TCPView is a Windows application that lets you view detailed listings relating to all UDP and TCP endpoints right on your system. The listings include remote and local addresses and TCP connections’ state. Complete Listings. TCPView is a program ideal for people who would like to know the backend of things on their computer.
- One of the most useful features of running PsExec under an alternative account is using the -s switch. This switch allows PsExec (and your remotely-executed application) to run under the remote (or local) computer’s LOCAL SYSTEM account. Notice below I didn’t include a remote computer name.
- I certainly don't see Currports and TCPView as substitutes for Wireshark-maybe for each other? They are valuable in providing a moving snapshot of your network connections as seen by your computer. But Wireshark is a dynamic protocol analyzer observing the actual packet traffic between your computer and the network (AKA packet sniffer-formerly.
- Alternatives to TCPView for Windows, Linux, Mac, Android, Software as a Service (SaaS) and more. Filter by license to discover only free or Open Source alternatives. This list contains a total of 10 apps similar to TCPView. List updated: 12:21:00 AM.
- Top 15 TCPView Alternative and Similar Softwares Mar 2020 TCPView is a Windows program that will show you detailed listings of all TCP and UDP endpoints on your system, including the local and remote addresses and state of TCP connections.
Sysinternals Suite
The entire set of Sysinternals Utilities rolled up into a single download.
Sysinternals Suite for Nano Server
Sysinternals Utilities for Nano Server in a single download.
Sysinternals Suite for ARM64
Sysinternals Utilities for ARM64 in a single download.
AccessChk
v6.13 (October 15, 2020)
AccessChk is a command-line tool for viewing the effective permissionson files, registry keys, services, processes, kernel objects, and more.
AccessEnum
v1.32 (November 1, 2006)
This simple yet powerful security tool shows you who has what access todirectories, files and Registry keys on your systems. Use it to findholes in your permissions.
AdExplorer
v1.50 (November 04, 2020)
Active Directory Explorer is an advanced Active Directory (AD) viewerand editor.
AdInsight
v1.2 (October 26, 2015)
An LDAP (Light-weight Directory Access Protocol) real-time monitoringtool aimed at troubleshooting Active Directory client applications.
AdRestore
v1.2 (November 25, 2020)
Undelete Server 2003 Active Directory objects.
Autologon
v3.10 (August 29, 2016)
Bypass password screen during logon.
Autoruns
v13.98 (June 24, 2020)
See what programs are configured to startup automatically when yoursystem boots and you login. Autoruns also shows you the full list ofRegistry and file locations where applications can configure auto-startsettings.
BgInfo
v4.26 (October 19, 2018)
This fully-configurable program automatically generates desktopbackgrounds that include important information about the systemincluding IP addresses, computer name, network adapters, and more.
BlueScreen
v3.2 (November 1, 2006)
This screen saver not only accurately simulates Blue Screens, butsimulated reboots as well (complete with CHKDSK), and works on WindowsNT 4, Windows 2000, Windows XP, Server 2003 and Windows 95 and 98.
CacheSet
v1.0 (November 1, 2006)
CacheSet is a program that allows you to control the Cache Manager'sworking set size using functions provided by NT. It's compatible withall versions of NT.
ClockRes
v2.1 (July 4, 2016)
View the resolution of the system clock, which is also the maximum timerresolution.
Contig
v1.8 (July 4, 2016)
Wish you could quickly defragment your frequently used files? Use Contigto optimize individual files, or to create new files that arecontiguous.
Coreinfo
v3.31 (August 18, 2014)
Coreinfo is a new command-line utility that shows you the mappingbetween logical processors and the physical processor, NUMA node, andsocket on which they reside, as well as the cache’s assigned to eachlogical processor.
