Mark Russinovich at www.sysinternals.com has released freeware utility TCPView which will show you detailed listings of all TCP and
UDP endpoints on your system, including the remote address and state of TCP
connections. Functional subset of netstat utility but with source code. Useful
to Windows NT admin.
TCPView it will enumerate all active TCP and UDP
endpoints, resolving all IP addresses to their domain name versions. A toolbar
button can be used to toggle the output to not resolving names, which in some
cases can speed output since there is no querying of DNS servers for
translations. The Ctrl-R hotkey will toggle TCPView between resolving names and
displaying raw IP addresses, and TCPView remembers the mode it was in last when
it is run again.
TCPView relies on the same SNMP (Simple Network Management Protocol)
interfaces that netstat uses to obtain TCP/IP information. The INETMIB1.DLL
library exports the TCP/IP SNMP interface on NT, calling into the TCP/IP
kernel-mode device driver (TCPIP.SYS) with IOCTL’s that return endpoint
information. The SNMP interfaces work similarly on Windows 98. There is some
documentation on SNMP, which is a general information retrieval interface that
is customized by individual information providers (like TCP/IP), in the
Microsoft Developer Network Library. The complete sources for the command-line
version of TCPView, netstatp, demonstrate the TCP/IP SNMP interface on NT and
are available here for download.
For background information, see TCP/IP Ports Used by Windows NT, Terminal Server and
Exchange
