MobaXterm

https://mobaxterm.mobatek.net/

Description
MobaXterm is your ultimate toolbox for remote computing. In a single Windows application, it provides loads of functions that are tailored for programmers, webmasters, IT administrators and pretty much all users who need to handle their remote jobs in a more simple fashion. MobaXterm provides all the important remote network tools (SSH, X11, RDP, VNC, FTP, MOSH, …) and Unix commands (bash, ls, cat, sed, grep, awk, rsync, …) to Windows desktop, in a single portable exe file which works out of the box.

 

PuTTY

https://portableapps.com/apps/internet/putty_portable

Description
PuTTY is a free and open-source terminal emulator, serial console and network file transfer application. It supports several network protocols, including SCP, SSH, Telnet, rlogin, and raw socket connection. It can also connect to a serial port. PuTTY supports many variations on the secure remote terminal, and provides user control over the SSH encryption key and protocol version, alternate ciphers such as 3DES, Arcfour, Blowfish, DES, and Public-key authentication. It also can emulate control sequences from xterm, VT102 or ECMA-48 terminal emulation, and allows local, remote, or dynamic port forwarding with SSH (including X11 forwarding). The network communication layer supports IPv6, and the SSH protocol supports the [email protected] delayed compression scheme. It can also be used with local serial port connections. PuTTY comes bundled with command-line SCP and SFTP clients, called “pscp” and “psftp” respectively, and plink, a command-line connection tool, used for non-interactive sessions.

 

WinSCP

https://www.portablefreeware.com/index.php?id=214

Description
WinSCP (Windows Secure Copy) is a free and open-source SFTP, FTP, WebDAV, Amazon S3 and SCP client for Microsoft Windows. Its main function is secure file transfer between a local and a remote computer. Beyond this, WinSCP offers basic file manager and file synchronization functionality. For secure transfers, it uses Secure Shell (SSH) and supports the SCP protocol in addition to SFTP.

VM Health Monitor

https://www.manageengine.com/products/vm-health-monitor/free-vmware-health-monitor-index.html

Description
Virtual servers, as opposed to real physical servers, provide great cost benefits. The applications, services, together with the virtual servers, need to be up and running all the time. Any outages or performance degradation in the virtual servers, will effect the users of these applications and services. Hence it becomes imperative to monitor and manage those virtual servers continuously.

The Free “ManageEngine VM Health Monitor” tool will address this monitoring requirement. The ManageEngine VM Health Monitor tool, as the name implies, monitors important parameters of VMWare ESX and ESXi servers. The tool fetches comprehensive data about the servers and presents them as visually elegant graphs and reports. The relevant data, graphs and reports are displayed in a desktop tool dashboard providing wealth of information about the real-time functioning of the virtual servers.

The “ManageEngine VM Health Monitor” tool can monitor two VMWare servers simultaneously. ManageEngine VM Health Monitor tool provides an exclusive ESX / ESXi monitoring, as a desktop tool dashboard. It shows the actual resource utilization of the virtual servers alongwith CPU and memory utilization for each guest OS on the ESX / ESXi server. The dashboard quickly shows how many virtual machines are present, how many are powered on/off or suspended, how much CPU and memory are allocated to / consumed by each virtual machine etc., in an intuitive bar graph.

Using the tool, administrator can also set threshold values for CPU and memory usage, like critical and warning thresholds. If at all, the virtual servers behave abnormally and the CPU and memory utilization dangerously crosses the threshold limits, alert signals are shown in the dashboard tool. The IT administrator can than effortlessly manage instances to prevent server crash, or bring back the serveres to normal functioning state. The ManageEngine VM Health Monitor tool comes handy.

