Ports and Processes! What Process has that Port open? - Computer Stuff They Didn't Teach You #9

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hey friends i'm scott hanselman uh if you've made it this far you've probably figured out that i'm not doing any videos in order the order is what the order is i'm going to answer questions as they come up and maybe i'll reorder the videos some other day one of the questions that comes up a lot and i see questions like this on stack overflow is how do i find the process that has a certain port open and if so how do i get rid of that process how do i kill that process a lot of times you'll find an answer on stack overflow and you'll find yourself pasting that directly into your code or into your command prompt but you really don't understand why it works like that maybe you went to university for computer science and you know all about that so maybe this video isn't for you and that's okay i hope you subscribe anyway but i think it's useful to understand why these things work and the couple of different ways things can be done so let's go with an assumption that we'll drop out to our command line here i'm going to show both windows and linux i happen to be using a windows machine i also happen to be using the windows terminal but just to give a little bit of context you can go to your windows start menu and you can type cmd you can get the command prompt or if you go to the windows store you can get the windows terminal that i'm using now remember i did a whole video on how a terminal is not a shell when we come out here we can see that there's powershell there's the command prompt that you might have learned as dos or at least it's like dos there's another powershell called powershell core there's bash and some other shells as well what we're going to focus on here is if i've got the command prompt on windows or linux whether it be a linux machine or even a mac and i want to find out what port is open who has it open and what i'm going to do about it and the reason that this happens i'll come out here at dos is uh you'll maybe be doing something let's say that you're writing a a node application so i'll come out here and i'll come to my node application and i'll say look here's a little app right just a little app let's go and open that in visual studio code to make sure that we know what it does it's not that fancy it just opens up port 1337 and does some stuff and writes out hello world okay little web server i'm going to say node instead of code and then i'll run that and then it says huh scary error when you're early in career scary errors happen a lot when you're a little bit later in career you tend to read the errors because truly those errors often tell you what's going on but then you still need that context so here it's telling us exactly what's wrong address already in use but it's not really clear what address is it uh what does that mean is is that important is that a line number so this is saying basically all of the local ip addresses we're not going to worry about ip addresses and stuff like that yet we're just going to think about this port we see it says one three three seven here and then we also see that it says one three three seven here so all the network cards on my computer are currently listening on one three three seven but i never ran that see if i try to run it again it's saying it can't because it's already in use somebody something specifically a process has gotten there first now if i open up browser and i go localhost 1337 i can see someone's listening on port 1337 i just wanna know who they are i wanna make them go away so i can get back to my work again if you're later in career you might say oh i left it open over here and then you'll go and get rid of it but let's explore our machines and this is really important important whether it's windows mac or linux that you remember that your computer is not a black box there's nothing hidden from you it's only how far down you want to go the analogy that i often use is when i'm driving a car i might have an uber i might drive a car with an automatic shift i might drive a car with a stick shift but whether the uber breaks down or my stick shift car breaks down i need to change a tire it's useful to sometimes know how to do that that doesn't mean i won't sometimes call someone and ask their help and ask them to change the tire for me but it's nice if i know how to do it as well let's find out what's going on underneath there now on windows and this is in that dos prompt or that cmd prompt this is not powershell you can type ver version to confirm where you are you can type cmd go into that that prompt i'm going to go ahead and clear my screen here you can type a thing called netstat and netstat is interesting because it will list out all of your local addresses on the port that it's listening on and then foreign addresses and list them out for a while netstat has a bunch of options most command prompts have a bunch of options and you can usually go dash help to get help netstatter network status help displays information about our current network so that's cool all right i'm interested in a couple of things i'm interested in the connections and i'm interested in the executables so maybe i need these two things a and b probably for all and i don't know what the b stands for netstat dash b dash a now here it says this operation requires elevation on linux that would mean that you write sudo super user do and on windows that would mean that you would run something as administrator i'm going to go back to my start menu and i'm going to type in terminal i'm going to right click on it and say run as administrator i'm going to get a prompt that pops up that you can't see that's going to say are you sure you want to do such dangerous things and i will go to my command prompt and let's do that netstat b a it was the dash b that we'll talk about in a second that required that elevation i'll show you a way to do this in a second that doesn't require elevation okay so what this is doing is it's spinning spinning spinning listing out all the things that are happening on my machine and you'll notice what it's doing is it's putting the name of the process above each one then i could theoretically scroll around in here and look for the thing that is causing me trouble that's kind of tedious but it's something that i could potentially do i wanted to it takes a little bit of time because it's actually going and looking each thing up and then going and looking up what the process is and it's slow and kind of yucky all right i wait long enough i could do that but remember that netstat have some options we'll run netstat help again and this time i'm going to do all the connections and here i'm going to say give me the process id associated with that connection and that's going to allow me to do this without elevation instead of running as administrator which you want to try to avoid if you can we'll put that away and we'll say netstat and we can actually put all these together dash a dash o dash n like this okay that looked a little bit better getting spending spinning goes for a while i can look through here if i see there's something okay i see my one three three seven and then there's a number associated with it that's the number of the process but that takes a while that's so fun so let's do this again we're in dos or in windows command prompt you can also use powershell or other things like that i'm going to say hey pipe that through find string i'm going to say hey find string i think