Monday, May 12, 2014

Viewing TCP/UDP Information on Windows

I occasionally need to quickly identify which ports are being used on a Windows-based system. This post briefly summarizes the two approaches I typically use to do this.

The netstat tool is a command-line tool that can be run in the "Command Prompt". I typically like to use the netstat options -n, -a, and -o. The available netstat commands can be viewed on the command line by running "netstate/?"

When I want the ability to easily sort the output, the graphical tool TCPView is handy. Although this often requires a separate download the first time it is run, it is a small tool that is quickly downloaded and easily installed by unzipping it. The executable can then be run by clicking on Tcpview.exe. The graphical tool displays (and allows sorting by) process names, process identifiers (PIDs), protocols, local and remote addresses, local and remote port numbers, and states.

TCPView is provided by the wholly-owned Microsoft subsidiary Windows Sysinternals as part of its Networking Utilities.

When a particular process ID is needed, it can be found through Windows's Task Manager or on the command line with the command tasklist.