TCPView enumerates active TCP and UDP ports

by Wayne Maples [Published on 20 April 2004 / Last Updated on 20 April 2004]

Mark Russinovich at www.sysinternals.com has released freeware utility TCPView which will show you detailed listings of all TCP and UDP endpoints on your system, including the remote address and state of TCP connections. Functional subset of netstat utility but with source code. Useful to Windows NT admin.

TCPView it will enumerate all active TCP and UDP endpoints, resolving all IP addresses to their domain name versions. A toolbar button can be used to toggle the output to not resolving names, which in some cases can speed output since there is no querying of DNS servers for translations. The Ctrl-R hotkey will toggle TCPView between resolving names and displaying raw IP addresses, and TCPView remembers the mode it was in last when it is run again.

TCPView relies on the same SNMP (Simple Network Management Protocol) interfaces that netstat uses to obtain TCP/IP information. The INETMIB1.DLL library exports the TCP/IP SNMP interface on NT, calling into the TCP/IP kernel-mode device driver (TCPIP.SYS) with IOCTL's that return endpoint information. The SNMP interfaces work similarly on Windows 98. There is some documentation on SNMP, which is a general information retrieval interface that is customized by individual information providers (like TCP/IP), in the Microsoft Developer Network Library. The complete sources for the command-line version of TCPView, netstatp, demonstrate the TCP/IP SNMP interface on NT and are available here for download.

For background information, see TCP/IP Ports Used by Windows NT, Terminal Server and Exchange

See Also

Featured Links