the port i wanted to look for was one three three seven so now all that information pops back it's filtered by fine string and only the places where one three three seven show up so now it's process id three five seven eight oh that's cool now if i wanted to just make it go away i could say task ill and make it go away and we'll do that a little bit i want to know what it is there's a couple ways i can do that first i'll do this way i'm going to right click anywhere down here in the taskbar on windows a task manager i'll bring that task manager over here i'm going to right click here and i'm going to hit hid and i can sort by the pid the process id and i could find three five seven eight oh there we go i can see that it's node i left a node running somewhere and i could then click on it i could end that task we'll do it from the command line instead i could say task kill i could say hey force the the closing the stopping of that pid shut it down like this okay let's go and see how we would ask without opening task manager well there's a command called task list ask list is kind of the command line version of task manager once again i have a list to go through here which is kind of interesting and then with all things i can say dash dash help or sometimes it's slash question mark and it allows me to do some interesting filtering i can say filter whatever status memory title i can ask all kinds of questions equals 2 not equals 2 greater than less than greater than or equals 2 or less than or equal to now remember that we are looking i'm going to scroll back up here actually i don't need to i will just do that i'm looking for 35 780 i'm going to say task list remember what we could do got our filters here okay dash fi and then a filter i think we'll use pid i'm going to say task list dash filter say pid equals this oops extra k all right look at that so those two commands next to each other are from scratch but now i can say hey who's using that port and then i can say okay well who's on that pid it's node and then i can say s kill it and then we can either say node.exe but we would kill them all or we can kill just that one cool now i'm going to try something different here as we just did that from the command line in windows i'm going to switch over to linux so this is linux i'm using wsl 2 but for all intents this is linux it is linux i'll start it again i'm running node and go and prove it by bringing up our browser bring our localhost 177 or 1377. okay now i'm elsewhere in linux and i'm finding myself asking that same question do i have netstat i know how to use that in dos like i do but netstat in linux runs slightly differently than it does in dos or in windows and again it's not really dos i know that but uh it came from dos so the command prompt we kind of consider to be like dos here i see right off the bat that someone is sitting there on 1337. the layout's a little different but i'm not getting the information that i want i'm going to say on linux netstat b dash a if that works it doesn't because their voices are different the name is the same but linux and windows are different so on linux we're going to say netstat actually let's look at the choices help i want to see hey who's listening okay who's listening i want to see those numerics again that's super important hey maybe you can tell me the program name that would be super helpful to know that information and then maybe just the things that are on tcp are the things that are in a socket so let's go netstat l t and p sometimes you memorize these things sometimes you don't sometimes you write them down but more importantly when you google for them and you find stack overflow maybe because you watch this video you'll know what it's doing so here i said netstat and you'll notice i didn't run as pseudo i didn't super user this i can say look it's node i could go back here and kill it i could just hit control c or i could do a task kill except on linux it's not called task kill it's called kill you may see see things online that say kill dash nine that's a very aggressive way of making a process go away we'd rather give them a heads up just a little bop on the head we say hey kill dash 15 9 is mean 15 is not so mean i remember because 911 is a big deal and then we'll say 3 5. now we can run that again we can see that the process is gone we run that again we run this again i could also just like i piped through find string on dos i could say grep oops rep one three three seven with little quotes there oops i didn't do my quotes right i just hit ctrl z and i try again there we go then that confirms the port that we're listening on all right and then my kill is going to be a different process name right now that goes away that is doing it at the command line with just a little task manager in for fun back to windows there's some really great tools that are called sys internals you go out there and you google for sys internals sys internals you'll find documentation up here and there's some wonderful tools that have been around for a very long time by a very smart fellow and you can get these utilities and download them the one that you're going to want to get is called tcp view when you run tcp view it'll pop up and look like this so this looks a lot like the stuff that we saw before at the command line it's in a graphical place here which means i can sort it these ones that are currently red are going away and green ones are coming in and then i can look at that and go right to it that's nice the tcp view showed me everything i needed to know i did need to run it as administrator and i could go and end process right there if i wanted to you can see that that's the name of my computer that's the port that we're listening on using tcp we see our pid there hidden behind the menu and i could go and then terminate that that's pretty cool i want to i could even go and say look at the process and see exactly where that file is located and then kill it from here i feel like it so lots of different choices the thing that's worth pointing out though in everything that i did mac linux pc graphical dos powershell bash whatever a port is a port that's not a dos thing or a mac thing or a linux thing it's just a thing a computer thing and processes listen on ports and first come first serve so when someone shows up and they're on a port nobody else gets to be on that port in this case here you might be developing some software you might have your node app or your.net app start up on a port and be running off and doing something but also if you have malware or some evil application that might be listening in on a port you have to be able to see those in tcp view it's really hard for those programs to hide themselves if they are just processes that have started up so if you're ever debugging a friend's computer or you're looking for a virus on your non-technical parents machine these kind of tools and the ability to do these things are super useful we learned about netstat task kill ask list all on dos and we learned about netstat a little bit of grep then we did a kill dash 15 the nicer kill on linux and in all of this we used wsl windows subsystem for linux and we use the windows terminal so maybe they taught you this in school maybe they didn't if this was useful please subscribe to my channel and that way i can buy tacos and do more videos for you thank you so much

Info

Channel: Scott Hanselman

Views: 28,875

Rating: undefined out of 5

Keywords:

Id: 4P0KXWC3V0U

Channel Id: undefined

Length: 18min 44sec (1124 seconds)

Published: Wed Aug 26 2020