I have a Windows service that listens on port 80 using OWIN self hosting (WebApp.Start). I want to find that service programmatically using a PowerShell script. I have the following PowerShell script:
netstat -noab | Select-String ":80 " -Context(1,0) `
| Where { $_.Context.PreContext[0].Trim().StartsWith("[") } `
| ForEach { ($_.Context.PreContext[0].Substring(2) -split ']')[0] }
However this only yields lsass.exe.
If I run netstat -noa, I get some more results, but all the processes listed are system processes (not mine) or have "Can not obtain ownership information" when I include the -b option
TCP 0.0.0.0:80 0.0.0.0:0 LISTENING 4
TCP 10.100.18.158:80 10.100.25.102:42967 ESTABLISHED 4
TCP 10.100.18.158:80 10.100.25.102:42968 ESTABLISHED 4
TCP 10.100.18.158:80 10.100.25.102:42974 ESTABLISHED 4
TCP 10.100.18.158:80 10.100.28.8:44763 ESTABLISHED 4
TCP 10.100.18.158:80 10.100.28.8:44764 ESTABLISHED 4
TCP 10.100.18.158:80 10.100.28.8:44765 ESTABLISHED 4
TCP 10.100.18.158:80 10.100.28.8:47400 ESTABLISHED 4
TCP [::]:80 [::]:0 LISTENING 4
I recognize that this is probably because of the way OWIN uses the HTTP listener internally.
Any way to reliably determine the process/service using the port?
Usually that is a sign that it is HTTP.sys,
I answered something similar here:
Cannot bind to port 80, Microsoft-HTTPAPI/2.0 Lock
but summary is that you can use
The best way to figure out why that is the case is to run the following command from an elevated command prompt, and it will list all registrations including the Process IDs using them:
netsh http show servicestate view=requestq verbose=yes
Request queue name: Request queue is unnamed.
Version: 2.0
State: Active
Request queue 503 verbosity level: Basic
Max requests: 1000
Number of active processes attached: 1
**Process IDs**:
1120
URL groups:...
and find in there the right reservation, something maybe like: HTTP : // LOCALHOST:80/ or LOCALHOST:80, or *:80
IIS will register the reservation with the Request queue name using the Application Pool name which let you figure out easily who is using it.
Related
We have an NGINX and Gunicorn setup that has worked for years, but things have gone flaky all of a sudden on one of our Linux servers.
We have a number of Flask services that are run via Gunicorn. We also have an NGINX upstream defined for Gunicorn, which is running on port 8087.
Whenever we try to hit one of our Flask services after Gunicorn starts/restarts, the HTTP request just hangs for a couple of hours before the issue magically resolves itself.
The output from netstat -anp | grep 8087 includes the following connections:
tcp 2 0 0.0.0.0:8087 0.0.0.0:* LISTEN 13175/python
tcp 0 0 127.0.0.1:54726 127.0.0.1:8087 ESTABLISHED 12978/nginx
If we stop NGINX altogether, the NGINX connection above goes away and we're able to make a speedy request to our Flask service.
Alternatively, if instead of stopping NGINX altogether, we run ps -ef | grep nginx and then kill the process that reads "nginx: worker process", NGINX re-spawns the worker process and we're then able to make a request to our Flask service.
We are getting this strange issue on a raspberry pi.
We run a service on a socket that should work for both local and remote clients via wifi.
The trouble is that stopping the remote network also stops connections from local clients.
Our python server sets up a socket like this:
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
s.setsockopt(socket.SOL_SOCKET, socket.SO_DONTROUTE, 1)
s.settimeout(2)
s.bind(("", 8888))
while True:
try:
conn, addr = s.accept()
except socket.timeout:
print("Socket timeout on s.accept(), continuing")
continue
#do stuff
We have a local node client running a loop like this every second or so (and actually sending data):
// every second
socket.connect("localhost", "8888" );
socket.on('connect', function() { /* do stuff */ });
socket.on('error', function(ex) { });
Everything runs fine until we cut wifi.
We server side times-out on s.accept and we see the error message in our logs.
I think that the socket is bound to listen on 0.0.0.0 but somehow does not fail over to 127.0.0.1 or some sort of strange routing situation occurs.
netstat -an | grep 8888 gives
tcp 0 0 0.0.0.0:8888 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:8888 127.0.0.1:52794 TIME_WAIT
tcp 0 0 127.0.0.1:8888 127.0.0.1:52724 TIME_WAIT
tcp 0 0 127.0.0.1:8888 127.0.0.1:52740 TIME_WAIT
tcp 0 0 127.0.0.1:8888 127.0.0.1:52778 TIME_WAIT
netstart -rn gives
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 192.168.1.1 0.0.0.0 UG 304 0 0 wlan0
192.168.1.0 0.0.0.0 255.255.255.0 U 304 0 0 wlan0
I'm guessing that we just need a localhost route?
The local connections establish again when the wifi comes back up. So I don't there is some permanent dropping of the bind in the python socket.
the hosts line in /etc/nsswitch.conf gives
hosts: files mdns4_minimal [NOTFOUND=return] dns
We monitored ping to localhost during the test and it continues to function fine.
