How to close TCP and UDP ports via windows command line

Question

Does somebody knows how to close a TCP or UDP socket for a single connection via windows command line   Googling about this  I saw some people asking the same thing  But the answers looked like a manual page of netstat or netsh commands focusing on how to monitor the ports  I don t want answers on how to monitor them  I already do this   I want to close kill them   EDIT  for clarification  Let s say that my server listens TCP port 80  A client makes a connection and port 56789 is allocated for it  Then  I discover that this connection is undesired  e g  this user is doing bad things  we asked them to stop but the connection didn t get dropped somewhere along the way   Normally  I would add a firewall to do the job  but this would take some time  and I was in an emergency situation  Killing the process that owns the connection is really a bad idea here because this would take down the server  all users would lose functionality when we just want to selectively and temporally drop this one connection

User · Accepted Answer

Yes  this is possible  You don t have to be the current process owning the socket to close it  Consider for a moment that the remote machine  the network card  the network cable  and your OS can all cause the socket to close   Consider also that Fiddler and Desktop VPN software can insert themselves into the network stack and show you all your traffic or reroute all your traffic    So all you really need is either for Windows to provide an API that allows this directly  or for someone to have written a program that operates somewhat like a VPN or Fiddler and gives you a way to close sockets that pass through it     There is at least one program  CurrPorts  that does exactly this and I used it today for the purpose of closing specific sockets on a process that was started before CurrPorts was started  To do this you must run it as administrator  of course   Note that it is probably not easily possible to cause a program to not listen on a port  well  it is possible but that capability is referred to as a firewall      but I don t think that was being asked here  I believe the question is  how do I selectively close one active connection  socket  to the port my program is listening on     The wording of the question is a bit off because a port number for the undesired inbound client connection is given and it was referred to as  port  but it s pretty clear that it was a reference to that one socket and not the listening port

User · Answer

If you re runnning on Windows 8  Windows Server 2012 or above with PowerShell v4 of above installed  you can use the below script   This finds the processes associated with the port  amp  terminates them   Code   which port do you want to kill  int  portOfInterest   80   fetch the process ids related to this port  int    processId   Get-NetTCPConnection -LocalPort  portOfInterest        Select-Object -ExpandProperty OwningProcess -Unique        Where-Object     -gt 0     kill those processes Stop-Process -Id  processId    Documentation    Get-NetTCPConnection - PowerShell s NetStat equivalent  Select-Object - Pull back specific properties from an object   remove duplicates Where-Object - Filter values based on some condition  Stop-Process - PowerShell s TaskKill equivalent

User · Answer

I found the right answer to this one  Try TCPView from Sysinternals  now owned by Microsoft  You can find it at http   technet microsoft com en-us sysinternals bb897437

User · Answer

Use TCPView  http   technet microsoft com en-us sysinternals bb897437 aspx or CurrPorts  https   www nirsoft net utils cports html Alternatively  if you don t want to use EXTERNAL SOFTWARE  these tools don t require an installation by the way   you can simply FIRST run the netstat command  preferably netstat -b    amp  then setup Local Security Policy to block the IP address of the user s machine in question  that s what I have been doing with unwanted or even unknown connections - that allows you doing everything WITHOUT ANY EXTERNAL SOFTWARE  everything comes with Windows

User · Answer

CurrPorts did not work for us and we could only access the server through ssh  so no TCPView either  We could not kill the process either  as to not drop other connections  What we ended up doing and was not suggested yet was to block the connection on Windows  Firewall  Yes  this will block all connections that fit the rule  but in our case there was a single connection  the one we were interested in    netsh advfirewall firewall add rule name  Conn hotfix  dir out action block protocol T CP remoteip 192 168 38 13   Replace the IP by the one you need and add other rules if needed

User · Answer

Yes there is possible to close TCP or UDP port there is a command in DOS   TASKKILL  f  pid 1234    I hope this will work for You

User · Answer

For instance you want to free the port 8080 Then  follow these commands    netstat -ano  taskkill  f  im  PID of the port 8080 got from previous command    Done

