If I want to find out what process is listening on what socket, I can use netstat/TCPview and will immediately see it. However, it is possible to bind to an address without listening. If this is done, it does not show up in netstat/TCPview, but does block the socket.
Python example:
import socket
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.bind(('0.0.0.0',12345))
The port is now bound, and attempting to execute the same code in a second instance while the first is still running will result in an error. However, unless you actually start listening on that port using
s.listen(1)
the port does not show up in netstat/TCPview.
The question is:
Is it possible to see what ports are bound (but not listening), and which process is binding them?
The background of this is that I have had a moving range of 1976 ports that cannot be bound, and I want to know what causes this. In the meantime, I determined through trial and error that Internet Connection Sharing was blocking those ports, but I am still curious about the answer to this question.
Edit: Due to popular request, here is the code I used to find those ports:
import time
import socket
for i in range(0,65536):
try:
print "Listening on port", i, '...',
serversocket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
serversocket.bind(('0.0.0.0', i))
serversocket.listen(5)
#time.sleep(0.1)
serversocket.close()
print "ok"
except:
print "FAIL"
(you may want to pipe the output to grep and filter for FAIL only)
Best Answer
you should use
with
TableClass value = TCP_TABLE_OWNER_PID_ALL "or" TCP_TABLE_OWNER_PID_CONNECTIONS "or" TCP_TABLE_OWNER_PID_LISTENER
pTcpTable structure -> MIB_TCPTABLE_OWNER_PID
depending on the info you'd like to retrieve
EDIT:
TCP_TABLE_OWNER_PID_ALL returns MIB_TCPTABLE_OWNER_PID structure that is an array of MIB_TCPROW_OWNER_PID structures where each
dwState
should haveMIB_TCP_STATE_CLOSED
when bound and not listening, this structure also offersdwLocalAddr
anddwLocalPort