 

 

 

 

 

 

 

 

 

 

 

 

RVTools

https://www.robware.net/rvtools/

Description
RVTools is a windows .NET 4.6.1 application which uses the VI SDK to display information about you’re virtual environments. Interacting with VirtualCenter 2.5, ESX Server 3.5, ESX Server 3i, ESX Server 4i, VirtualCenter 4.x, ESX Server 4.x, VirtualCenter 5.x, VirtualCenter Appliance, ESX Server 5.x, VirtualCenter 6.0, ESX Server 6.0, VirtualCenter 6.5 and ESX Server 6.5. RVTools is able to list information about VMs, CPU, Memory, Disks, Partitions, Network, Floppy drives, CD drives, Snapshots, VMware tools, Resource pools, Clusters, ESX hosts, HBAs, Nics, Switches, Ports, Distributed Switches, Distributed Ports, Service consoles, VM Kernels, Datastores, multipath info, license info and health checks. With RVTools you can disconnect the cd-rom or floppy drives from the virtual machines and update the VMware Tools installed inside each virtual machine to the latest version.

HyperV Performance Monitor

https://www.manageengine.com/free-hyperv-performance-monitor/free-hyperv-performance-monitor-index.htm

Description
Hyper-V Performance Monitoring Free Tool helps monitor Hyper-V servers and VM running on it  for CPU, memory, disk read/write and network Rx/Tx traffic. Monitor performance for two Hyper-V servers simultaneously.

Monitor Hyper-V Performance

  • Monitor Hyper-V server for CPU, memory, disk read/write requests and network traffic
  • View the number of virtual machines present, check if the VMs are powered on/off and also watch it’s severity as Critical or Warning
  • Monitor storage, memory and network utilization of each guest VM installed in the ESX host
  • View CPU Usage/Distribution of each Virtual Machine in a graph with color coded alerts

Set Threshold & Refresh Time Value

  • Set warning and critical threshold values for CPU utilization
  • Set auto refresh time interval so that the GUI refreshes periodically to show the latest performance data
  • Retain the server credentials and set thresholds for subsequent restarts

Hyper-V Performance Reports

  • Generate real-time performance reports of hosts and VMs
  • Capture the details of OS, up time, VM count, CPU, memory, disk utilization ,etc. in PDF format

Print and/or email the reports to stake holders directly from the tool

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

VM Health Monitor

https://www.manageengine.com/products/vm-health-monitor/free-vmware-health-monitor-index.html

Description
View the number of virtual machines present, see if they are powered on/off or suspended Monitor VMware Esx and Esxi servers for CPU, memory, disk read/write, network Rx/Tx utilization and ensure you’re applications run smoothly.

VMware threshold settings

  • Set critical and warning thresholds values. If CPU and Memory utilization crosses the threshold limit, alerts are shown in the dashboard Tool.
  • Set refresh time interval and view the latest performance data periodically

Revo  Uninstaller

https://portableapps.com/apps/utilities/revo_uninstaller_portable

Description
Revo Uninstaller first runs the selected program’s built-in uninstaller, then searches and removes associated files and registry entries that the uninstaller may not have removed from the user’s drive.

Revo Uninstaller also cleans out:

  • Files in the temporary folder
  • Entries in the Windows start-up applications folder
  • Browser history and cache of Internet Explorer, Firefox, Opera and Netscape
  • The recently opened file list in Microsoft Office applications

Revo Uninstaller can also irrecoverably delete files.

A portable version is available that can be run without installing onto or modifying the system, in particular from external storage media such as USB and network drives.

The freeware version of Revo Uninstaller does not find or uninstall 64-bit applications.

The freeware version 2 of Revo Uninstaller does now support both 32-bit and 64-bit applications.

 

Online Tools

Qualys SSL Labs

COMODO SSL Analyzer

OpenSSL – CSR & Toolkit

 

DigiCert Utility

https://www.digicert.com/util/utility-check-ssl-certificate-chain.htm

Description
The free DigiCert Certificate Utility for Windows is an indispensable tool for administrators and a must-have for anyone that uses SSL Certificates for Websites and servers or Code Signing Certificates for trusted software with features like automatic CSR creation and SSL Certificate installation, easy code signing, and certificate troubleshooting and management.

