TCPView


TCPView, shown in Figure A-4, is a real-time network connection monitor that displays a detailed list of all TCP and UDP connections. Details include the process associated with the connection, the protocol used, local and remote connection addresses, and the current state of the connection.

image from book
Figure A-4

When you start TCPView it will enumerate all active TCP and UDP endpoints, resolving all IP addresses to their domain name versions. You can use a toolbar button or menu item to toggle the display of resolved names.

By default, TCPView updates every second, but you can use the Options image from book Refresh Rate menu item to change this rate. Changes in connection state from one update to the next are highlighted in yellow; connections that are closed are shown in red, and new connections are shown in green.

You can close established TCP/IP connections (those labeled with a state of ESTABLISHED) by selecting File image from book Close Connections, or by right-clicking on a connection and choosing Close Connections from the resulting context menu.

You can also save TCPView’s output window to a file using the Save menu item.




Professional Rootkits
Professional Rootkits (Programmer to Programmer)
ISBN: 0470101547
EAN: 2147483647
Year: 2007
Pages: 229
Authors: Ric Vieler

Similar book on Amazon
Rootkits: Subverting the Windows Kernel
Rootkits: Subverting the Windows Kernel
A Guide to Kernel Exploitation: Attacking the Core
A Guide to Kernel Exploitation: Attacking the Core
Reversing: Secrets of Reverse Engineering
Reversing: Secrets of Reverse Engineering
Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code
Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net