LiveTcpUdpWatch v1.16 Copyright (c) 2018 - 2019 Nir Sofer Web site: http://www.nirsoft.net Description =========== LiveTcpUdpWatch is a tool for Windows that displays live information about all TCP and UDP activity on your system. Every line in the main table of LiveTcpUdpWatch displays the protocol (TCP/UDP/IPv4/IPv6), local/remote IP address, local/remote port, number of sent/received bytes, number of sent/received packets, connect/disconnect time (For TCP only), and the process (ID and path) responsible for this activity. LiveTcpUdpWatch vs CurrPorts vs NetworkTrafficView ================================================== This tool may look very similar to other tools of NirSoft - CurrPorts and NetworkTrafficView, but every tool behave differently and uses different technique to extract the network information. * CurrPorts displays the current table of active TCP connections and TCP/UDP listening ports. but this technique has some disadvantages, for example, if UDP packets are sent from your computer to remote network address, you won't see it with CurrPorts, because with UDP there is no really a connection and the UDP table contains only listening UDP ports. The advantage of CurrPorts is the ability to use it without elevation (Run As Administrator). * NetworkTrafficView uses network sniffing technique - It analyzes every packet sent/received by your network card and displays extensive summary according to the display mode you choose. The disadvantages of this tool: You have to choose a network card and capture method for activating the network sniffer. * LiveTcpUdpWatch uses event tracing API to get live information from Windows Kernel about every TCP/UDP packet sent/received on your system. As opposed to CurrPorts, it captures all UDP activity with process information, but without the need of using a network sniffer. System Requirements =================== This tool works on any version of Windows, starting from Windows XP and up to Windows 10. Both 32-bit and 64-bit versions of Windows are supported. On Windows Vista and later this tool requires to run as Administrator (elevation). Versions History ================ * Version 1.16: o Added 'Put Icon On Tray' option. * Version 1.15: o Added option to capture only the specified TCP/UDP ports (In 'Advanced Options' window - F9). * Version 1.13: o Added 'Save File Encoding' option. * Version 1.12: o Added 'Sort On Every Update' option. * Version 1.11: o Added 'Add Header Line To CSV/Tab-Delimited File' option (Turned on by default). o Added 'Always On Top' option. * Version 1.10: o Added command-line options to save the report of LiveTcpUdpWatch into a file without displaying any user interface. * Version 1.07: o Added 'Save All Items' option (Shift+Ctrl+S). * Version 1.06: o Added option to choose another font (name and size) to display in the main window. * Version 1.05: o Added new option: 'Exclude Localhost Addresses'; o Added new option: 'Automatically Scroll Down On New Items' * Version 1.00 - First release. Start Using LiveTcpUdpWatch =========================== LiveTcpUdpWatch doesn't require any installation process or additional DLL files. In order to start using it, simply run the executable file - LiveTcpUdpWatch.exe After running LiveTcpUdpWatch, it immediately starts display any TCP/UDP activity on your system. You can choose from the Options menu which protocols you want to capture (TCP, UDP, IPv4, IPv6). You can also press Ctrl+X (Clear All) to clear all accumulated data and start again with empty table. If you want to temporary stop the network tracing , simply uncheck the 'Capture Network Data' option or press F2. If you want to see only the active TCP connections, simply turn on the 'Remove Closed TCP Connections' option (Under the Options menu). Merge if only local port is different ===================================== If you want to decrease the number of lines displayed by LiveTcpUdpWatch, you can activate the following options: 'Merge TCP if only local port is different', 'Merge UDP if only local port is different' (Under the Options menu). For example: If your Web browser creates 5 TCP connections to the same IP address and the same port (80 or 443) - instead of 5 lines, you'll get the summary of all 5 connections in one line and the 'Connections Count' column will display '5'. For UDP, it's even more significant, because every DNS query is sent to the same remote address and port (53), but different local port, so activating the 'Merge UDP' option will put all DNS activity in one line instead of many lines. Command-Line Options ==================== /CaptureTime Specifies the capture time in milliseconds for the save command-line options (/stext, /stab, /scomma, and so on...) The default is 10000 milliseconds (10 seconds). /cfg Start LiveTcpUdpWatch with the specified configuration file. For example: LiveTcpUdpWatch.exe /cfg "c:\config\ltuw.cfg" LiveTcpUdpWatch.exe /cfg "%AppData%\LiveTcpUdpWatch.cfg" /stext Save the report of LiveTcpUdpWatch into a simple text file. /stab Save the report of LiveTcpUdpWatch into a tab-delimited text file. /scomma Save the report of LiveTcpUdpWatch into a comma-delimited text file (csv). /shtml Save the report of LiveTcpUdpWatch into HTML file (Horizontal). /sverhtml Save the report of LiveTcpUdpWatch into HTML file (Vertical). /sxml Save the report of LiveTcpUdpWatch into XML file. /sjson Save the report of LiveTcpUdpWatch into JSON file. /sort This command-line option can be used with other save options for sorting by the desired column. The parameter can specify the column index (0 for the first column, 1 for the second column, and so on) or the name of the column, like "Local Address" and "Remote Address". You can specify the '~' prefix character (e.g: "~Received Bytes") if you want to sort in descending order. You can put multiple /sort in the command-line if you want to sort by multiple columns. Translating LiveTcpUdpWatch to other languages ============================================== In order to translate LiveTcpUdpWatch to other language, follow the instructions below: 1. Run LiveTcpUdpWatch with /savelangfile parameter: LiveTcpUdpWatch.exe /savelangfile A file named LiveTcpUdpWatch_lng.ini will be created in the folder of LiveTcpUdpWatch utility. 2. Open the created language file in Notepad or in any other text editor. 3. Translate all string entries to the desired language. Optionally, you can also add your name and/or a link to your Web site. (TranslatorName and TranslatorURL values) If you add this information, it'll be used in the 'About' window. 4. After you finish the translation, Run LiveTcpUdpWatch, and all translated strings will be loaded from the language file. If you want to run LiveTcpUdpWatch without the translation, simply rename the language file, or move it to another folder. License ======= This utility is released as freeware. You are allowed to freely distribute this utility via floppy disk, CD-ROM, Internet, or in any other way, as long as you don't charge anything for this and you don't sell it or distribute it as a part of commercial product. If you distribute this utility, you must include all files in the distribution package, without any modification ! Disclaimer ========== The software is provided "AS IS" without any warranty, either expressed or implied, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. The author will not be liable for any special, incidental, consequential or indirect damages due to loss of data or any other reason. Feedback ======== If you have any problem, suggestion, comment, or you found a bug in my utility, you can send a message to nirsofer@yahoo.com