netstat ?a -0
This will display any listening ports and active connections, as well as the PID. Then open Task Manager and find the process that is using that PID. If Task Manager is not showing the PIDs, you can add that column by opening the "Add Columns" selection from the View menu and checking the PID box. (Also by default you'll see the process that you started versus those the system did. (More information can be found in How to determine...
which program uses or blocks specific TCP ports in Windows.)
Once you have the process name, you may have to do a little research to find out what some of them are. Some you may know, others you can easily find by searching their location. If, for example, the executable is located in the program files folder for some software, it probably is part of that (but I'd check either on Microsoft's Web site or your original installation disk to make sure). If the process resides in your system root, you may have to do further research.
You also mention SVCHOST.EXE, which is a process that hosts multiple processes. (This makes more efficient use of resources.) It is instructive to learn what processes those are, not only from a security perspective, but also for troubleshooting needs. The Microsoft Windows Scripting Guide provides information on how SVCHOST is used and sample scripts that can be used to enumerate the processes running within. You can also find information on which process are run in SVCHOST by checking the registry location HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost. This location is checked by the system at boot to determine what to load in which SVCHOST process.
The simplest solution, however, is to issue the following command at the command prompt:
This will list the processing running on the system, the PID, and for each instance of SVCHOST, enumerate the services running within it.
Finally, for use on all systems, you might want to invest in a good port analysis tool. A good, free for downloading tool is Vision1.
Dig Deeper on Network intrusion detection and prevention and malware removal
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.