In the use of a local area network, we often find that some mysterious ports are open in the system. This poses potential security risks to the system. In order to have full control over port usage, some users may employ third-party tools to check which specific programs are using these ports. However, it's completely unnecessary to go through all this trouble because Windows already has this functionality built-in. Let's learn how to do it below!
### Checking Open Ports
Experienced network administrators know that using the `Netstat` command allows you to see which ports are currently open on the system. But did you know that if you add the parameter `-o` while using the `Netstat` command, you can further determine the process ID (PID) associated with each port? This means the PID can be used to identify which process (program) is using a specific port. For example, after running the command `netstat -ano`, you may discover that ports 3026, 3030, and 3728 are open (as shown in Figure 1).
From the figure above, it isn't immediately clear which processes are associated with these three ports. However, we can determine that the process with PID 628 is using these three ports.
### Activating Process PID
Since we now know there is a process with PID 628 in the system, let’s find out what it is. Everyone knows that you can view system processes by pressing the "Ctrl+Alt+Delete" key combination and checking under the "Processes" tab in the "Windows Task Manager." By default, the "Processes" tab does not display the PID column, so we cannot directly see which PID corresponds to each process. Therefore, we need to enable the PID column display first. Here's how:
Click on the "Select Columns" menu item under the "View" option in the "Windows Task Manager" window, then click to select the "PID" (Process Identifier) checkbox (as shown in Figure 2).
Afterward, in the list under the "Processes" tab in the "Windows Task Manager" window, you will notice an additional PID column. You can then sort the list from largest to smallest to locate the process with PID 628, thus identifying the "culprit" program (as shown in Figure 3).
From the information displayed in the figure above, we can see that the PID 628 is associated with ports 3026, 3030, and 3728, and the application using PID 628 is "MSN Messenger"!! As you can see, we've easily identified the program associated with the port!