Ctrl2cap
v2.0 (November 1, 2006)
This is a kernel-mode driver that demonstrates keyboard input filteringjust above the keyboard class driver in order to turn caps-locks intocontrol keys. Filtering at this level allows conversion and hiding ofkeys before NT even 'sees' them. Ctrl2cap also shows how to useNtDisplayString() to print messages to the initialization blue-screen.
DebugView
v4.90 (April 23, 2019)
Another first from Sysinternals: This program intercepts calls made toDbgPrint by device drivers and OutputDebugString made by Win32 programs.It allows for viewing and recording of debug session output on yourlocal machine or across the Internet without an active debugger.
Desktops
v2.0 (October 17, 2012)
This new utility enables you to create up to four virtual desktops andto use a tray interface or hotkeys to preview what’s on each desktop andeasily switch between them.
Disk2vhd
v2.01 (January 21, 2014)
Disk2vhd simplifies the migration of physical systems into virtualmachines (p2v.md).
DiskExt
v1.2 (July 4, 2016)
Display volume disk-mappings.
Diskmon
v2.01 (November 1, 2006)
This utility captures all hard disk activity or acts like a softwaredisk activity light in your system tray.
DiskView
v2.41 (October 15, 2020)
Graphical disk sector utility.
Disk Usage (DU)
v1.62 (November 04, 2020)
View disk usage by directory.
EFSDump
v1.02 (November 1, 2006)
View information for encrypted files.
FindLinks
v1.1 (July 4, 2016)
FindLinks reports the file index and any hard links (alternate filepaths on the same volume.md) that exist for the specified file. A file'sdata remains allocated so long as at it has at least one file namereferencing it.
Handle
v4.22 (June 14, 2019)
This handy command-line utility will show you what files are open bywhich processes, and much more.
Hex2dec
v1.1 (July 4, 2016)
Convert hex numbers to decimal and vice versa.
Junction
v1.07 (July 4, 2016)
Create Win2K NTFS symbolic links.
LDMDump
v1.02 (November 1, 2006)
Dump the contents of the Logical Disk Manager's on-disk database, whichdescribes the partitioning of Windows 2000 Dynamic disks.
ListDLLs
v3.2 (July 4, 2016)
List all the DLLs that are currently loaded, including where they areloaded and their version numbers.
LiveKd
v5.62 (May 16, 2017)
Use Microsoft kernel debuggers to examine a live system.
LoadOrder
v1.01 (July 4, 2016)
See the order in which devices are loaded on your WinNT/2K system.
LogonSessions
v1.41 (November 25, 2020)
List the active logon sessions on a system.
MoveFile
v1.01 (January 24, 2013)
Allows you to schedule move and delete commands for the next reboot.
NotMyFault
v4.01 (November 18, 2016)
Notmyfault is a tool that you can use to crash, hang, and cause kernelmemory leaks on your Windows system.
NTFSInfo
v1.2 (July 4, 2016)
Use NTFSInfo to see detailed information about NTFS volumes, includingthe size and location of the Master File Table (MFT) and MFT-zone, aswell as the sizes of the NTFS meta-data files.
PendMoves
v1.2 (February 5, 2013)
Enumerate the list of file rename and delete commands that will beexecuted the next boot.
PipeList
v1.02 (July 4, 2016)
Displays the named pipes on your system, including the number of maximuminstances and active instances for each pipe.
PortMon
v3.03 (January 12, 2012)
Monitor serial and parallel port activity with this advanced monitoringtool. It knows about all standard serial and parallel IOCTLs and evenshows you a portion of the data being sent and received. Version 3.x haspowerful new UI enhancements and advanced filtering capabilities.
ProcDump
v10.0 (September 17, 2020)
This command-line utility is aimed at capturing process dumps ofotherwise difficult to isolate and reproduce CPU spikes. It also servesas a general process dump creation utility and can also monitor andgenerate process dumps when a process has a hung window or unhandledexception.
Process Explorer
v16.32 (April 28, 2020)
Find out what files, registry keys and other objects processes haveopen, which DLLs they have loaded, and more. This uniquely powerfulutility will even show you who owns each process.