User · Answer

Try the tools TCPView  GUI  and Tcpvcon  command line  by Sysinternals Microsoft  https   docs microsoft com en-us sysinternals downloads tcpview

User · Answer

In order to close the port you could identify the process that is listening on this port and kill this process

User · Answer

If you know the port that you want to free you can sort your netstat list by looking for the specif port like this   netstat -ano   findstr  8080   Then the pid will appear at the rigth which you can kill with taskkill     taskkill pid 11704  F   Also you may want to look at this question  which is specifically for localhost  but I think it is relevant

User · Answer

You can t close sockets on your server without owning those sockets hence you can t actually close the socket down without having code running in the process that owns the server socket   However  there is another option which is telling the client to close its socket   Sending a RST TCP packet to the port the client is connecting on will cause the client to drop their connection   You can do that with RST scanning using nmap   http   nmap org

User · Answer

open cmd   type in netstat -a -n -o find TCP  the IP address   port number         target PID    ditto for UDP   Btw  kill  target PID  didn t work for me   CTRL ALT DELETE and choose  start task manager    Click on  Processes  tab Enable  PID  column by going to  View   Select Columns   Check the box for PID Find the PID of interest and  END PROCESS   Now you can rerun the server on  the IP address   port number  without a problem

User · Answer

wkillcx is a reliable windows command line tool for killing tcp connections from the command line that hasn t been mentioned    It does have issues with servers with large number of connections sometimes though  I sometimes use tcpview for interactive kills but wkillcx can be used in scripts

User · Answer

you can use program like tcpview from sysinternal  I guess it can help you a lot on both monitoring and killing unwanted connection

User · Answer

instant feasible partial answer   https   stackoverflow com a 20130959 2584794 unlike from the previous answer where netstat -a -o -n was used incredibly long list was to be looked into without the name of application using those ports

User · Answer

Use CurrPorts  it s free and no-install   http   www nirsoft net utils cports html   close  lt Local Address gt   lt Local Port gt   lt Remote Address gt   lt Remote Port gt   Process Name   Examples     Close all connections with remote port 80 and remote address 192 168 1 10    close     192 168 1 10 80   Close all connections with remote port 80  for all remote addresses     close       80   Close all connections to remote address 192 168 20 30    close     192 168 20 30     Close all connections with local port 80    close   80       Close all connections of Firefox with remote port 80    close       80 firefox exe   It also has a nice GUI with search and filter features   Note  This answer is huntharo and JasonXA s answer and comment put together and simplified to make it easier for readers  Examples come from CurrPorts  web page

User · Answer

You can t close sockets without shutting down the process that owns those sockets   Sockets are owned by the process that opened them   So to find out the process ID  PID  for Unix Linux   Use netstat like so   netstat -a -n -p -l   That will print something like   Active Internet connections  servers and established  Proto Recv-Q Send-Q Local Address               Foreign Address             State     PID Program name    tcp        0      0 127 0 0 1 25                0 0 0 0                     LISTEN     1879 sendmail  acce  tcp        0      0 0 0 0 0 21                  0 0 0 0                     LISTEN     1860 xinetd            Where -a prints all sockets  -n shows the port number  -p shows the PID  -l shows only what s listening  this is optional depending on what you re after    The real info you want is PID   Now we can shutdown that process by doing   kill 1879   If you are shutting down a service it s better to use   service sendmail stop   Kill literally kills just that process and any children it owns   Using the service command runs the shutdown script registered in the init d directory   If you use kill on a service it might not properly start back up because you didn t shut it down properly   It just depends on the service   Unfortunately  Mac is different from Linux Unix in this respect   You can t use netstat   Read this tutorial if you re interested in Mac   http   www tech-recipes com rx 227 find-out-which-process-is-holding-which-socket-open   And if you re on Windows use TaskManager to kill processes  and services UI to shutdown services   You can use netstat on Windows just like Linux Unix to identify the PID   http   www microsoft com resources documentation windows xp all proddocs en-us netstat mspx mfr true

[networking] How to close TCP and UDP ports via windows command line

Examples related to networking