| By Ryan Russell |
The free TCPView utility shows which programs are responsible for which network connections.
Free up bandwidth and stay safe by identifying the network links that you don’t need or that jeopardize your security.
Identify the apps that are reaching out
In my Apr. 24 column, I mentioned in passing Microsoft’s free TCPView utility (developed by Sysinternals), which displays all the network connections made to and from your computer and identifies the program responsible for each connection.
Suppose you find some interesting network traffic by using Wireshark, the packet-monitoring utility I described in the previous column, and you wonder which program is responsible for the transmission. Since Wireshark works at the network-driver level, the monitor has no idea which program is generating which packets.
In some cases, the source will be obvious from the traffic. For example, many ports are assigned to specific purposes. If a computer has connected to yours at port 1433, it’s a fairly safe bet that SQL Server is responsible for the connection, since the program is assigned to that port.
However, you probably have dozens of programs installed on your computer that are HTTP clients and thus use port 80. These include not only the obvious Web browsers but also any self-updating programs such as media players, games, and many Office-type applications. How do you know which program initiated the network session? TCPView can show you.
Link a program to its network connections
Unlike most other network-monitoring utilities, TCPView is simple and single-purpose. The program displays everything you need to see in one window, and you probably won’t need to change the utility’s default settings (see Figure 1).