Tcpview Alternative Exercises
Process Monitor
v3.60 (September 17, 2020)
Monitor file system, Registry, process, thread and DLL activity inreal-time.
PsExec
v2.2 (June 29, 2016)
Execute processes on remote systems.
PsFile
v1.03 (June 29, 2016)
See what files are opened remotely.
PsGetSid
v1.45 (June 29, 2016)
Displays the SID of a computer or a user.
PsInfo
v1.78 (June 29, 2016)
Obtain information about a system.
PsKill
v1.16 (June 29, 2016)
Terminate local or remote processes.
PsPing
v2.01 (January 29, 2014)
Measure network performance.
PsList
v1.4 (June 29, 2016)
Show information about processes and threads.
PsLoggedOn
v1.35 (June 29, 2016)
Show users logged on to a system.
PsLogList
v2.8 (June 29, 2016)
Dump event log records.
PsPasswd
v1.24 (June 29, 2016)
Changes account passwords.
PsService
v2.25 (June 29, 2016)
View and control services.
PsShutdown
v2.52 (December 4, 2006)
Shuts down and optionally reboots a computer.
PsSuspend
v1.07 (June 29, 2016)
Suspend and resume processes.
PsTools
v2.45 (July 4, 2016)
The PsTools suite includes command-line utilities for listing theprocesses running on local or remote computers, running processesremotely, rebooting computers, dumping event logs, and more.
RAMMap
v1.60 (October 15, 2020)
An advanced physical memory usage analysis utility that presents usageinformation in different ways on its several different tabs.
RegDelNull
v1.11 (July 4, 2016)
Scan for and delete Registry keys that contain embedded null-charactersthat are otherwise undeleteable by standard Registry-editing tools.
Registry Usage (RU)
v1.2 (July 4, 2016)
View the registry space usage for the specified registry key.
RegJump
v1.1 (April 20, 2015)
Jump to the registry path you specify in Regedit.
SDelete
v2.04 (November 25, 2020)
Securely overwrite your sensitive files and cleanse your free space ofpreviously deleted files using this DoD-compliant secure delete program.
ShareEnum
v1.6 (November 1, 2006)
Scan file shares on your network and view their security settings toclose security holes.
ShellRunas
v1.01 (February 28, 2008)
Launch programs as a different user via a convenient shell context-menuentry.
Sigcheck
v2.80 (June 24, 2020)
Dump file version information and verify that images on your system aredigitally signed.
Streams
v1.6 (July 4, 2016)
Reveal NTFS alternate streams.
Strings
v2.53 (July 4, 2016)
Search for ANSI and UNICODE strings in binary images.
Sync
v2.2 (July 4, 2016)
Flush cached data to disk.
Sysmon
v12.03 (November 25, 2020)
Monitors and reports key system activity via the Windows event log.
TCPView
v3.05 (July 25, 2011)
Active socket command-line viewer.
VMMap
v3.31 (November 04, 2020)
VMMap is a process virtual and physical memory analysis utility.
VolumeId
v2.1 (July 4, 2016)
Set Volume ID of FAT or NTFS drives.
Whois
v1.20 (December 11, 2019)
See who owns an Internet address.
WinObj
v2.23 (November 25, 2020)
The ultimate Object Manager namespace viewer is here.
ZoomIt
v4.52 (December 11, 2019)
Presentation utility for zooming and drawing on the screen.
A lot of the software installed on a computer these days requires some form of internet access even if the software itself has no need for a web connection during normal usage. “Phoning home” is a term used to describe the process of software connecting to its own server probably to send statistical data, to check for software updates or even to verify the validity of the license. As useful as it is for software developers, it can also be a threat. Malicious software can be programmed to secretly use your internet connection in a similar way and is not visible unless you know how to check.