Microsoft Security Compliance Manager

https://www.microsoft.com/en-us/download/details.aspx?id=53353

Description
The Security Compliance Manager (SCM) is a free tool from Microsoft that enables you to quickly configure, and manage the computers in your environment using Group Policy and Microsoft System Center Configuration Manager. This version of SCM supports Windows 10, and Windows Server 2016.
You can easily configure computers running Windows 10 and Windows Server 2016 based on Microsoft Recommended Security Baselines and industry best practices.

 

Microsoft Baseline Security Analyzer (Windows Server 2012 R2)

https://www.microsoft.com/en-us/download/details.aspx?id=7558

Description
The Microsoft Baseline Security Analyzer provides a streamlined method to identify missing security updates and common security misconfigurations.

Online Tools

Windows Crash Dump Analysis

 

ACT Deployment Guide

Description
This paper provides planning guidance for a Microsoft® Application Compatibility Toolkit (ACT) 5.6 deployment within an organization. It provides guidelines and procedures for IT Professionals on how to plan for, deploy, and provision resources for the most effective use of the Toolkit.
This information applies for the following operating systems:
– Windows® 7
– Windows Vista®
– Windows Vista with Service Pack 1
– Windows Server 2008 R2
– Microsoft Windows Server 2003
– Microsoft Windows XP with Service Pack 2 (SP2)
– Microsoft Windows 2000

 

CrystalDiskInfo

https://portableapps.com/apps/utilities/crystaldiskinfo_portable

Description
CrystalDiskInfo is a utility tool that can tell you about the hardware performance of your hard disk, including how likely it is to stop operating in the near future. The app gives you a complete readout of all your computer’s SMART information, as well as a current temperature and health status.

The interface can be easily navigated by anyone with an OK understanding of hard drives and the Windows OS. From the dashboard you can quickly see a long list of up-to-date system data. CrystalDiskInfo doesn’t have a lot of options here, or settings or deep drill down menus for that matter. It does, however, give you a clear and straightforward interface that shows all of the data it can retrieve* from each drive on your system.

CrystalDiskInfo can be configured to send you Alerts in the event that there is an issue with one of the drives being monitored. These alerts can be audible or via email, and you can also configure the frequency of application refresh data.

Quick Start Guides

Description
This paper provides step-by-step information about using the Microsoft® Application Compatibility Toolkit (ACT) 5.6 to create data collection packages (DCPs) and deploy them within your organization. This information applies to the following operating systems:
– Windows® 7
– Windows Vista®
– Windows Server® 2008 R2
– Microsoft Windows Server 2003
– Microsoft Windows XP with Service Pack 2 (SP2)
– Microsoft Windows 2000

Step-By-Step Guide

Description
This paper provides step-by-step information, guiding you through the major scenarios for using the Microsoft® Application Compatibility Toolkit (ACT) 5.6. This information applies for the following operating systems:
– Windows® 7 – Windows Vista®
– Windows Server 2008 R2
– Windows Server 2003
– Windows XP with Service Pack 2
– Microsoft Windows 2000

Application Compatibility Toolkit

https://www.microsoft.com/en-us/download/details.aspx?id=7352

Description
The Microsoft Application Compatibility Toolkit (ACT) 5.6 helps customers understand their application compatibility situation by identifying which applications are compatible with the Windows 7® and Windows Vista® operating system and which require further testing. ACT helps customers lower their costs for application compatibility testing, prioritize their applications, and deploy Windows more quickly.

You can use the ACT features to:

– Verify an application’s compatibility with a new version of the Windows operating system, or a Windows Update, including determining your risk assessment.

– Become involved in the ACT Community, including sharing your risk assessment with other ACT users.

– Test your Web applications and Web sites for compatibility with new releases and security updates to the Windows Internet Explorer® Internet browser.

 

Blue Screen View

https://www.nirsoft.net/utils/blue_screen_view.html

Description
Blue screens of death are a bit frightening, because they usually appear without prior notice and most importantly, because it’s hard to know what they really mean.

