TCPView is a free Sysinternals tool from Microsoft allowing you to monitor TCP and UDP endpoints. It has the same purpose as the command line tool netstat that comes with Windows. Contrary to netstat, TCPView is a GUI tool. Usually, it is the first tool I use if strange things are happening on a computer, i.e. if I think that it might have been infected by spyware or other malware.
TCPView lists the process, the local TCP port, the remote address and the state of the TCP connection. If you want to get more details about the program, for example where the exe file is located, you just have to right click and select “Process Properties”. You can also terminate a connection or end the process.
There is a command line version of TCPView (Tcpvcon) which is similar to netstat. TCPView runs Windows Server 2008/Vista/NT/2000/XP and Windows 98/Me.
When you start TCPView it will enumerate all active TCP and UDP endpoints, resolving all IP addresses to their domain name versions. You can use a toolbar button or menu item to toggle the display of resolved names. On Windows XP systems, TCPView shows the name of the process that owns each endpoint.
By default, TCPView updates every second, but you can use the Options|Refresh Rate menu item to change the rate. Endpoints that change state from one update to the next are highlighted in yellow; those that are deleted are shown in red, and new endpoints are shown in green.
You can close established TCP/IP connections (those labeled with a state of ESTABLISHED) by selecting File|Close Connections, or by right-clicking on a connection and choosing Close Connections from the resulting context menu.
You can save TCPView’s output window to a file using the Save menu item.
Tcpvcon usage is similar to that of the built-in Windows netstat utility:
Usage: tcpvcon [-a] [-c] [-n] [process name or PID]
-a – how all endpoints (default is to show established TCP connections).
-c – Print output as CSV.
-n – Don’t resolve addresses.
Download TCPView this includes Tcpvcon from here