Apr 162008
 


TCPView is a free Sysinternals tool from Microsoft allowing you to monitor TCP and UDP endpoints. It has the same purpose as the command line tool netstat that comes with Windows. Contrary to netstat, TCPView is a GUI tool. Usually, it is the first tool I use if strange things are happening on a computer, i.e. if I think that it might have been infected by spyware or other malware.

TCPView lists the process, the local TCP port, the remote address and the state of the TCP connection. If you want to get more details about the program, for example where the exe file is located, you just have to right click and select “Process Properties”. You can also terminate a connection or end the process.

There is a command line version of TCPView (Tcpvcon) which is similar to netstat. TCPView runs Windows Server 2008/Vista/NT/2000/XP and Windows 98/Me.

Using TCPView

When you start TCPView it will enumerate all active TCP and UDP endpoints, resolving all IP addresses to their domain name versions. You can use a toolbar button or menu item to toggle the display of resolved names. On Windows XP systems, TCPView shows the name of the process that owns each endpoint.

By default, TCPView updates every second, but you can use the Options|Refresh Rate menu item to change the rate. Endpoints that change state from one update to the next are highlighted in yellow; those that are deleted are shown in red, and new endpoints are shown in green.

You can close established TCP/IP connections (those labeled with a state of ESTABLISHED) by selecting File|Close Connections, or by right-clicking on a connection and choosing Close Connections from the resulting context menu.

You can save TCPView’s output window to a file using the Save menu item.
Tcpvcon Usage

Tcpvcon usage is similar to that of the built-in Windows netstat utility:

Usage: tcpvcon [-a] [-c] [-n] [process name or PID]

-a – how all endpoints (default is to show established TCP connections).

-c – Print output as CSV.

-n – Don’t resolve addresses.

Download TCPView this includes Tcpvcon from here

Screenshot

Incoming search terms:

  One Response to “How to view active TCP and UDP connections in Windows Server 2008/Vista/XP/2000”

  1. or you can type

    netstat -an in the cmd

    -a – this parameter defines that you want to view all connections
    -n – this parameter defines that you wish to view the address of the remotely connected server/user in numerical format rather than by hostname.

    Additional useful parameters:

    -b – this will print the name of the executable file that is in communication with the remote client
    -v – When used in conjunction with -b, will display sequence of components involved in creating the connection or listening port for all executables.

 Leave a Reply

(required)

(required)

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>