Summary: Your machine can open TCP/IP connections to other machines, or it could be waiting for other machines to connect to it. Here's how to see what is happening.
Another application is listening on my e-mail port 110 and it is restricting my ipo high speed. How can i find the other application?
•
I'm not exactly sure what you might mean by "restricting my ipo high speed", but it's very easy to see what TCP/IP ports are in use on your computer. There's a command line utility to tell you exactly that, but there's an easier to use, and free, tool we can download as well.
•
First the command line tool. Open up a Command Prompted (typically on Start, All Programs, Accessories) and type "netstat" followed by Enter, and you'll see something like this:
Active Connections Proto Local Address Foreign Address State TCP NotenBook:1073 localhost:1072 ESTABLISHED TCP NotenBook:1054 aali.hamachi.cc:https ESTABLISHED TCP NotenBook:1254 cs23.msg.dcn.yahoo.com:5050 ESTABLISHED TCP NotenBook:1257 po-in-f125.google.com:5222 ESTABLISHED TCP NotenBook:1258 by2msg2104610.phx.gbl:1863 ESTABLISHED
This shows you all of your active TCP/IP connections. Each endpoint of each connection is displayed in the form machinename:port. Add the "-ao" options and you'll see something like this:
Active Connections Proto Local Address Foreign Address State PID TCP NotenBook:1073 localhost:1072 ESTABLISHED 1200 TCP NotenBook:5354 NotenBook:0 LISTENING 1460 TCP NotenBook:8000 NotenBook:0 LISTENING 828 TCP NotenBook:1054 aali.hamachi.cc:https ESTABLISHED 4044 TCP NotenBook:1254 cs23.msg.dcn.yahoo.com:5050 ESTABLISHED 2052 TCP NotenBook:1257 po-in-f125.google.com:5222 ESTABLISHED 2052 TCP NotenBook:1258 by2msg2104610.phx.gbl:1863 ESTABLISHED 2052 UDP NotenBook:1025 *:* 1460 UDP NotenBook:1026 *:* 828 UDP NotenBook:1029 *:* 1764 UDP NotenBook:1049 *:* 1764
"-a" tells netstat to list all ports in use, even those not actually in a connection, and "-o" tells it to include the process ID (PID) of the program that's accessing the port. You can then use task manager to identify the process with the given PID to see who's accessing a particular port.
But there's an easier way. Download TCPView, a free SysInternals utility now hosted at Microsoft. Run it and you'll see something similar to this:
Here you can see that the application owning the connection is listed immediately on the left, followed by same machine:port for each end of each TCP connection. Important: many of the ports will be listed by name, not number. Port 25, for example, will be listed as "smtp", this might confuse you a little if you sort by the Local or Remote Address column - it'll sort alphabetically, putting all the numeric ports first, followed by the named ports.
Click on Options, Show Unconnected Endpoints, and the list will expand so show all the TCP/IP ports in use:
Scan down this list to see who's using port 110 on your local machine, and you should have your culprit.
Now, I will say this specifically about port 110: it's unusual for an application to be listening on port 110 on your local machine. 110 is the port on the remote mail server that your mail program connects to. However, some services that attempt to provide pop3 access to web services such as Hotmail will do so by providing a pseudo pop3 server through your own machine. For example on my machine running Thunderbird, I also run the Webmail extension. This extension causes my own machine to open port 110 through which Thunderbird connects to access the services provided by the extension.
Related:
-
Ask Leo! - What is POP? Or POP3? Or a POP account? And what about SMTP?
-
Ask Leo! - What are MSN HotMail's POP3 and SMTP settings for Outlook Express?
-
Ask Leo! - How can I tell what internet activity is happening on my machine?
Article C2946 - February 26, 2007
Thanks for the pointer to TCPView -- it's just what I've been looking for as well. I've known about netstat for years, but that doesn't tell you who has the port open, just that it's open.
As for the "restricting my ipo high speed" comment, perhaps he meant "it's eating up my bandwidth, limiting what other programs are able to send/receive"? Or perhaps his ISP throttles down the bandwidth because it's using too much?
Posted by: Ken at March 1, 2007 7:27 AMHi, I used TCPView and got 2 items Listening,
then opened netstat and I had 5 items listening.
Whats up with the difference?
ps I found out yesterday what TCP was.
Posted by: rayzepol at April 1, 2007 4:44 PM
Posted by: Elshan at December 10, 2007 4:06 AMThank you for this material but I can'not find here answer to my question
I'm interested can I seethe IP address of computer which is using my open ports or i ss cutting something from me in LAN or internet
Hey i hope this help some people.. like Leo said the TCPview is a good tool tat could help u to know what application is listening in each port here is a command that will give u exaclty the same informaction "netstat -a -b" what does it do? well the first argument -a will show u all the conections and listening ports so now u know which ports u have open then the second argument -b asks for the application that is running in each port so now u have the same information that the TCPview gives u.
Answering the question for Elshan the ip address is under the remote address sometimes it gives u the name for example it could tell u www.hotmail.com so now u can look for the transalation for that ip usign the command nslookup after u execute that comman in the command prompt then u have to insert the name u want to tranlate in this case www.hotmail.com and it will give u the ip address of that name.
Greeting from Mexico
Posted by: Victor Díaz Ruiz at September 6, 2009 1:09 PM