How to find out what is running on localhost port

Question

I have something running at port 9090 on my local machine.

It's probably something I set up long ago and forgot about... how can I find out what it is?

I am using Windows 8.

It's `netstat -b`, but this question is off topic because it does not appear to relate to professional systems administration. — Ryan Ries, Feb 06 '14 at 22:30
Maybe I should have put it on SuperUser? Thanks for the hint though. — BanksySan, Feb 06 '14 at 22:35

score 64 · Accepted Answer · answered Feb 07 '14 at 03:31

64

Run netstat -a -o | find "9090" and have a look at the far right column. That's the Process ID (PID) of the owning process. Match it up with running processes in Task Manager.

answered Feb 07 '14 at 03:31

Evan Anderson

1,859
13
10

If I try this I do get a process id on the fa right column but no process exists in the task manager with exactly that ID. the ID for me is 15936 but in the process manager the PID's go ....,15792, 15904, 16080,... if I arrange them in ascending order....How to fix this please? I then tried `tasklist /fi "pid eq 15936"` and got `INFO: No tasks are running which match the specified criteria` – user32882 Sep 21 '17 at 09:11
2

it gives me netstat: illegal option -- o – Eugen Sunic May 17 '20 at 09:09
@eugene_sunic - What version of Windows are you doing this on? AFAIK this argument has been in Windows since at least Windows XP, and still works fine in currently-shipping versions of Windows. – Evan Anderson May 17 '20 at 23:50

Apostolis Bekiaris · Answer 2 · 2021-10-01T10:35:15.007

@Evan Anderson answer did not work for me cause I got a message

FIND: Parameter format not correct

so I replaced the Find call with a powershell Select-String

netstat -aon|sls 61456

  TCP    127.0.0.1:61456        0.0.0.0:0              LISTENING       31796

finally I open Task manager and looked sort the PID column looking for 31796

Update

Usually I want to kill these processes so here a powershell script that does not need manual intervention

netstat -aon|sls 5000|%{("$_".substring("$_".LastIndexOf(' '))).Trim()}|%{
    $id=$_
    Get-Process|?{$_.id -eq $id}
}|Stop-Process

score 0 · Answer 3 · answered Feb 07 '14 at 02:33

Did you ever install Zeus admin server or Zyxel VoIP or CiscoSecure on that machine? Other possibilities include a Trojan such as Aphex's Remote Packet Sniffer or the IANA WebSM designation.

Take a look here or search the web for port 9090 or any other for that matter.

You can always do a basic intrusion testing using the GRC ShieldsUp! service.

How to find out what is running on localhost port

3 Answers3