i tried running netstat -o to check what are the connections which are established. I saw two and they have PID numbers. When I checked it in my Task Manager, I couldn't find those PID numbers.
Is there any way to find them?
Asked
Active
Viewed 8.1k times
29
karel
- 13,706
tintincutes
- 1,267
7 Answers
19
For example:
tasklist /FI "PID eq 736" /FO TABLE
Best tools to investigate Win processes I know about are from Sysinternals
Try using Process Explorer or TcpView
Casual Coder
- 4,092
4
You don't need Task Manager for tracking this. Just run netstat -b which will display the exe associated with the PID..
Parth Mody
- 141
2
For those who try to make sense from netstat -o. It just report invalid PID. Don't try to make any sense from -o option. It is unreliable.
I reproduce issue 100% with Cygwin:
cygrunsrv -I lighttpd -t manual -p /usr/sbin/lighttpd.exe --args "-f /etc/lighttpd/lighttpd.conf" -c / -d "Lighttpd" -f "Local lighttpd"
sc start lighttpd
ps -a | grep lighttpd
3989 1 3988 23104 ? 18 12:07:30 /usr/sbin/lighttpd
NETSTAT -a -n -o | grep :80
TCP [::]:80 [::]:0 LISTENING 28916
tasklist /FI "PID eq 28916" /FO TABLE
INFO: No tasks are running which match the specified criteria.
kill 3988
NETSTAT -a -n -o | grep :80
EMPTY!!!!!!
Probably cygwin.dll do some magic with PID which confuses netstat -o.
I have no luck with -b either:
netstat -natbo
TCP [::]:80 [::]:0 LISTENING 14220
[System]
What is [System]? Actually it is Cygwin's Lighttpd run as system service with different PID ))
So there is a bug in Windows netstat implementation.
PS I'm on Win 10 ver 2004 build 10.0.19041.867 (March 2021).
gavenkoa
- 2,154
0
Some PID's you can see and some others you cannot. For example, I could not see PID=4 which is System. However I could see many others. Of course, I do not know the reason why. You can use the following command to see them. I have shown here a small portion of the output.
C:\Windows\system32>netstat -nao Active Connections Proto Local Address Foreign Address State PID TCP 0.0.0.0:80 0.0.0.0:0 LISTENING 4 TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 840 TCP 0.0.0.0:443 0.0.0.0:0 LISTENING 8112 TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4 TCP 0.0.0.0:554 0.0.0.0:0 LISTENING 7880 TCP 0.0.0.0:1521 0.0.0.0:0 LISTENING 1080 TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING 1160 TCP 0.0.0.0:3500 0.0.0.0:0 LISTENING 4 TCP 0.0.0.0:5357 0.0.0.0:0 LISTENING 4 TCP 0.0.0.0:6600 0.0.0.0:0 LISTENING 2216 TCP 0.0.0.0:8080 0.0.0.0:0 LISTENING 1080 TCP 0.0.0.0:8081 0.0.0.0:0 LISTENING 8112 TCP 0.0.0.0:8090 0.0.0.0:0 LISTENING 4 TCP 0.0.0.0:8093 0.0.0.0:0 LISTENING 3904 TCP 0.0.0.0:18050 0.0.0.0:0 LISTENING 4 TCP 0.0.0.0:30761 0.0.0.0:0 LISTENING 1968 TCP 0.0.0.0:32843 0.0.0.0:0 LISTENING 4 TCP 0.0.0.0:32844 0.0.0.0:0 LISTENING 4 TCP 0.0.0.0:49152 0.0.0.0:0 LISTENING 544 TCP 0.0.0.0:49153 0.0.0.0:0 LISTENING 1012 TCP 0.0.0.0:49154 0.0.0.0:0 LISTENING 648 TCP 0.0.0.0:49155 0.0.0.0:0 LISTENING 380 TCP 0.0.0.0:49156 0.0.0.0:0 LISTENING 1484 TCP 0.0.0.0:49202 0.0.0.0:0 LISTENING 700
user2063329
- 109
0
go to http://live.sysinternals.com/ and download procexp.exe (process explorer) this will provide you with all the relevant details.
otheriwse you can find it in task manager by viewing the column for process ID
Sumit Kumar Saha
- 101
-1
There is a known issue with Cyber Hackers that have gained access to someone's computer through Pier to pier services such as Log-me-in ect.. and also with individuals that give out they're account information to others to actively share purchased content with another user via Xbox Live services. During which the Console is now made their home console, the hacker uses the IP address to grant permissions and can change the administrator rights or the victim to deny the ability to view or change a PID file path.. this literally locks the ability to see PID information from other Users by using Task Manager.
The get around for this is to directly use the function to identify the listening port used by the hacker and shown via CMD's function to use Netstat -ano to show the complete list of active connections. Each PID can then be investigated to identify and know if the connection is supposed to exist or not. In the event admistrator rights are revoked, as we also see commonly with select ISP providers that do not support VPN connections.. IE: Frontier Communications.. They will block services and restrict access to viewing such path directories. or file extensions ect.. very similar to a social media outlet's ability to ban someone from viewing someone domain like on Facebook.. User doesn't want so and so to see his/her page.. block.. this uses the same functions to block access to reading or executing the request and receives an message as it's scripted on Facebook.. just in this case, no error message was designate. So the denial happens without an error or known registry response.
For the PID path that doesn't appear when someone has Locked you from Administrator privileges to identify them or Taskkill the PID path directory Established.. You can search your Task List using CMD tasklist /FI "PID eq (desired PID)" /FO TABLE and it will identify which Task it is attached too...
In my case it was Tasklist /FI "PID eq 20114" /FO Table I hit enter and it said plain as day that it was Game Bar and attached to it so I knew it was someone Using Microsofts Xbox Game Bar/Xbox App, they were looking up my gamertags IP address which I paid to have Blacklisted btw.. and they then persisted to hack me and attached themselves to my Console, my phone, and my Computer. I was then able to Taskkill "PID eq 20114" /F and bam... they're gone and my computer, and my phone works again.. but not my Xbox... now it won't even turn on. Still resolving that issue.
-2
It is clear from comment that this whole question is a complete nonsense. There is one issue if a person can't see PIDs. And another issue if a person can't see a process listed. Each has a simple solution. And one could have both those issues together. If you can't see PIDs, then you choose the option for the PID column. And if you can't see a process listed then you click to show processes from all users.
There no such issue of not being able to see the PID of a particular process. The questioner is simply not describing things properly.
To elaborate.- I'm going to first answer the question for what it says. But a comment suggests that the questioner is not describing things well and actually he can't see the process listed at all (not just he can't see the PID), and that's because he hasn't clicked the button in task manager to show processes from all users to make it show all processes.
For the question of if somebody can't see the PIDs.
To see PID numbers in task manager, first CTRL-SHIFT+ESC will bring up task manager (this is quicker than ctrl-alt-delete).
To show the PID of each process, click view->choose columns->pid and click ok
PID is the second item in the list of columns you can select.
In the questioner's case, he can't see the process, he should click "show processes from all users" Then he will see the process and of course, with PID.
The Questioner could use the tasklist command which is in the accepted answer, or he could simply use task manager and click that mentioned button.
Bear in mind though that he won't be able to kill the process with PID 4, which is the PID of the process he is looking for info on.
barlop
- 25,198