Determining which executable has a port open on Windows

A while back I wrote an article about using 'netstat -o' for finding out which PID had a particular port open (on Windows - you can use 'lsof' on Linux/Unix). Well, it turns out that in windows an additional flag will give you even more information.

Specifically, the addition of the '-b' flag will tell you which executable has which port open. Here's an example of the command and a snippet of its output:

C:\> netstat -bona

Active Connections

Proto Local Address Foreign Address State PID
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 932
RpcSs
[svchost.exe]
TCP 0.0.0.0:554 0.0.0.0:0 LISTENING 5652
[wmpnetwk.exe]
TCP 0.0.0.0:912 0.0.0.0:0 LISTENING 3204
[vmware-authd.exe]
TCP 0.0.0.0:990 0.0.0.0:0 LISTENING 1616
WcesComm
[svchost.exe]
TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING 1628
Dnscache

NOTE: If you try to run this on Vista as anyone other than Administrator, you'll get an error stating "The requested operation requires elevation.". To get around this:

RIGHT-Click on Start->All Programs->Accessories->Command Prompt, and select "Run As Administrator"

Then you can run the command from that new command prompt.