How to close TCP and UDP ports via windows command line

Question

Does somebody knows how to close a TCP or UDP socket for a single connection via windows command line?

Googling about this, I saw some people asking the same thing.

Answer 1

You can't close sockets on your server without owning those sockets hence you can't actually close the socket down without having code running in the process that owns the server socket.

However, there is another option which is telling the client to close its socket. Sending a RST TCP packet to the port the client is connecting on will cause the client to drop their connection. You can do that with RST scanning using nmap.

http://nmap.org/

Answer 2

Use CurrPorts (it's free and no-install): http://www.nirsoft.net/utils/cports.html

/close <Local Address> <Local Port> <Remote Address> <Remote Port> {Process Name}

Examples:

# Close all connections with remote port 80 and remote address 192.168.1.10: 
/close * * 192.168.1.10 80
# Close all connections with remote port 80 (for all remote addresses): 
/close * * * 80
# Close all connections to remote address 192.168.20.30: 
/close * * 192.168.20.30 *
# Close all connections with local port 80: 
/close * 80 * *
# Close all connections of Firefox with remote port 80: 
/close * * * 80 firefox.exe

It also has a nice GUI with search and filter features.

Note: This answer is huntharo and JasonXA's answer and comment put together and simplified to make it easier for readers. Examples come from CurrPorts' web page.

Answer 3

You can't close sockets without shutting down the process that owns those sockets. Sockets are owned by the process that opened them. So to find out the process ID (PID) for Unix/Linux. Use netstat like so:

netstat -a -n -p -l

That will print something like:

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address               Foreign Address             State     PID/Program name   
tcp        0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN     1879/sendmail: acce 
tcp        0      0 0.0.0.0:21                  0.0.0.0:*                   LISTEN     1860/xinetd         

Where -a prints all sockets, -n shows the port number, -p shows the PID, -l shows only what's listening (this is optional depending on what you're after).

The real info you want is PID. Now we can shutdown that process by doing:

kill 1879

If you are shutting down a service it's better to use:

service sendmail stop

Kill literally kills just that process and any children it owns. Using the service command runs the shutdown script registered in the init.d directory. If you use kill on a service it might not properly start back up because you didn't shut it down properly. It just depends on the service.

Unfortunately, Mac is different from Linux/Unix in this respect. You can't use netstat. Read this tutorial if you're interested in Mac:

http://www.tech-recipes.com/rx/227/find-out-which-process-is-holding-which-socket-open/

And if you're on Windows use TaskManager to kill processes, and services UI to shutdown services. You can use netstat on Windows just like Linux/Unix to identify the PID.

http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/netstat.mspx?mfr=true

Answer 4

CurrPorts did not work for us and we could only access the server through ssh, so no TCPView either. We could not kill the process either, as to not drop other connections. What we ended up doing and was not suggested yet was to block the connection on Windows' Firewall. Yes, this will block all connections that fit the rule, but in our case there was a single connection (the one we were interested in):

netsh advfirewall firewall add rule name="Conn hotfix" dir=out action=block protocol=T
CP remoteip=192.168.38.13

Replace the IP by the one you need and add other rules if needed.

Answer 5

If you're runnning on Windows 8,`Windows Server 2012 or above with PowerShell v4 of above installed, you can use the below script. This finds the processes associated with the port & terminates them.

Code

#which port do you want to kill
[int]$portOfInterest = 80

#fetch the process ids related to this port
[int[]]$processId = Get-NetTCPConnection -LocalPort $portOfInterest | 
    Select-Object -ExpandProperty OwningProcess -Unique | 
    Where-Object {$_ -gt 0} 

#kill those processes
Stop-Process -Id $processId 

Documentation:

• Get-NetTCPConnection - PowerShell's NetStat equivalent
• Select-Object - Pull back specific properties from an object / remove duplicates
• Where-Object - Filter values based on some condition
• Stop-Process - PowerShell's TaskKill equivalent