With so many programs periodically going online, it can be difficult to stay totally safe. If you are the adventurous type that downloads and plays around with lots of software especially the dangerous ones such as key generators, patches, cracks or hack tools, then you must be even more careful to check if it’s secretly phoning home. What you need is something to give a picture of what is going on with the internet connection and what software is actually trying to use it. Sometimes there will be a function in your internet security software to monitor what’s happening on the network, but if you don’t have the option, you need another way to find out.
Here’s a selection of 10 easy to use tools to check what programs and processes are trying to access the internet so you have a better idea what’s trying to phone home. All the tools are portable unless stated.1. Proc Net Monitor
This is from SecurityXploded who make a lot of internet and network tools and will monitor the network activity of all running processes on your system while also showing active network connections for each process and what ports are being used in the windows below. There is only one display option which is to filter a specific port, although you can kill an active suspicious process, send the process to Virus Total for a security scan and also save the results from the window to a log file. Sadly there is no auto refresh option and you have to click the button manually. Proc Net Monitor has portable and installer versions available and works on Windows XP to 8.
Download Proc Net Monitor
2. NetLimiter Monitor
This is the only tool in the list that specifically requires installation, but is a plain and simple network monitoring tool that shows which programs are accessing the internet along with their respective upload and download speeds. You can choose to list active, inactive, hidden or all processes and clicking on the tree icon for the process will show its ID and all the active connections for it along with their individual speeds. Net Limiter installs as a trial of the shareware traffic management software, you need to register for a free serial key to turn the program into the free monitor. There’s also an older version 2 download available.
Download Net Limiter Monitor
3. Sysinternals TCPView
Made by the same developer as Process Explorer, TCPView is a simple endpoint viewer to show all active connections on the computer. It displays the local and remote addresses and ports, sent and received data amounts and also the current state of the connection. New connections show in green, changed in yellow and closed in red. To filter out the listening and unconnected processes click the icon on the toolbar (Ctrl+U), and the auto refresh speed can be altered in the View menu. You can also end the chosen process or connection by right clicking on the entry and save the window contents to a text file. Works on XP and above.
Download Sysinternals TCPView
4. TCPMonitor
TCPMonitor is a similar tool and functions the same way as Sysinternals TCPView but is a little more user friendly. It displays the necessary ports, addresses, status and process name/PID and clicking on the toolbar icons will enable auto refreshing and filtering in only established connections. Clicking on a process can kill it, close the active connection, copy the address and an interesting feature which is a primitive IP blacklist which will block any IP address you add to it. There’s also options to change the coded colors, show a small network stats window, save the window content to a text file and periodically save the data to a log file. Works on Windows XP and above.
Download TCPMonitor
5. Moo0 ConnectionWatcher
ConnectionWatcher is another simple to use tool that displays all the connections made by the processes on your computer and has around 15 different skins to make the interface more appealing. It does have a small overall network monitor and graph at the bottom, and also a useful log tab where you can record and save up to 3000 events to a HTML file. You can also set the auto update refresh to real time if needed, but it will put extra load on the CPU. A useful option the program could do with is the ability to filter out things like UDP, listening or closed connections etc. Works on Windows XP and above with portable or setup installer versions available.
Download Moo0 ConnectionWatcher
6. NetWorx
SoftPerfect Networx is a popular internet bandwidth and usage monitor which also happens to have a simple TCP/UDP connections monitor built in. Simply right click on the tray icon and select NetStat to open the connections window. It’s pretty basic and has a few options to automatically refresh the window, resolve addresses to host names and show only established connections which will declutter the list somewhat. Right click on a program and click Terminate to quickly close it. If you want to auto refresh the window, it’s best to turn off the resolve addresses option to stop a lag in the display. NetWorx is compatible with Windows 2000 and above with installer or portable versions available.
