Doug Vitale Tech Blog

Using netstat with TCPEye and CurrPorts

Several of the programs described in this blog (such as SamSpade, SuperScan, and LanSpy) are basically graphical front ends for issuing common network query and diagnostic commands, and displaying their results. The aforementioned tools make it easy to use commands like ping, traceroute, nslookup, whois and others, and the results of these commands are presented in easy-to-read formats.

Two popular graphical interfaces for the netstat command are TCPEye and Currports. To properly utilize these tools, you need to first understand the function of the netstat command. Netstat displays protocol statistics and the current TCP/IP connections of the computer on which it was invoked.

TCPEye user interface

Scan results and lookup options in TCPEye v1.0

Jump to:


TCPEye by TCPMonitor is one of the most popular items in’s Network Tools category. Version 1.0 was released in February 2010 and was the most recent release at the time of writing. TCPEye appears to perform the netstat -b -n -a -P TCP command (or something similar) and it then displays the results graphically. It then gives you the ability to perform whois and GeoIP lookups on the remote IP addresses.

GeoIP lookup in TCPEye

The results of a GeoIP lookup performed in TCPEye v1.0

The real value of a utility like TCPEye is revealed when you compare the results of the netstat command in a command line environment, such as Windows Powershell, with the results of netstat performed within TCPEye. Here are screenshots of netstat performed in the command line and in the graphical utility.

Netstat in Windows PowerShell

The netstat command performed within Windows PowerShell

TCPEye netstat

The same netstat results in TCPEye v1.0

In my opinion the netstat results are far easier to view and work with in TCPEye than in Windows PowerShell or the Windows command prompt. TCPEye presents the data in the following columns:

  • Process – the process that is using a TCP/IP connection, such as firefox.exe.
  • Local Address – this is the socket (IP address and port number) on your computer that the process is using, such as
  • Remote Address – this is the socket (IP address and port number) of the destination host that is talking with your computer, such as
  • State – the state of the TCP/IP connection between the local and remote hosts. The state can be Established, Time_Wait, Syn_Sent, Fin_Wait, Close_Wait.
  • Protocol – the protocol in use for the connection, such as TCPv4 or TCPv6.
  • Country – the country of origin of the remote address.
  • Process Path – the path to the process executable, such as C:Program Files\Mozilla Firefox\firefox.exe.
  • Product Name – the recognized name of the application using the process, such as ‘Firefox’ or ‘Microsoft Office Word’ for winword.exe.
  • Company Name – the software vendor.
  • File Description – usually the same as the product name.
  • File Version – the exact version of the process executable. You can find this by right-clicking the .exe file and looking at Properties.


A very similar tool to TCPEye is CurrPorts by NirSoft. CurrPorts is like TCPEye on steroids. Unlike TCPEye, CurrPorts is portable (doesn’t need to be installed; can be run by just launching cports.exe) and it offers more features and options, as shown below.

CurrPorts user interface

Netstat results in the CurrPorts v2.10 user interface

CurrPorts options

CurrPorts v2.10 options

In addition to HTML report generation, CurrPorts also offers extensive command line and logging options, as described on its download page. Nirsoft has published quite a few additional networking tools, including a packet sniffer, WLAN detector, and graphical tools for ping, DNS, whois, etc.

Recommended reading

If you found the content of this article helpful and want to expand your knowledge further, please consider buying a relevant book using the links below. Thanks!

TCP/IP Illustrated on Amazon TCP/IP Illustrated TCP/IP Protocol Suite on Amazon TCP/IP Protocol Suite

Guide to TCP/IP on Amazon Guide to TCP/IP Teach Yourself TCP/IP in 24 Hours on Amazon Teach Yourself TCP/IP

TCP/IP Network Administration on Amazon TCP/IP Network Administration TCP/IP Guide on Amazon TCP/IP Guide

Written by Doug Vitale

November 29, 2011 at 3:28 PM

%d bloggers like this: