233

Does somebody knows how to close a TCP or UDP socket for a single connection via windows command line?

Googling about this, I saw some people asking the same thing. But the answers looked like a manual page of netstat or netsh commands focusing on how to monitor the ports. I don't want answers on how to monitor them (I already do this). I want to close/kill them.

EDIT, for clarification: Let's say that my server listens TCP port 80. A client makes a connection and port 56789 is allocated for it. Then, I discover that this connection is undesired (e.g. this user is doing bad things, we asked them to stop but the connection didn't get dropped somewhere along the way). Normally, I would add a firewall to do the job, but this would take some time, and I was in an emergency situation. Killing the process that owns the connection is really a bad idea here because this would take down the server (all users would lose functionality when we just want to selectively and temporally drop this one connection).

huntharo
  • 2,616
  • 21
  • 23
Victor Stafusa - BozoNaCadeia
  • 13,995
  • 13
  • 56
  • 72
  • 1
    Why? You can't close ports from the command line, or files either. You have to close the programs that own them. Or are you referring to firewall operations? Your question remains unclear. – user207421 Dec 31 '11 at 20:02

18 Answers18

170

  1. open cmd

    • type in netstat -a -n -o

    • find TCP [the IP address]:[port number] .... #[target_PID]# (ditto for UDP)

    • (Btw, kill [target_PID] didn't work for me)

  2. CTRL+ALT+DELETE and choose "start task manager"

    • Click on "Processes" tab

    • Enable "PID" column by going to: View > Select Columns > Check the box for PID

    • Find the PID of interest and "END PROCESS"

  3. Now you can rerun the server on [the IP address]:[port number] without a problem

HaoQi Li
  • 11,970
  • 14
  • 58
  • 77
  • 20
    What you are saying is just to kill the server process and rerun it, which is something that I wanted to avoid, as this would drop every connection to the server, not just the undesired one. – Victor Stafusa - BozoNaCadeia Apr 18 '13 at 17:32
  • 8
    Sorry I didn't help solving your specific question. I was just providing my answer as your question showed up when I was googling for how to simply close a windows port, and thought it might be helpful to others who had my issue as well. :) – HaoQi Li May 04 '13 at 23:29
  • 3
    @HaoQiLi, You can't just simply end everything and anything. E.g. `System` process that handles the windows network connections. – Pacerier Jan 23 '15 at 10:32
  • 3
    @HaoQiLi i think to close we can use `taskkill /pid 6168 /f` 6168 is the pid – Madhawa Priyashantha Sep 30 '15 at 03:06
  • 22
    ridiculous this answer has so many upvotes when question clearly states SINGLE CONNECTION not entire process!!! – Mike Oct 24 '15 at 19:54
  • note that in Windows `-a` does not show all ports, you need to use `-q` to include those in `BOUND` state – Martin Lyne Sep 04 '19 at 14:51
150

If you know the port that you want to free you can sort your netstat list by looking for the specif port like this:

netstat -ano | findstr :8080

Then the pid will appear at the rigth which you can kill with taskkill.

enter image description here

taskkill /pid 11704 /F

Also you may want to look at this question which is specifically for localhost, but I think it is relevant:

Boussadjra Brahim
  • 82,684
  • 19
  • 144
  • 164
Felipe Centeno
  • 2,911
  • 1
  • 21
  • 39
82

Yes, this is possible. You don't have to be the current process owning the socket to close it. Consider for a moment that the remote machine, the network card, the network cable, and your OS can all cause the socket to close.

Consider also that Fiddler and Desktop VPN software can insert themselves into the network stack and show you all your traffic or reroute all your traffic.

So all you really need is either for Windows to provide an API that allows this directly, or for someone to have written a program that operates somewhat like a VPN or Fiddler and gives you a way to close sockets that pass through it.

There is at least one program (CurrPorts) that does exactly this and I used it today for the purpose of closing specific sockets on a process that was started before CurrPorts was started. To do this you must run it as administrator, of course.

Note that it is probably not easily possible to cause a program to not listen on a port (well, it is possible but that capability is referred to as a firewall...), but I don't think that was being asked here. I believe the question is "how do I selectively close one active connection (socket) to the port my program is listening on?". The wording of the question is a bit off because a port number for the undesired inbound client connection is given and it was referred to as "port" but it's pretty clear that it was a reference to that one socket and not the listening port.

Ian Kemp
  • 28,293
  • 19
  • 112
  • 138
huntharo
  • 2,616
  • 21
  • 23
  • 4
    Yes, CP is a wonderful tool: CurrPorts.exe /close {Process Name} This would be the line: CurrPorts.exe /close * 56789 * * server.exe – JasonXA May 11 '14 at 08:49
  • CurrPorts doesn't seem to be able to close UDP multicast connections coming from a process – george_h Aug 13 '15 at 09:02
79

For instance you want to free the port 8080 Then, follow these commands.

 netstat -ano
 taskkill /f /im [PID of the port 8080 got from previous command]

Done!