Download NetWorx
7. CurrPorts
This tool is by NirSoft and has a display similar to TCPView but with far more comprehensive options to control how the program behaves if you want to use them. In addition to all the address, port and process details, there’s also information such as window name, used services, attributes etc, and the large options menu allows you to show or hide several connection and port items from the display. CurrPorts also has advanced filters and can specifically include/exclude selected processes, ports and addresses while allowing you to close selected connections or kill the related process. All connections can be logged in real time to a text file, accessible from the File menu. CurrPorts works on Windows 98 and above.
Download CurrPorts
8. Process Explorer
Sysinternals Process Explorer is similar to Windows Task Manager but far more advanced. The good thing about using Process Explorer to check for connections to the internet is the ability to easily just look at a single process and not all at once. You can also set it up as a basic network traffic monitor by going to View menu -> Select Columns -> Process Network tab and choose the sends and receives you want in the window.
To get information on a specific process simply double click on any process from the list and go to the TCP/IP tab. It will show listening and established connections along with TCP, TCPv6 and UDP protocols created by the process with the option to resolve the addresses. The color coding is the same as TCPView for new, changed or closed connections.
Process Explorer is loved by techies and isn’t difficult to use for just about anyone with average knowledge. Works on Windows XP and above.
Download Process Explorer
9. SterJo NetStalker
NetStalker is a very intriguing program because apart from being a monitor to see which processes are accessing the internet, it also features a rather primitive firewall that can block addresses or ports while it’s running. The connections tab displays the usual information, tasks can be killed and connections closed. UDP and listening connections can be filtered out via the Options menu. Any new task that wants to create a connection will popup a box allowing you to trust, get details or kill it, and you can setup rules to allow or block specified ports or remote addresses through the Policy tab. The firewall function can be disabled by allowing all traffic if you don’t want it. NetStalker portable is preferable as the installer version contains adware.
Download SterJo NetStalker
10. Windows Resource Monitor
Because they’re tucked away, many users tend to forget about some of the useful tools inside Windows, and Resource Monitor can display a whole host of information about disk, CPU, memory and network activity. It’s accessible a variety of ways including “perfmon.exe /res” from the Run dialog or from the Performance tab in Task Manager. Click on the Network tab and you’ll get a list of processes, TCP connections and listening ports along with a graph of the last 60 seconds activity. Windows 7 and 8 have the most useful monitor, there is also a reduced version in Vista.
Note: There are obviously many alternative software tools that also have a network monitor option such as Cucusoft Net Guard or System Explorer to name a couple.
You might also like:
Determine Program Path from Task Manager for Running Process2 Tools to Monitor Specific Processes and Trigger actions
5 Ways to Find What Programs are Accessing Your Hard Disk Drive6 Tools to Permanently Set Process Priority in Windows7 Tools to Restore Your Internet Connection by Repairing WinsockGreat posting, HAL9000. Installed MooO Connection Watcher instead and I’m pretty happy with that. Thanks again and keep up the great work.
Replynice one Ray. I just checked it out.
ReplyTcp View 2019
Thank you very much Raymond!
ReplyI’ve learned something new again Raymond. We shouldn’t be complacent to the software we’re about to use most especially when we are always connected to the internet. Phoning home… I’ll remember that. Thanks a lot for your info.
ReplyThanks. Always nice to learn something “new” about Process Explorer.
ReplyTHANKS !
ReplyVery interesting Raymond ! Thanks for this tip.
ReplyGreat tip. I generally use TCP view by sysinternals.
ReplyProblem is, TCPVIEW.EXE works great until someone figures out how to stop it from seeing bytes transferred/sent. I am assuming only malware would be interested in stopping TCPVIEW from seeing bytes sent/transferred.
I did the following:
DISM /ONLINE /CLEANUP-IMAGE /RESTOREHEALTH
and
SFC /SCANNOW
and Full Windows Defender scan
but nothing…
Thanks Raymond. I have been using process explorer for quite a few times now and never knew this before. It was helpful.
Reply