TCPView is a free program for Microsoft Windows platforms that shows TCP and UDP endpoints. The program can also show the name of the program that owns the network connections. It was written by Mark Russinovich of Sysinternals (which got acquired by Microsoft).
TCPView provides more information than
netstat. The information updates once a second by default. The lines are highlighted in different colors to represent the state of the connection:
- green is a new connection
- yellow is a connection that has changed
- red is a connection that was deleted
The TCPView program can itself close connections. Under the hood, it employs the IPHelper API. TCPView is helpful in discovering malicious traffic and programs running on your system.
