How can I tell what program is making or accepting TCP/IP connections on my machine?

Home » Networking

Summary: Your machine can open TCP/IP connections to other machines, or it could be waiting for other machines to connect to it. Here's how to see what is happening.

Another application is listening on my e-mail port 110 and it is restricting my ipo high speed. How can i find the other application?

I'm not exactly sure what you might mean by "restricting my ipo high speed", but it's very easy to see what TCP/IP ports are in use on your computer. There's a command line utility to tell you exactly that, but there's an easier to use, and free, tool we can download as well.

•

First the command line tool. Open up a Command Prompted (typically on Start, All Programs, Accessories) and type "netstat" followed by Enter, and you'll see something like this:

Active Connections

  Proto  Local Address          Foreign Address        State
  TCP    NotenBook:1073         localhost:1072         ESTABLISHED
  TCP    NotenBook:1054         aali.hamachi.cc:https  ESTABLISHED
  TCP    NotenBook:1254         cs23.msg.dcn.yahoo.com:5050  ESTABLISHED
  TCP    NotenBook:1257         po-in-f125.google.com:5222  ESTABLISHED
  TCP    NotenBook:1258         by2msg2104610.phx.gbl:1863  ESTABLISHED

This shows you all of your active TCP/IP connections. Each endpoint of each connection is displayed in the form machinename:port. Add the "-ao" options and you'll see something like this:

Active Connections

  Proto  Local Address          Foreign Address        State           PID
  TCP    NotenBook:1073         localhost:1072         ESTABLISHED     1200
  TCP    NotenBook:5354         NotenBook:0            LISTENING       1460
  TCP    NotenBook:8000         NotenBook:0            LISTENING       828
  TCP    NotenBook:1054         aali.hamachi.cc:https  ESTABLISHED     4044
  TCP    NotenBook:1254         cs23.msg.dcn.yahoo.com:5050  ESTABLISHED     2052
  TCP    NotenBook:1257         po-in-f125.google.com:5222  ESTABLISHED     2052
  TCP    NotenBook:1258         by2msg2104610.phx.gbl:1863  ESTABLISHED     2052
  UDP    NotenBook:1025         *:*                                    1460
  UDP    NotenBook:1026         *:*                                    828
  UDP    NotenBook:1029         *:*                                    1764
  UDP    NotenBook:1049         *:*                                    1764

"-a" tells netstat to list all ports in use, even those not actually in a connection, and "-o" tells it to include the process ID (PID) of the program that's accessing the port. You can then use task manager to identify the process with the given PID to see who's accessing a particular port.

But there's an easier way. Download TCPView, a free SysInternals utility now hosted at Microsoft. Run it and you'll see something similar to this:

TCPView Default View

"...it's unusual for an application to be listening on port 110 on your local machine."

Here you can see that the application owning the connection is listed immediately on the left, followed by same machine:port for each end of each TCP connection. Important: many of the ports will be listed by name, not number. Port 25, for example, will be listed as "smtp", this might confuse you a little if you sort by the Local or Remote Address column - it'll sort alphabetically, putting all the numeric ports first, followed by the named ports.

Click on Options, Show Unconnected Endpoints, and the list will expand so show all the TCP/IP ports in use:

TCPView Showing Unconnected Endpoints

Scan down this list to see who's using port 110 on your local machine, and you should have your culprit.

Now, I will say this specifically about port 110: it's unusual for an application to be listening on port 110 on your local machine. 110 is the port on the remote mail server that your mail program connects to. However, some services that attempt to provide pop3 access to web services such as Hotmail will do so by providing a pseudo pop3 server through your own machine. For example on my machine running Thunderbird, I also run the Webmail extension. This extension causes my own machine to open port 110 through which Thunderbird connects to access the services provided by the extension.

Related:

Ask Leo! - What is POP? Or POP3? Or a POP account? And what about SMTP?
Ask Leo! - What are MSN HotMail's POP3 and SMTP settings for Outlook Express?
Ask Leo! - How can I tell what internet activity is happening on my machine?

More articles about: Networking

Article Useful? Link to it from your own website; just copy/paste this HTML:
<a href="http://ask-leo.com/how_can_i_tell_what_program_is_making_or_accepting_tcpip_connections_on_my_machine.html">Ask Leo: How can I tell what program is making or accepting TCP/IP connections on my machine?</a>

Article 11204 | Posted February 26, 2007

•

Recent Comments

Thanks for the pointer to TCPView -- it's just what I've been looking for as well. I've known about netstat for years, but that doesn't tell you who has the port open, just that it's open.

As for the "restricting my ipo high speed" comment, perhaps he meant "it's eating up my bandwidth, limiting what other programs are able to send/receive"? Or perhaps his ISP throttles down the bandwidth because it's using too much?

Posted by: Ken at March 1, 2007 07:27 AM

Hi, I used TCPView and got 2 items Listening,
then opened netstat and I had 5 items listening.
Whats up with the difference?

ps I found out yesterday what TCP was.

Posted by: rayzepol at April 1, 2007 04:44 PM

Thank you for this material but I can'not find here answer to my question
I'm interested can I seethe IP address of computer which is using my open ports or i ss cutting something from me in LAN or internet

Posted by: Elshan at December 10, 2007 04:06 AM

Post a comment on "How can I tell what program is making or accepting TCP/IP connections on my machine?":

Name: (Required)

Email Address: (Required)

(Email Address will not be published.)

Remember Me? YesNo

By popular demand...
my tip jar

Buy Leo a Latte!

Comments:

New!

Subscribe to the RSS Feed specifically for comments on this article.

Before commenting, please...

Read the article at the top of this page. If your comment shows you didn't, it'll be deleted and ignored.
Comment only on this article. Use the Google search box at the top of the page if you have a question about something else.
Don't include personal information in the comment. No email addresses. No phone numbers. No physical addresses.
Don't ask me to recover lost passwords or hacked accounts. I can't, and those comments will be deleted.

I can't respond to every comment. And I can't vouch for the accuracy of others who do.
Read Why didn't you answer my question? for hints on getting an answer.
By posting a comment you agree to the Terms of Service. Don't agree? Don't post.
Read the article at the top of this page. If your comment shows you didn't, it'll be deleted and ignored. Yes, I'm saying this twice; you'd be amazed.

Please wait. Your comment is being processed ...