With BlueScreenView that last issue can be easily solved. This little app recovers the dump file created by any blue screen of death you’ve had lately and displays is again, so that you can look into the error message and look for possible solutions on Google.

BlueScreenView doesn’t require installation and is pretty straightforward – which is good, since it doesn’t include any documentation. The program can display the saved dump files as drivers list or just as the original blue screen, and also generate a report in HTML with all the info displayed on the interface.

 

PortQryUI

https://www.microsoft.com/en-us/download/details.aspx?id=24009

Description
PortQry is a utility that you can use to help troubleshoot TCP/IP connectivity issues. The application reports the port status of TCP and UDP ports on a computer you choose.

 

Process Explorer

https://portableapps.com/apps/utilities/process-explorer-portable

Description
The Process Explorer display consists of two sub-windows. The top window always shows a list of the currently active processes, including the names of their owning accounts, whereas the information displayed in the bottom window depends on the mode that Process Explorer is in: if it is in handle mode you’ll see the handles that the process selected in the top window has opened; if Process Explorer is in DLL mode you’ll see the DLLs and memory-mapped files that the process has loaded. Process Explorer also has a powerful search capability that will quickly show you which processes have particular handles opened or DLLs loaded.

The unique capabilities of Process Explorer make it useful for tracking down DLL-version problems or handle leaks, and provide insight into the way Windows and applications work.

 

Sysinternals Suite

https://docs.microsoft.com/en-us/sysinternals/downloads/sysinternals-suite

Description
The Sysinternals Troubleshooting Utilities have been rolled up into a single Suite of tools. This file contains the individual troubleshooting tools and help files. It does not contain non-troubleshooting tools like the BSOD Screen Saver or NotMyFault.

The Suite is a bundling of the following selected Sysinternals Utilities:

  • AccessChk
  • AccessEnum
  • AdExplorer
  • AdRestore
  • Autologon
  • Autoruns
  • BgInfo
  • CacheSet
  • ClockRes
  • Contig
  • Ctrl2Cap
  • DebugView
  • DiskExt
  • DiskMon
  • DiskView
  • Disk Usage (DU)
  • EFSDump

 

Vmss2core

https://labs.vmware.com/flings/vmss2core

Description
Vmss2core is a tool to convert VMware checkpoint state files into formats that third party debugger tools understand. It can handle both suspend (.vmss) and snapshot (.vmsn) checkpoint state files (hereafter referred to as a ‘vmss file’) as well as both monolithic and non-monolithic (separate .vmem file) encapsulation of checkpoint state data.
The vmss2core tool can produce core dump files for the Windows debugger (WinDbg), Red Hat crash compatible core files, a physical memory view suitable for the Gnu debugger gdb, Solaris MDB (XXX), and Mac OS X formats. Debugging Virtual Machines with the Checkpoint to Core Tool provides the usage information for the vmss2core tool. Note: This last update has improved support for Win 8.1/Win2012 R2 vmss files.

 

WhatIsHang

WhatIsHang (x64)

https://www.nirsoft.net/utils/what_is_hang.html

Description
Sometimes, Windows or a running application hangs, the user interface abruptly stops responding, and you cannot determine what has caused the problem or how to troubleshoot the issue. This utility tries to detect the software or process that is currently hung, and displays some information that may allow you to sort out and understand what exactly is at the root of such unexpected behavior. Most of the information displayed in WhatIsHang’s report, like Call Stack, Stack Data, Processor Registers, and Memory Data is designed for users with Windows programming knowledge. However, WhatIsHang also presents a list of strings and dll files related to the hang issue that can help users without programming skills understand and overcome the causes of the problem and restore normal operation.

