There is a nifty command that most Windows Server administrators have no idea about. This command is called “NetStat”. This command has been updated in newer version of windows to show you the PID.
The PID is short for the “Program ID” number and all running apps will have a PID. Why this is important is that if we run the NetStat command we will be able to figure out what network applications are running. This is great for finding things like viruses or for apps that your kid might have installed.
The first thing you will want to do is open a command line by typing “Cmd” and enter in the start menu search box.
This will output a bunch of items on the screen. The “-a” will show you everything that is listening/running on your machine. The “-o” switch will give you one more column of info. The PID column. This is the part of the newer update.
Here’s an example of something you might not know what it is off the top of head.
Now that the know the PID is equal to “4432” we can go to our task manager and sort the programs by the PID to figure out what application is using our network card!
Open the Windows Task Manager. Click “View” and then “select columns…”
Check “PID” and click “OK”.
Sort the task manager by the “PID” column. You will see that the PID should be running in the task manager. If it isn’t it’s a good sign that the program is no longer running or the Virus has hidden it from the Task manager view.
All legit apps should be shown here. As you can see from my example the port is being used by the “Windows Live Communications Platform”. Again you can go through the list of apps that are running by doing the same thing over and over again. If you like this maybe check out some of my other HOW TO posts.
UPDATE – You can also find out the file that is making the connection by typing: tasklist /fi “PID eq 4432”. Bascially you’re asking the executable “Tasklist” to filter “/fi” based on anything in the list with the “PID” equal (eq) to “4432”. See below for the info. I havne’t been able to view the details through the command prompt.