We also monitored netstat to see that port stays LISTENING on 0.0.0.0 Perhaps this is the issue?
Easiest Solution
It looks like you should avoid any naming by using "127.0.0.1" as described in our comment discussion.
In more detail:
According to the source and the docs (after nodejs first tests for an ip,) it checks if you've provided a lookup function as an option to connect, if not, it does its own "dns.lookup" call as the default. Despite the name, this function is actually trying to use system naming but might be subtly different, for example it may try to prefer ipv6.
To debug further you could try to make a more direct test case with dns.lookup and compare things like the output of getent ahosts|ahostsv4|ahostsv6 localhost against your different systems and when the wifi is down, as well as comparing other configuration like the gai.conf to try to determine if system naming is a bit different on this system or being given slightly different requests.
Can't access node.js API on port 3000 on AWS EC2 instance, but netstat shows port :3000 listening and my AWS security group has TCP rules for this port. What else could the problem be?
I've tried changing port, setting security group rules and adding port to iptables and it didn't work. I'm using node 10.6.0.
When I use netstat -tulpn | grep LISTEN it contains the following line:
tcp 0 0 127.0.0.1:3000 0.0.0.0:* LISTEN 8270/node
When i try to access myip:3000/socket (my node endpoint) it shows: ERR_CONNECTION_REFUSED
I am using IIS 7.5 on Windows Server 2008 R2.
From this server, I can access the localhost (standard IIS start page is displayed).
But I can't access it from any other machine belonging to the same network.
I have the impression that the problem is that my server is not listening at the address 0.0.0.0:80.
Because when I do a netstat -aon | findstr 80 I get only:
TCP 127.0.0.1:80 0.0.0.0:0 LISTENING 4
TCP [::]:80 [::]:0 LISTENING 4
But if I do netsh http show iplisten I then see (I have added the two last ones manually)
IP addresses present in the IP listen list:
-------------------------------------------
127.0.0.1
0.0.0.0
::
One additional test that I did:
When I try netcat -v xx.xxx.xx.xx 80 on the client, I get the error "Connection refused".
But after doing netcat -l -p 80 on the server, the netcat connection from client works and I can exchange data.
Because of this I don't think that it is a firewall issue.
Do you have any idea on the causes and how to solve the issue?
Thanks a lot in advance for your feedback!
Sorry in advance for such a noob question, but I'm certainly a noob.
My question is what does it mean to LISTEN or ACCEPT on a port as it relates to my example?
EXAMPLE:
I have a tomcat server, and It will use port 8080. I want to make sure that port is available for me to use.
What commands should I perform on my unix server and why?
what information would a command like this give me: netstat -an | grep LISTEN
If a port shows up as LISTEN in netstat, it means the port is in use by a server process, so you can't use it. Here is an example:
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
which shows that port 631 is in use.
Ignore the UNIX type sockets at the end - they are irrelevant.
For checking port 8080 is in use or not, you can simply use the command netstat -an|grep 8080. If you get an output in below format, that means 8080 is already in use and you need to assign a new port for the tomcat.
# netstat -an
tcp 0 0 127.0.0.1:8080 0.0.0.0:* LISTEN
Netstat command displays various network related information such as network connections, routing tables, interface statistics, masquerade connections, multicast memberships etc,
a option with netstat will give you both listening and non listening ports
n option when you don’t want the name of the host, port or user to be displayed, use netstat -n option. This will display in numbers, instead of resolving the host name, port name, user name. This also speeds up the output, as netstat is not performing any look-up.
For more understand the use of netstat command here are its options:
-a : All ports
-t : Ports TCP
-u : Ports UDP
-l : Listening ports
-n : IP address without domain name resolution
-p : Name of the program and it associated PID
So:
-To display all port (TCP & UDP), PId with the associated name of the program :
$ netstat -paunt
-To display all Listening ports (TCP), PId with the associated name of the program : (and we can also filter with the grep command)
$ sudo netstat -plnt | grep ':80'
I hope it will be helpful :)
You can also use telnet to check if the port is open and listening e.g,
Zeeshan$ telnet google.com 80
Trying 173.194.35.5...
Connected to google.com.
Escape character is '^]'.
I am telnetting google.com on port 80. If you see the third line in the output, you will notice it says it is connected with the Google's web server. The same way you have a JAVA application server called Tomcat and it is listening on port 8080. In fact it is asking clients to connect to it on port 8080 so it can give away the JAVA services to client. When I will use from a client side telnet localhost 8080 I will be connected the same way I have connected with Google's web server on port 80. Provided that Tomcat is running and listening on port 8080. If port 8080 is not free and occupied by some other application you can simply change the port 8080 to another free port. Telnet should give you the following status:
accepted (connected), refused, and timeout
connection refused - nothing is running on that port
accepted - some application is running on the port
timeout - a firewall is blocking access
So now there are two possible ways to check. From the same machine you are running Tomcat server:
telnet localhost 8080
Of if you want to check it from some other machine or outside of the network:
telnet 192.168.1.1 8080
I hope that helps.
use can also run the below command, it will list the Port and corresponding PID, if any process is using those ports
netstat -tulpn