 

 

Advanced IP Scanner

http://www.advanced-ip-scanner.com/news/?ID=7427

Description
Advanced IP Scanner is a free, fast and powerful network scanner with a user-friendly interface. In a few seconds, Advanced IP Scanner can locate all the computers on you’re wired or wireless local network and conduct a scan of there ports. The app scans all network devices, and gives you access to shared folders and FTP servers. It provides remote control of computers (via RDP and Radmin) and can even remotely switch computers off.

The program provides easy access to various network resources. It also enables you to detect all the IP addresses on you’re Wi-Fi network. The remote PC shutdown feature lets you shut down any remote computer or group of computers running Windows. You can also wake these machines up remotely using Advanced IP Scanner, if there network cards support the Wake-On-LAN function.

Key Features include:

  • Fast network scanning.
  • MAC addresses detection.
  • Remote access.
  • Create favourite.
  • Remote Wake-On-LAN.
  • Easy access to shared folders and FTP servers.
  • Remote control via RDP and Radmin.

Advanced IP Scanner also lets you scan RDP resources and access them directly from within the program You can also run ping, tracert, and SSH commands on a selected computer.

Advanced IP Scanner is also deeply integrated with Radmin remote control software. Advanced IP Scanner lets you scan you’re network, and find all computers running Radmin Server, and connect to any one of them in a click. The free Radmin Viewer needs to be installed on you’re PC for you to access a remote machine running Radmin Server. With Radmin, you can access the remote PC in Full Control, File Transfer, and Telnet modes.

Overall, Advanced IP Scanner is a fast, robust and easy to use IP scanner. It can locate all the computers on you’re network and provides easy access to there various resources, whether HTTP, HTTPS, FTP or shared folders. The app has been designed with a simple and intuitive interface that can be navigated by users of all levels of expertise.

 

 

 

 

 

 

 

 

 

 

 

 

AdapterWatch

https://www.nirsoft.net/utils/awatch.html

Description
AdapterWatch displays useful information about you’re network adapters: IP addresses, Hardware address, WINS servers, DNS servers, MTU value, Number of bytes received or sent, The current transfer speed, and more. In addition, it displays general TCP/IP/UDP/ICMP statistics for you’re local computer.
AdapterWatch doesn’t require any installation process or additional DLLs. Just copy the executable (awatch.exe) to any folder you like, and run it. The main window of AdapterWatch displays the current configuration and information about you’re network adapters. You can also view general TCP/IP/UDP/ICMP statistics for you’re local computer, by clicking the desired tab.

Release/renew IP address
On ‘Network Adapters’ tab, you can also release and renew IP addresses obtained through DHCP server. In order to do that, select the desired network adapter by clicking on it’s header, and than from the File menu (or from the popup menu), choose the desired action.

Command-Line Options

/stab <Filename> <Tab Number> Save adapters information into a tab-delimited text file. The tab number should be from 1 (for the first tab) to 5.
/shtml <Filename> <Tab Number> Save adapters information into HTML file.

Examples:
awatch.exe /shtml “c:\temp\report1.html” 1
awatch.exe /shtml “c:\temp\report2.html” 2
awatch.exe /stab “c:\temp\tab3.txt” 3

 

 

 

 

 

 

 

 

 

 

 

 

 

 

CurrPorts

https://www.nirsoft.net/utils/cports.html

Description
CurrPorts is network monitoring software that displays the list of all currently opened TCP/IP and UDP ports on you’re local computer. For each port in the list, information about the process that opened the port is also displayed, including the process name, full path of the process, version information of the process (product name, file description, and so on), the time that the process was created, and the user that created it. 
In addition, CurrPorts allows you to close unwanted TCP connections, kill the process that opened the ports, and save the TCP/UDP ports information to HTML file , XML file, or to tab-delimited text file. 
CurrPorts also automatically mark with pink color suspicious TCP/UDP ports owned by unidentified applications (Applications without version information and icons)

 Notice !

When the ‘Use DNS Cache For Host Names’ option is turned on, their is a significant memory leak on every refresh. This memory leak is not caused directly by CurrPorts, but by the DNS cache programming interface of Windows. Currently, I cannot find a workaround for this problem, so if you run CurrPorts for many hours in automatic refresh mode, its recommended to turn off the ‘Use DNS Cache For Host Names’ option.

