Track Those TCP Ports
TCPView ferrets out connection information.
Some time ago, one of my clients was having a problem
with a Web server — every so often, though it would
accept connections on TCP port 80, it wouldn't send back
HTML data on that port. Eventually, we tracked this to
a rogue process that was hijacking the port, but only
after a great deal of detective work.
Too bad we didn't have a copy of TCPView Pro, which would
have given us the answer in seconds. The TCP/IP protocol
supports TCP connections for reliable communications and
UDP connections for unreliable communications. Both protocols
allow processes on the computer to grab a particular port
and address for communications. But Windows doesn't provide
you with a good way of viewing the information detailing
what process is using what port to communicate with a
particular IP address.
That's where TCPView Pro comes in. The TCPView Pro display
consists of two sections. The top section shows you all
connections that currently exist on your computer, along
with local and remote addresses, process name, and the
amount of data sent and received. The bottom section shows
you data as it goes by, permitting you to identify active
ports. This lets you quickly find processes that are using
particular ports, whether they're services you've intentionally
loaded or virus activity.
|TCPView Professional displays complete
details of all TCP and UDP connections. (Click
image to view larger version.)
TCPView Pro can show you raw IP addresses or DNS lookups
to let you locate a particular remote computer's connection.
TCPView Pro performed flawlessly on every system where
I tried it, from my own desktop to a busy Web server.
The interface is clean and efficient, the information
presented is essential for understanding what's going
on in the computer, and the price is trivial.
All in all, another big win for the Winternals folks.
About the Author
Mike Gunderloy, MCSE, MCSD, MCDBA, is a former MCP columnist and the author of numerous development books.