Manualshelf

User Guide

ManualsBrandsWinternals ManualsOtherTCPVIEW PROFESSIONAL
6789101112131415
TCPView Professional
User’s Guide
6 The Dynamic View
6.1 Interpreting the Dynamic View
The following screen shows an example of the kind of activity you will see in
the dynamic view:
The columns are defined as follows:
Seq: the sequence number of the event.
Process: the name of the process that owns the endpoint.
Action: the event type. This can be CONNECT, DISCONNECT,
SEND, RECEIVE, ACCEPT, or LISTEN.
Protocol: this shows the protocol of the endpoint, either UDP or TCP.
Local Address: shows the local IP address/port-pair of the endpoint. If
DNS name resolution is toggled on then the address is shown by
name, otherwise it is shown numerically.
Remote Address: shows the remote IP address/port-pair of the
endpoint, if applicable. Only TCP endpoints can have this field defined
with an address. UDP endpoints show "*.*" and TCP endpoints that
are not connected show “LISTENING”.
Status: either SUCCESS or ERROR
Bytes: the number of bytes sent or received. This field is only defined
for SEND and RECEIVE events.
The first line in the sample screen shows an Internet Explorer (IE) process,
which has created the TCP endpoint having the local address DUAL:1243,
connecting to the remote address mail.webserve.winternals.com:http. IE then
sends two 1-byte messages from UDP port 1235 to the same port (loop-
Winternals Software Page 9