Using CurrPorts
CurrPorts utility is a standalone executable, and it doesn’t require any installation process or additional DLLs. In order to start using it, just copy the executable file (cports.exe) to any folder you like, and run it.

The main window of CurrPorts displays the list of all currently opened TCP and UDP ports. You can select one or more items, and than close the selected connections, copy the ports information to the clipboard, or save it to HTML/XML/Text file. If you don’t want to view all available columns, or you want to change the order of the columns on the screen and in the files you save, select ‘Choose Column’ from the View menu, and select the desired columns and there order. In order to sort the list by specific column, click on the header of the desired column.

Integration with IPNetInfo utility
If you want to get more information about the remote IP address displayed in CurrPorts utility, you can utilize the Integration with IPNetInfo utility in order to easily view the IP address information from WHOIS servers:

 

 

 

 

 

 

 

 

 

 

 

NetCrunch Tools

https://www.adremsoft.com/netcrunch.tools/

Description
NetCrunch Tools is a completely free toolkit for network professionals, featuring Ping, Traceroute, Wake OnLAN, DNS Info, Who Is, Ping Scanner, Service Scanner, Open TCP Port Scanner, SNMP Scanner, DNS Audit and Mac Resolver in one.

NetCrunch Tools is a handy network troubleshooter which brings together 11 commonly-used tools.

They’re are old standards, like Ping and Traceroute. Enter an IP address or domain name, click Start and watch as the results are displayed.

If you need to check you’re entire network, than a Ping Scanner discovers used addresses, while other tools list MAC addresses, available network services, open TCP ports or basic SNMP information.

“Who Is” and “DNS Tools” tell you who owns a domain, and give you various other low-level details (Address record, Mail exchange record, more).

A “Wake On LAN” function allows you to turn on a computer remotely by entering it’s MAC address (assuming it supports that function), and a “DNS Audit” tries to identify DNS settings errors.

Basic IP Tools
Their are five tools included in the Basic IP Tools group,

  • Ping – test the reachability of a host on an IP network and measure the round-trip time for messages sent to a destination computer.
  • Traceroute – display the route and measure transit delays of packets across an IP network.
  • Wake on LAN
  • DNS Info – query DNS and get full information about given domain or address from the nearest DNS server.
  • Who Is – request information about given domain from the appropriate WHOIS server.

Subnet Tools
Three tools are listed in this group.

  • DNS Audit – identify DNS setting errors by scanning a range of IP addresses and performing reverse DNS lookup for each address.
  • MAC Resolver – scan given address range and than displays a list of MAC addresses for each address.
  • Subnet Calculator – calculate all IPv4 subnets upon given network mask parameters.

Scanners
Their are four different network scanners you can run under this category.

  • Ping Scanner – lets you to quickly scan a range of IP addresses periodically.
  • Network Service Scanner – discovers 70 well-known network services running on machines in the given network.
  • Open Port Scanner – discovers open TCP ports and display information about known services possibly running on the machine.
  • SNMP Scanner– check basic device information of SNMP nodes in the given network.

 

 

 

 

 

 

 

 

 

 

SmartSniff

https://www.nirsoft.net/utils/smsniff.html

Description
SmartSniff is a network monitoring utility that allows you to capture TCP/IP packets that pass through you’re network adapter, and view the captured data as sequence of conversations between clients and servers. You can view the TCP/IP conversations in Ascii mode (for text-based protocols, like HTTP, SMTP, POP3 and FTP.) or as hex dump. (for non-text base protocols, like DNS)
SmartSniff provides 3 methods for capturing TCP/IP packets Smartsniff can also capture data from other unsecured wireless networks, only on Windows 7/2008/Vista.

