- Article
By Mark Russinovich
Published: April 11, 2023
Download TCPView (1.5 MB)
Run now from Sysinternals Live.
Introduction
TCPView is a Windows program that will show you detailed listings of allTCP and UDP endpoints on your system, including the local and remoteaddresses and state of TCP connections. TCPView also reports the name of the processthat owns the endpoint. TCPView provides a more informative and conveniently presentedsubset of the Netstat program that ships with Windows. The TCPViewdownload includes Tcpvcon, a command-line version with the samefunctionality.
Using TCPView
When you start TCPView it will enumerate all active TCP and UDPendpoints, resolving all IP addresses to their domain name versions. Youcan use a toolbar button or menu item to toggle the display of resolvednames. TCPView shows the name of the process that owns each endpoint, including the service name (if any).
By default, TCPView updates every second, but you can use theOptions|Refresh Rate menu item to change the rate. Endpoints thatchange state from one update to the next are highlighted in yellow;those that are deleted are shown in red, and new endpoints are shown ingreen.
You can close established TCP/IP connections (those labeled with a stateof ESTABLISHED) by selecting File|Close Connections, or byright-clicking on a connection and choosing Close Connections fromthe resulting context menu.
You can save TCPView's output window to a file using the Save menuitem.
Using Tcpvcon
Tcpvcon usage is similar to that of the built-in Windows netstatutility:
Usage:
tcpvcon [-a] [-c] [-n] [process name or PID]| Parameter | Description |
|---|---|
| -a | Show all endpoints (default is to show established TCP connections). |
| -c | Print output as CSV. |
| -n | Don't resolve addresses. |
Download TCPView (1.5 MB)
Run now from Sysinternals Live.
Runs on:
- Client: Windows 8.1 and higher.
- Server: Windows Server 2012 and higher.
