example for windows using FOR to parse netstat output then DO tasklist with /fi filter on pid to show process name.
The last find is to remove tasklist headers.
FOR /F "usebackq tokens=5 delims= " %i IN (`netstat -ano ^|find "443"`) DO @tasklist /fi "pid eq %i" | find "%i"prints records output like
tomcat8.exe.x64 4240 Services 0 931,864 KAdditional fields from netstat can be added by adding tokens.
If you're fond of using PS, you can fork this code (note: it's super-basic)
$nets = netstat -ano | select-string LISTENING
foreach($n in $nets){ # make split easier PLUS make it a string instead of a match object: $p = $n -replace ' +',' ' # make it an array: $nar = $p.Split(' ') # pick last item: $pname = $(Get-Process -id $nar[-1]).ProcessName $ppath = $(Get-Process -id $nar[-1]).Path # print the modified line with processname instead of PID: $n -replace "$($nar[-1])","$($ppath) $($pname)"
}Note that you can try Path instead of ProcessName to get a full executable path - it won't work with system services though. Also, you may want to append the ProcessName to the end of the line instead of replacing the PID value.
Enjoy it ;)
Try to use this...
Process name with time stamp :) in oneliner... no need scripting fast and easy ...
You can change param SYN_SENT by ESTABLISHED or LISTENING
filter timestamp {"$(Get-Date -Format G): $_"};netstat -abno 1 | Select-String -Context 0,1 -Pattern LISTENING|timestamp
filter timestamp {"$(Get-Date -Format G): $_"};netstat -abno 1 | Select-String -Context 0,1 -Pattern SYN_SENT|timestampVery nice Erik Bitemo! I was thinking of adding a variable for the path then I realized you already have that although it was not defined. So the code I reused was:
$nets = netstat -ano |select-string LISTENING;
foreach ($n in $nets) {
# make split easier PLUS make it a string instead of a match object $p = $n -replace ' +',' ';
# make it an array $nar = $p.Split(' ')
# pick last item... $pname = $(Get-Process -id $nar[-1]).ProcessName $ppath = $(Get-Process -id $nar[-1]).Path;
# print the modified line with processname instead of PID $n -replace "$($nar[-1])","$($ppath) $($pname)" | where {$pname -like "*GMSVP*"} }I was trying to find the processes and services for an application where I used a somewhat different 2 liner.
Get-Service | select status,name,displayname,servicename | where {($_.DisplayName -like "myserv*") -or ($_.servicename -like "post*")} | ft -auto
Get-Process | select id, processname,cpu,path,description | where {$_.path -like "*myserv*"} | ft -autoyou can use this software too
more details:
1
