Hello all, I have some servers in my network talking to what looks like a Microsoft server in washington on port 443. I'v tracked down the PID in netstat however it looks like the PID belongs to almost a dozen services Wuauserv, winmgmt, themes, ShellHWDetection, SesionEnv, SENS, Schedule, Profsvc, LanmanServer, CertPropSvc, BITS and AppInfo. I'm currently stuck at trying to figure out what service is specifically Would you know of any applications that would help align an ip/port in netstat to a specific service? Thanks for your help! asked 18 Sep '15, 13:45  forkbomb |
2 Answers:
I know the build in commands answered 18 Sep ‘15, 14:30  Christian_R |
Hi, The easiest way to do this is with Sysinternal Process Explorer which you can freely download from Microsoft. Once you've started Process Explorer you'll get a tree diagram showing all of the processes. Look down the PID column to find the process that interests you.
Next select the TCP/IP tab and you'll see which TCP and UDP ports the process is using and the associated services.
As you can see, the Local Address shows the port number. I hope this helps. Best regards...Paul answered 19 Sep '15, 01:29  PaulOfford edited 19 Sep '15, 01:30 |
THANK YOU!
I found the issue, device setup manager was reaching out to microsoft & akamai servers. However, this is slightly concerning. Is this normal behavior for this service? It seems like it is 'Enables the detection , download and installation of device-related software' however just wanted to get a second opinion.