Share this question

Welcome to Teachnovice Q&A, where you can ask questions and receive answers from other members of the community.

This is a collaboratively edited question and answer site for computer enthusiasts and power users. It's 100% free, no registration required.

How to close TCP and UDP ports via windows command line

1 like 0 dislike
64 views
Does somebody knows how to close a TCP or UDP socket for a single connection via windows command line?

Googling about this, I saw some people asking the same thing. But the answers looked like a manual page of netstat or netsh commands focusing on how to monitor the ports. I don't want answers on how to monitor them (I already do this). I want to close/kill them.

EDIT, for clarification: Let's say that my server listens TCP port 80. A client makes a connection and port 56789 is allocated for it. Then, I discover that this connection is undesired (e.g. this user is doing bad things, we asked them to stop but the connection didn't get dropped somewhere along the way). Normally, I would add a firewall to do the job, but this would take some time, and I was in an emergency situation. Killing the process that owns the connection is really a bad idea here because this would take down the server (all users would lose functionality when we just want to selectively and temporally drop this one connection).
asked Jun 6, 2013 by anonymous
Why? You can't close ports from the command line, or files either. You have to close the programs that own them. Or are you referring to firewall operations? Your question remains unclear.
I can understand the down vote. But why the close votes? This question is legitimate
It's not a real question. It has no answer. It can't be done
It is a real question, since I was asking for something and was expecting a answer (even if the answer was a deceptive "no, you can't do that"). And, it was answered and I accepted an answer. More, even your "It can't be done" IS a valid answer too. Thus, this question is valid.

6 Answers

1 like 0 dislike
 
Best answer
Yes, this is possible. You don't have to be the current process owning the socket to close it. Consider for a moment that the remote machine, the network card, the network cable, and your OS can all cause the socket to close.

Consider also that Fiddler and Desktop VPN software can insert themselves into the network stack and show you all your traffic or reroute all your traffic.

So all you really need is either for Windows to provide an API that allows this directly, or for someone to have written a program that operates somewhat like a VPN or Fiddler and gives you a way to close sockets that pass through it.

There is at least one program (CurrPorts) that does exactly this and I used it today for the purpose of closing specific sockets on a process that was started before CurrPorts was started. To do this you must run it as administrator, of course.

Note that it is probably not easily possible to cause a program to not listen on a port (well, it is possible but that capability is referred to as a firewall...), but I don't think that was being asked here. I believe the question is "how do I selectively close one active connection (socket) to the port my program is listening on?". The wording of the question is a bit off because a port number for the undesired inbound client connection is given and it was referred to as "port" but it's pretty clear that it was a reference to that one socket and not the listening port.
answered Jun 6, 2013 by anonymous
0 like 0 dislike

You can't close sockets without shutting down the process that owns those sockets. Sockets are owned by the process that opened them. So to find out the process ID (PID) for Unix/Linux. Use netstat like so:

netstat -a -n -p -l

That will print something like:

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address               Foreign Address             State     PID/Program name   
tcp        0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN     1879/sendmail: acce 
tcp        0      0 0.0.0.0:21                  0.0.0.0:*                   LISTEN     1860/xinetd         

Where -a prints all sockets, -n shows the port number, -p shows the PID, -l shows only what's listening (this is optional depending on what you're after).

The real info you want is PID. Now we can shutdown that process by doing:

kill 1879

If you are shutting down a service it's better to use:

service sendmail stop

Kill literally kills just that process and any children it owns. Using the service command runs the shutdown script registered in the init.d directory. If you use kill on a service it might not properly start back up because you didn't shut it down properly. It just depends on the service.

Unfortunately, Mac is different from Linux/Unix in this respect. You can't use netstat. Read this tutorial if you're interested in Mac:

http://www.tech-recipes.com/rx/227/find-out-which-process-is-holding-which-socket-open/

And if you're on Windows use TaskManager to kill processes, and services UI to shutdown services. You can use netstat on Windows just like Linux/Unix to identify the PID.

http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/netstat.mspx?mfr=true

 

 

answered Jun 6, 2013 by anonymous
0 like 0 dislike

open cmd

  • type in netstat -a -n -o

  • find TCP [the IP address]:[port number] .... #[target_PID]# (ditto for UDP)

  • (Btw, kill [target_PID] didn't work for me)

CTRL+ALT+DELETE and choose "start task manager"

  • Click on "Processes" tab

  • Enable "PID" column by going to: View > Select Columns > Check the box for PID

  • Find the PID of interest and "END PROCESS"

Now you can rerun the server on [the IP address]:[port number] without a problem

 

answered Jun 6, 2013 by anonymous
What you are saying is just to kill the server process and rerun it, which is something that I wanted to avoid, as this would drop every connection to the server, not just the undesired one
Sorry I didn't help solving your specific question. I was just providing my answer as your question showed up when I was googling for how to simply close a windows port, and thought it might be helpful to others who had my issue as well
0 like 0 dislike

In order to close the port you could identify the process that is listening on this port and kill this process.

answered Jun 6, 2013 by anonymous
I saw it but there's no way to forcibly close a port without bringing down the process. Another possibility is to write the server program in such a way that you have some sort of control panel when you can monitor and administer clients
0 like 0 dislike
You can't close sockets on your server without owning those sockets hence you can't actually close the socket down without having code running in the process that owns the server socket.

However, there is another option which is telling the client to close its socket. Sending a RST TCP packet to the port the client is connecting on will cause the client to drop their connection. You can do that with RST scanning using nmap.
answered Jun 6, 2013 by anonymous
0 like 0 dislike
Try the sysinternals/microsoft tool tcpview (gui) and Tcpvcon (command line)
answered Jun 6, 2013 by anonymous
...