Notice !
If WinPcap is installed on you’re system, and you want to use the Microsoft Network Monitor Driver method, its recommended to run SmartSniff with /NoCapDriver, because the Microsoft Network Monitor Driver may not work properly when WinPcap is loaded too.

Using SmartSniff
In order to start using SmartSniff, simply copy the executable (smsniff.exe) to any folder you like, and run it (installation is not needed).
After running SmartSniff, select “Start Capture” from the File menu, or simply click the green play button in the toolbar. If its the first time that you use SmartSniff, you’ll be asked to select the capture method and the network adapter that you want to use. If WinPcap is installed on you’re computer, its recommended to use this method to capture packets.
After selecting the capture method and you’re network adapter, click the ‘OK’ button to start capturing TCP/IP packets. while capturing packets, try to browse some Web sites, or retrieve new emails from you’re email software. After stopping the capture (by clicking the red stop button) SmartSniff displays the list of all TCP/IP conversations the it captured. When you select a specific conversation in the upper pane, the lower pane displays the TCP/IP streams of the selected client-server conversation.

If you want the save the captured packets for viewing them later, use “Save Packets Data To File” option from the File menu.

Live Mode
Starting from version 1.10, a new option was added to ‘Advanced Options’ section – ‘Live Mode’. When SmartSniff capture packets in live mode, the TCP/IP conversations list is updated while capturing the packets, instead of updating it only after the capture is finished. Be aware that “Live Mode” requires more CPU resources then non-live mode. So if you’re computer is slow, or you’re have a very high traffic on you’re network, its recommended to turn off this option. 
Starting from version 1.20, you can also view the content of each TCP/IP conversation (in the lower pane) while capturing the packets. However, if the TCP/IP conversation is too large, you won’t be able to watch the entire TCP/IP conversation until the capture is stopped.

 

 

 

 

 

 

 

 

 

 

 

 

 

TCPView

https://portableapps.com/apps/utilities/tcpview-portable

Description
TCPView is a Windows program that will show you detailed listings of all TCP and UDP endpoints on you’re system, including the local and remote addresses and state of TCP connections. On Windows Server 2008, Vista, and XP, TCPView also reports the name of the process that owns the endpoint. TCPView provides a more informative and conveniently presented subset of the Netstat program that ships with Windows. The TCPView download includes Tcpvcon, a command-line version with the same functionality.

Using TCPView
When you start TCPView it will enumerate all active TCP and UDP endpoints, resolving all IP addresses to there domain name versions. You can use a toolbar button or menu item to toggle the display of resolved names. On Windows XP systems, TCPView shows the name of the process that owns each endpoint.

By default, TCPView updates every second, but you can use the Options|Refresh Rate menu item to change the rate. Endpoints that change state from one update to the next are highlighted in yellow; those that are deleted are shown in red, and new endpoints are shown in green.

You can close established TCP/IP connections (those labeled with a state of ESTABLISHED) by selecting File|Close Connections, or by right-clicking on a connection and choosing Close Connections from the resulting context menu.

You can save TCPView’s output window to a file using the Save menu item.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Wireshark

https://www.wireshark.org/download.html

Description
Wireshark is a professional protocol analyzer aimed to help users in troubleshooting, analysis, software and protocol development, and education. All of the standard features you expect to find in a protocol analyzer are here but Wireshark also has a few added extras because its open source and has been enhanced by its community of users. The contribution of global networking consultants across the globe are what make Wireshark a particularly powerful analyzer.

If you don’t have any network analyzing knowledge, Wireshark might make you feel a bit lost. The program does have an extensive manual and forum but unless you are familiar with protocol analysis, they won’t mean much to you. For those that are in the know, Wireshark features deep inspection of hundreds of protocols, live capture and offline analysis and even VoIP analysis. Any captured network data can be browsed via an easy to use GUI or alternatively via the TTY-mode TShark utility. In addition, live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on you’re platform).

Wireshark is a highly specialized tool that the average user won’t find much use for but for any network administrators out they’re, its an essential addition to you’re toolkit.