Rahul
  • 2,580
  • 1
  • 20
  • 24
  • 1
    Right, it helps to actually print out the PID when trying to locate the PID. (Who are these people?). – Adrian M. Apr 26 '17 at 01:42
  • 7
    this is also killing the process of pid mentioned & not just closing port. – NDestiny Sep 18 '17 at 11:35
  • 2
    I tested on Windows 10 and it does not kill the TCP Connection alone but the whole Process or Thread using it. As Victor stated that's not his goal. – Sebastian Feb 07 '19 at 10:45
35

Use TCPView: http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx
or CurrPorts: https://www.nirsoft.net/utils/cports.html

Alternatively, if you don't want to use EXTERNAL SOFTWARE (these tools don't require an installation by the way), you can simply FIRST run the netstat command (preferably netstat -b ) & then setup Local Security Policy to block the IP address of the user's machine in question, that's what I have been doing with unwanted or even unknown connections - that allows you doing everything WITHOUT ANY EXTERNAL SOFTWARE (everything comes with Windows)...

Pang
  • 9,564
  • 146
  • 81
  • 122
Vman
  • 351
  • 3
  • 2
  • Worked for me as well. I used Local Security Policy -> IPSecurity Policies on Local Computer. UI is quite intuitive. – Puterdo Borato Aug 09 '17 at 13:54
  • 1
    Tried this out, the close connection is greyed out for ipv6, what is the alternative to close ipv6 if any? – jjxtra Apr 10 '19 at 20:15
  • Process Hacker (it appears it's now called System Informer) has this feature, too. Most current version here: https://processhacker.sourceforge.io/nightly.php – mprost Nov 30 '22 at 15:05
30

Try the tools TCPView (GUI) and Tcpvcon (command line) by Sysinternals/Microsoft.
https://learn.microsoft.com/en-us/sysinternals/downloads/tcpview

Pang
  • 9,564
  • 146
  • 81
  • 122
Patrick
  • 309
  • 3
  • 2
9

Use CurrPorts (it's free and no-install): http://www.nirsoft.net/utils/cports.html

/close <Local Address> <Local Port> <Remote Address> <Remote Port> {Process Name}

Examples:

# Close all connections with remote port 80 and remote address 192.168.1.10: 
/close * * 192.168.1.10 80
# Close all connections with remote port 80 (for all remote addresses): 
/close * * * 80
# Close all connections to remote address 192.168.20.30: 
/close * * 192.168.20.30 *
# Close all connections with local port 80: 
/close * 80 * *
# Close all connections of Firefox with remote port 80: 
/close * * * 80 firefox.exe

It also has a nice GUI with search and filter features.

Note: This answer is huntharo and JasonXA's answer and comment put together and simplified to make it easier for readers. Examples come from CurrPorts' web page.

qwertzguy
  • 15,699
  • 9
  • 63
  • 66
7

You can't close sockets without shutting down the process that owns those sockets. Sockets are owned by the process that opened them. So to find out the process ID (PID) for Unix/Linux. Use netstat like so:

netstat -a -n -p -l

That will print something like:

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address               Foreign Address             State     PID/Program name   
tcp        0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN     1879/sendmail: acce 
tcp        0      0 0.0.0.0:21                  0.0.0.0:*                   LISTEN     1860/xinetd

Where -a prints all sockets, -n shows the port number, -p shows the PID, -l shows only what's listening (this is optional depending on what you're after).

The real info you want is PID. Now we can shutdown that process by doing:

kill 1879

If you are shutting down a service it's better to use:

service sendmail stop

Kill literally kills just that process and any children it owns. Using the service command runs the shutdown script registered in the init.d directory. If you use kill on a service it might not properly start back up because you didn't shut it down properly. It just depends on the service.

Unfortunately, Mac is different from Linux/Unix in this respect. You can't use netstat. Read this tutorial if you're interested in Mac:

http://www.tech-recipes.com/rx/227/find-out-which-process-is-holding-which-socket-open/

And if you're on Windows use TaskManager to kill processes, and services UI to shutdown services. You can use netstat on Windows just like Linux/Unix to identify the PID.

http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/netstat.mspx?mfr=true

Jim G.
  • 15,141
  • 22
  • 103
  • 166
chubbsondubs
  • 37,646
  • 24
  • 106
  • 138
  • He's made a clarification about his question which is remote client sockets which can be closed with other tools as others have pointed out. This answer is mostly focused on server sockets which can't (without fiddling around inside the OS). This is how to cleanly bring down a process that owns a server socket which is what you want to do if that's the port. But, if you have lots of incoming connections to your server that's a different situation and you definitely can kill those. It's not wrong just not quite what the OP was asking. – chubbsondubs Jan 23 '15 at 22:26
  • 2
    You should remove the "kill the process" part, because it is not an answer to the question. You could also stop the Network-Adapter to stop the Traffic but it still doesn't kill the Socket only! – Sebastian Feb 07 '19 at 10:52
  • Answer is correct only for ipv6, for ipv4 you can call SetTcpEntry – jjxtra Apr 10 '19 at 19:55
5

If you know the particular port you want to kill, simply open Command Prompt as admin (on windows) and:

npx kill-port 1900

1900 above is the port number in my case. I use this most times when I want to close a port that React-Native developer tools (and Expo) is running on. Reason being that even after closing the developer window or stopping the server, the port still somehow remains in use.

