isit?

netstat -a -n -o | find /i “1801”

List all connections and the PID of the process listening on that socket.
Only look for something listening on 1801 (MSMQ TCP port). The PID will be displayed in the last column.

Take the PID from the first command (last column) and put it after eq e.g. “PID eq 1234”

tasklist /svc /FI “PID eq %PIDHERE%”

So for example:
netstat -a -n -o | find /i “1801”
TCP    ip.add.re.ss:1801    ip.add.re.ss:8194    ESTABLISHED    3060

tasklist /svc /FI “PID eq 3060”
Image Name        PID    Services
========================================
RouterNT.exe      3060  Sophos Message Router

fucking sophos!