I have a server listening for connections on UDP and another on TCP.
I need to know what process initiated the connection. Is that possible?
I have found multiple solutions, but all imply checking each process for each port, which has a performance issue in my view. Also, when i tried this, i only get the PID of my server application, not the client.
Thank you
you can try this
netstat -a -n -o | find "1688"
You will get the exact output of the process
UDP 10.4.112.77:55866 *:* 1688
UDP 127.0.0.1:1900 *:* 1688
UDP 127.0.0.1:55868 *:* 1688
Try this for complete process id port and process name.
Open a command prompt window (as Administrator) From "Start\Search box" Enter "cmd" then right-click on "cmd.exe" and select "Run as Administrator"
Enter: netstat -abno
Find the Port that you are listening on under "Local Address"
Look at the process name directly under that.
you can collect the information and then the parse the output
this one stack link might be helping you.
Which PID listens on a given port in c#
Related
I work on aspnet core web api project. I will publish this project to remote server. When Kestrel is running, default port is 5000 or anythink like this.
I want to change this port to 80 or 8080. Can I do that?
When I try to change from launchSettings, I get this error:
System.IO.IOException: 'Failed to bind to address http://localhost:80.'
Your problem may be because you already have another web server running on your system (e.g. IIS) that is already binding to port 80.
You can check with this powershell command:
Get-Process -Id (Get-NetTCPConnection -LocalPort 80).OwningProcess
This command will show you what process is listening on port 80. If nothing is listening, it will return an error.
I am aware that there is already a similar question here. However, the only answer there does not solve my problem.
Here is my code:
TcpListener TcpListener = new TcpListener(localaddr: IPAddress.Any, port: 8080);
TcpListener.Start();
Executing TcpListener.Start(); gave me this error:
System.Net.Sockets.SocketException: 'An attempt was made to access a
socket in a way forbidden by its access permissions'
I have already defined an inbound security rule inside my firewall to make Port 8080 publicly accessible (I am aware that this is generally not recommended, but I am temporarily doing this for testing purposes):
When I run netstat -o, I am able to verify that Port 8080 does not already have an established connection.
For what it is worth, I am starting a TcpListener on an Azure virtual machine.
Any suggestions on how I can fix the SocketException?
UPDATE:
When I run netstat -o -n -a | findstr 0.0.0.0:8080, I see the following result:
TCP 0.0.0.0:8080 0.0.0.0:0 LISTENING 4
Could the SocketException have been thrown because there already is a TcpListener listening on Port 8080?
I tried terminating the existing TcpListener by running taskkill/pid 4 /F (in order to see whether SocketException will still be thrown after terminating it), but didn't succeed:
ERROR: The process with PID 4 could not be terminated. Reason: Access
is denied.
Did the PID of 4 really not set alarm bells ringing before you tried taskkill? It's unusually low. In most windows systems I've worked on, it's been the system "process" that is the OS.
It's probable that something has registered to use that port as part of a URL reserved via HTTP.SYS.
If you have IIS running look for sites that are running on that port.
I am able to write syslog data using client on UDP port 514.
Now from same port I want to read the syslog data, why below line of code saying "Only one usage of each socket address (protocol/network address/port) is normally permitted"
UdpClient udpListener = new UdpClient(514);
This port(UDP 514) is already occupied by your or some other application.
To see who using it you can with a command line tool for windows:
netstat -ano
And find process witch using this port by PID from netstat output
Try get data not directly from port. For example by lib
I tried to play around with malware stranger sent me. I open it in vmware and run microsoft network monitor
screenshot
So I tried to make tcp connection using C# like this:
TcpClient tcpclnt = new TcpClient();
Console.WriteLine("Connecting.....");
tcpclnt.Connect("darcometweb.no-ip.org", 225);
tcpclnt.Close();
but it throws exception: Message "No connection could be made because the target machine actively refused it 95.244.217.192:225"
To make sure I also tried it in Python but it also throws the same exception
import socket
s = socket.socket()
host = 'darcometweb.no-ip.org'
port = 225
s.connect((host,port))
s.close
print 'done'
Anyone knows what is wrong ?
# Syed Ali Taqi: I have looked into that question, however in my case the malware can make connection but my c# app can't
Usually happens when the port is closed/ no port forwarding on the router/ firewall or anti virus blocking the connection.
First open command line and type
netstat -a
to see all the open connections and ports, if your port listed then go to
Open port checker and type in your port to see if there is an access from outside your network.
If no i would go with port forwarding then, windows firewall, anti virus.
I have created a simple "proof of concept" app that sends a text message over sockets using C# between two Windows computers (XP sending, W2K receiving).
When I run "netstat -a" on the receiving computer, I see a couple of strange things:
netstat tells me:
...
TCP <thismachinename>:netbios-ssn <DevMachineName>:1330 ESTABLISHED
...
--and:
TCP <thismachinename>:1041 a65.197.244.82.deploy.akamaitechologies.com:http CLOSE_WAIT
So:
1) Why is there a connection with my Dev machine (It SHOULD be listening on port 62222, but it's not, yet this mysterious ESTABLISHED connection does exist...)
2) Who/what/why is this akamai technologies connection?
Note: I restarted the remote/listening machine this morning; I checked netstat -a to be sure it was not listening on port 62222 yet (it wasn't); I then started the dual-purpose app that should listen on that port; I ran netstat -a again, and it was STILL not listening on port 62222. Yet these other two odd things...
The established connection to <thismachinename>:netbios-ssn is because you have connected to a Windows Share, printer or something on thismachinename from DevMachineName.
The second connection is that your computer has for some reason connected and downloaded something from akamai. The connection is closed, but in CLOSE_WAIT mode which it is for 120 seconds (if I remember the timeout correctly).
For the listening on port 62222 that is not appearing - do you get any errors in your app when you are opening the listening socket?