A colleague of mine recently ran into a problem where a process that had supposedly died was still bound to a network port, preventing other processes from binding to that port. Specifically, netstat -a -b was reporting that a process named System with PID had port open, except no process with PID existed, at least as far as I could tell. Is there a way to kill this mysterious System process to free up the port to which it's currently bound?
What can cause this to happen? How can there be processes that none of Task Manager, Process Explorer, and taskkill don't know about? Rebooting managed to fix the problem, but I'd like to know if there's a way to fix this without rebooting. What may be happening is that your process had a TCP port open when it crashed or otherwise exited without explicitly closing it. Normally the OS cleans up these sorts of things, but only when the process record goes away. While the process may not appear to be running any more, there is at least one thing that can keep a record of it around, in order to prevent reuse of its PID.
This is the existence of a child process that is not detached from the parent. If your program spawned any processes while it was running, try killing them. That should cause its process record to be freed and the TCP port to be cleaned up.
Apparently windows does this when the record is released not when the process exits as I would have expected. Did you try using TCPView and closing the connection? I don't know if it will show the connection in the scenario you're describing, because I've never had that happen to me.
But it's the only thing I can think of if this happens again. What was the process - was it commercial software, or something homegrown? It appears that port is used by some Trojans - I wonder if it could have been a rootkit or something that could hide itself from the OS? Might want to give that machine a good once-over with AV, maybe something from bootable media.
I have faced the same issue earlier, netstat -a -n windows command gave me the list of open ports with process ID. From that i have picked up the port number which i wanted to close the connection and then i closed that connection using TCPView software.
If it says 0. If it says No danger there. UDP Most browsers use multiple connections to fetch webpages to speed up the process. So what entries are left that are important? Time to break down the last listening ports: Port - my firewall Tiny Personal Firewall , listening for connections from the TPF admin program. In these situations, we recommend that you reconfigure the firewalls to allow traffic between servers in the dynamic port range of through This range is in addition to well-known ports that are used by services and applications.
Or, the port range that is used by the servers can be modified on each server. You adjust this range by using the netsh command, as follows. The above command sets the dynamic port range for TCP. The start port is number, and the total number of ports is range. The following are sample commands:. These sample commands set the dynamic port range to start at port and to end at port ports.
The minimum range of ports that can be set is The minimum start port that can be set is The maximum end port based on the range being configured cannot exceed This results in a start port of and an end port of Specifically, about outbound connections as incoming connections will not require an Ephemeral port for accepting connections. Unable to sign in to the machine with domain credentials, however sign-in with local account works.
Domain sign-in will require you to contact the DC for authentication which is again an outbound connection. If you have cache credentials set, then domain sign-in might still work. Reboot of the server will resolve the issue temporarily, but you would see all the symptoms come back after a period of time.
Try making an outbound connection. If the outbound connection fails for all of these, go to the next step. Open event viewer and under the system logs, look for the events which clearly indicate the current state:. Thought you might find these interesting. Cardkey Systems, Inc. I keep finding myself established to Holland and London when not connected to the Internet.
I'm in the United States. Is this normal? Your email address will not be published. Learn about the latest security threats, system optimization tricks, and the hottest new technologies in the industry. Over 1,, fellow IT Pros are already on-board, don't be left out! TechGenix reaches millions of IT Professionals every month, and has set the standard for providing free technical content through its growing family of websites, empowering them with the answers and tools that are needed to set up, configure, maintain and enhance their networks.
Introduction It's 4 PM on a Thursday afternoon Listing Open Connections One of the simplest and most effective things you can do is to output a list of the open connections to your system.
Figure 1: Output of the netstat -nao command When examining netstat output you can be overwhelmed with information easily.
Sniffing the Wire If someone is controlling your system then they have to come through your network card to do it. Figure 2: Using Wireshark to Examine Conversations Once again, when doing this make sure you turn off any services that may be utilizing the network as to not cloud your results.
Post Views: 24, Featured Links. Sarah May 23, at pm. Ldinlove March 27, at pm.
0コメント