Helping people with computers... one answer at a time.

Your machine can open TCP/IP connections to other machines, or it could be waiting for other machines to connect to it. Here's how to see what is happening.

Another application is listening on my e-mail port 110 and it is restricting my ipo high speed. How can i find the other application?

I'm not exactly sure what you might mean by "restricting my ipo high speed", but it's very easy to see what TCP/IP ports are in use on your computer. There's a command line utility to tell you exactly that, but there's an easier to use, and free, tool we can download as well.

First the command line tool. Open up a Command Prompted (typically on Start, All Programs, Accessories) and type "netstat" followed by Enter, and you'll see something like this:

Active Connections

  Proto  Local Address          Foreign Address        State
  TCP    NotenBook:1073         localhost:1072         ESTABLISHED
  TCP    NotenBook:1054         aali.hamachi.cc:https  ESTABLISHED
  TCP    NotenBook:1254         cs23.msg.dcn.yahoo.com:5050  ESTABLISHED
  TCP    NotenBook:1257         po-in-f125.google.com:5222  ESTABLISHED
  TCP    NotenBook:1258         by2msg2104610.phx.gbl:1863  ESTABLISHED

This shows you all of your active TCP/IP connections. Each endpoint of each connection is displayed in the form machinename:port. Add the "-ao" options and you'll see something like this:

Active Connections

  Proto  Local Address          Foreign Address        State           PID
  TCP    NotenBook:1073         localhost:1072         ESTABLISHED     1200
  TCP    NotenBook:5354         NotenBook:0            LISTENING       1460
  TCP    NotenBook:8000         NotenBook:0            LISTENING       828
  TCP    NotenBook:1054         aali.hamachi.cc:https  ESTABLISHED     4044
  TCP    NotenBook:1254         cs23.msg.dcn.yahoo.com:5050  ESTABLISHED     2052
  TCP    NotenBook:1257         po-in-f125.google.com:5222  ESTABLISHED     2052
  TCP    NotenBook:1258         by2msg2104610.phx.gbl:1863  ESTABLISHED     2052
  UDP    NotenBook:1025         *:*                                    1460
  UDP    NotenBook:1026         *:*                                    828
  UDP    NotenBook:1029         *:*                                    1764
  UDP    NotenBook:1049         *:*                                    1764

"-a" tells netstat to list all ports in use, even those not actually in a connection, and "-o" tells it to include the process ID (PID) of the program that's accessing the port. You can then use task manager to identify the process with the given PID to see who's accessing a particular port.

But there's an easier way. Download TCPView, a free SysInternals utility now hosted at Microsoft. Run it and you'll see something similar to this:

TCPView Default View

"...it's unusual for an application to be listening on port 110 on your local machine."

Here you can see that the application owning the connection is listed immediately on the left, followed by same machine:port for each end of each TCP connection. Important: many of the ports will be listed by name, not number. Port 25, for example, will be listed as "smtp", this might confuse you a little if you sort by the Local or Remote Address column - it'll sort alphabetically, putting all the numeric ports first, followed by the named ports.

Click on Options, Show Unconnected Endpoints, and the list will expand so show all the TCP/IP ports in use:

TCPView Showing Unconnected Endpoints

Scan down this list to see who's using port 110 on your local machine, and you should have your culprit.

Now, I will say this specifically about port 110: it's unusual for an application to be listening on port 110 on your local machine. 110 is the port on the remote mail server that your mail program connects to. However, some services that attempt to provide pop3 access to web services such as Hotmail will do so by providing a pseudo pop3 server through your own machine. For example on my machine running Thunderbird, I also run the Webmail extension. This extension causes my own machine to open port 110 through which Thunderbird connects to access the services provided by the extension.

Article C2946 - February 26, 2007 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

5 Comments
Ken
March 1, 2007 7:27 AM

Thanks for the pointer to TCPView -- it's just what I've been looking for as well. I've known about netstat for years, but that doesn't tell you who has the port open, just that it's open.

As for the "restricting my ipo high speed" comment, perhaps he meant "it's eating up my bandwidth, limiting what other programs are able to send/receive"? Or perhaps his ISP throttles down the bandwidth because it's using too much?

rayzepol
April 1, 2007 4:44 PM

Hi, I used TCPView and got 2 items Listening,
then opened netstat and I had 5 items listening.
Whats up with the difference?

ps I found out yesterday what TCP was.

Elshan
December 10, 2007 4:06 AM


Thank you for this material but I can'not find here answer to my question
I'm interested can I seethe IP address of computer which is using my open ports or i ss cutting something from me in LAN or internet

Victor Díaz Ruiz
September 6, 2009 1:09 PM

Hey i hope this help some people.. like Leo said the TCPview is a good tool tat could help u to know what application is listening in each port here is a command that will give u exaclty the same informaction "netstat -a -b" what does it do? well the first argument -a will show u all the conections and listening ports so now u know which ports u have open then the second argument -b asks for the application that is running in each port so now u have the same information that the TCPview gives u.

Answering the question for Elshan the ip address is under the remote address sometimes it gives u the name for example it could tell u www.hotmail.com so now u can look for the transalation for that ip usign the command nslookup after u execute that comman in the command prompt then u have to insert the name u want to tranlate in this case www.hotmail.com and it will give u the ip address of that name.

Greeting from Mexico

craig
January 24, 2010 6:17 PM

Hi,

Do you know of a utility like tcpview that will show me which programs are using svchost.exe to access a specified IP? TCPview is nice but doesn't go quite far enough, I have instances of svchost accessing malicious ips and want to find the executable that is launching svchost so I can remove it.

Thanks

Craig

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.