In one of the previous Tools articles, I discussed about monitoring file operations. Now, let's move on to monitoring network connections.

For these, I use the TCPView, which can disconnect or close active network connections. TCPView shows the processes, the corresponding Process ID (PID), the local IP address a process is using to communicate with the remote IP address, on which source, destination ports and the network state (ESTABLISHED, CLOSE_WAIT, FIN_WAIT1, FIN_WAIT2, LISTENING, TIME_WAIT, SYN_SENT).

If I need to do some spelunking (don't you just love Splunk for shortening the word?), I'll use WireShark. WireShark shows everything you need to know about a network packet. Source IP, Destination IP, Source Port, Destination Port, etc.