AnatuGreen
  • 579
  • 7
  • 14
3

I found the right answer to this one. Try TCPView from Sysinternals, now owned by Microsoft. You can find it at http://technet.microsoft.com/en-us/sysinternals/bb897437

Michael Mueller
  • 251
  • 2
  • 9
3

wkillcx is a reliable windows command line tool for killing tcp connections from the command line that hasn't been mentioned. It does have issues with servers with large number of connections sometimes though. I sometimes use tcpview for interactive kills but wkillcx can be used in scripts.

user3310805
  • 31
  • 1
  • http://superuser.com/questions/384758/how-to-kill-a-particular-tcp-connection-in-windows#comment-1154518 – Pacerier Jan 23 '15 at 15:43
3

You can't close sockets on your server without owning those sockets hence you can't actually close the socket down without having code running in the process that owns the server socket.

However, there is another option which is telling the client to close its socket. Sending a RST TCP packet to the port the client is connecting on will cause the client to drop their connection. You can do that with RST scanning using nmap.

http://nmap.org/

chubbsondubs
  • 37,646
  • 24
  • 106
  • 138
2

you can use program like tcpview from sysinternal. I guess it can help you a lot on both monitoring and killing unwanted connection.

Mochan
  • 21
  • 1
1

CurrPorts did not work for us and we could only access the server through ssh, so no TCPView either. We could not kill the process either, as to not drop other connections. What we ended up doing and was not suggested yet was to block the connection on Windows' Firewall. Yes, this will block all connections that fit the rule, but in our case there was a single connection (the one we were interested in):

netsh advfirewall firewall add rule name="Conn hotfix" dir=out action=block protocol=T
CP remoteip=192.168.38.13

Replace the IP by the one you need and add other rules if needed.

afarah
  • 748
  • 3
  • 19
1

In order to close the port you could identify the process that is listening on this port and kill this process.

Darin Dimitrov
  • 1,023,142
  • 271
  • 3,287
  • 2,928
  • 2
    @Victor, I saw it but there's no way to forcibly close a port without bringing down the process. Another possibility is to write the server program in such a way that you have some sort of control panel when you can monitor and administer clients. – Darin Dimitrov Jan 01 '12 at 10:15
  • 1
    Also, if the interface on which the socket is listening is brought down, the socket will close. – rustyx Nov 11 '15 at 12:57
  • I believe he was asking for an example. – eyoeldefare Dec 24 '18 at 21:39
-1

instant/feasible/partial answer : https://stackoverflow.com/a/20130959/2584794

unlike from the previous answer where netstat -a -o -n was used incredibly long list was to be looked into without the name of application using those ports

Community
  • 1
  • 1
Anup
  • 4,024
  • 1
  • 18
  • 27
  • 6
    This is almost the same thing as HaoQi Li's answer. This would kill the server process dropping every connection, and not just the undesired one. The challenge is to drop just the undesired one and nothing more. – Victor Stafusa - BozoNaCadeia Nov 21 '13 at 20:28
  • I agree with Victor. That's not the answer to the question. So you could also disable the Network-Adapter... – Sebastian Feb 07 '19 at 10:49
-2

If you're runnning on Windows 8,`Windows Server 2012 or above with PowerShell v4 of above installed, you can use the below script. This finds the processes associated with the port & terminates them (i.e. kills the process along with its connection; not just the connection).

Code

#which port do you want to kill
[int]$portOfInterest = 80

#fetch the process ids related to this port
[int[]]$processId = Get-NetTCPConnection -LocalPort $portOfInterest | 
    Select-Object -ExpandProperty OwningProcess -Unique | 
    Where-Object {$_ -gt 0} 

#kill those processes
Stop-Process -Id $processId

Documentation:

JohnLBevan
  • 22,735
  • 13
  • 96
  • 178
  • 3
    I tested on Windows 10 and it does not kill the TCP Connection alone but the whole Process or Thread using it. As Victor stated that's not his goal. – Sebastian Feb 07 '19 at 10:45
-4

Yes there is possible to close TCP or UDP port there is a command in DOS 

TASKKILL /f /pid 1234

I hope this will work for You

Bijay Budhathoki
  • 186
  • 12
  • 4
    I tested on Windows 10 and it does not kill the TCP Connection alone but the whole Process or Thread using it. As Victor stated that's not his goal. – Sebastian Feb 07 '19 at 10:44