Re: How to find a process

Hello Fran,

If your server is running a copy of Windows Server 2000 & above, then
at the command prompt of the server, type "netstat -ano". You'll get a
listing of locally open ports along with it connection to foreign IP
Address with it's PID number. Now pick up this PID number & look into
Windows Task Manager to see which process does the PID number belongs

Besides this tedious technique, a simpler technique is to use "Process
Explorer" from Sysinternals or "TCPMon".

Process Explorer:


However if your server is UNIX based, then you can try "netstat -antp"
for TCP & "netstat -anup" for UDP protocols connections currently
active on your server.

Popular 'lsof' command (needs to be installed seperatly) can also help
you in this regard.

Besides this, running a Vulnerability Scanner (like Nessus) against
this server is also a recommended step before it gets totally


Nikhil Wagholikar

Security Analyst
NII Consulting

On 6/13/07, Francisco Rodrigo Cortinas Maseda
<francisco.cortinas@xxxxxxxxxxx> wrote:

my name is Fran, im a network and system administrator, and i have a
strange case, but sure somenone have had the same problem before me.

My problem is that we have some strange traffic on the firewalls, going
from a server on a DMZ to public client pools.

10:09:10.511978 00:0e:0c:71:7f:cd > 10:00:00:00:26:01, ethertype IPv4
(0x0800), length 61: IP XXXXX.44267 > XXXXXX.3072: UDP, length 19

The problem is: with netstat i only see the ports daemons are listening
on. I want to know the process that is using the outgoing port, that is,

Is there a way to know this?

Thanks in advance.