Copyright © 1998 Mark Russinovich |
Last
Updated June 11, 1998, Version 1.0 |
Introduction | TCPView is a Windows program that
will show you detailed listings of all TCP and UDP
endpoints on your system, including the remote address
and state of TCP connections. TCPView provides a
conveniently presented subset of the Netstat program that
ships with Windows NT and Windows 98. TCPView works on NT 4.0 and Windows 98. You an use TCPView on Windows 95 if you get the Windows 95 Winsock 2 Update from Microsoft. |
|
Using TCPView | When you
start TCPView it will enumerate all active TCP and
UDP endpoints, resolving all IP addresses to their domain
name versions. A toolbar button can be used to toggle the
output to not resolving names, which in some cases can
speed output since there is no querying of DNS servers
for translations. The Ctrl-R hotkey will toggle TCPView
between resolving names and displaying raw IP addresses,
and TCPView remembers the mode it was in last when
it is run again. The display can be refreshed with the F5 hot-key or the Refresh toolbar button. Finally, TCPView's output window can be saved to a file using the Save functionality. |
|
Source Code to Netstatp | Wonder how TCPView works? It relies on the same SNMP (Simple Network Management Protocol) interfaces that netstat uses to obtain TCP/IP information. The INETMIB1.DLL library exports the TCP/IP SNMP interface on NT, calling into the TCP/IP kernel-mode device driver (TCPIP.SYS) with IOCTL's that return endpoint information. The SNMP interfaces work similarly on Windows 98. There is some documentation on SNMP, which is a general information retrieval interface that is customized by individual information providers (like TCP/IP), in the Microsoft Developer Network Library. The complete sources for the command-line version of TCPView, netstatp, demonstrate the TCP/IP SNMP interface on NT and are available here for download. | |