About TCP View

The story behind one of Windows’ most trusted network monitoring utilities and the independent resource we built around it.

What Is TCP View?

TCP View is a free Windows utility that gives you a live, real-time look at every TCP and UDP connection on your system. It shows which programs are communicating over your network, what remote addresses they connect to, and the current state of each connection. If you have ever wanted to know exactly what your computer is doing on the network at any given moment, TCP View answers that question in seconds.

Built by Mark Russinovich as part of the Microsoft Sysinternals suite, TCP View replaces the old command-line netstat approach with a clean graphical interface. Connections appear color-coded: green for new, red for recently closed, and yellow for state changes. You can sort by process, protocol, or port, and close suspicious connections with a right-click.

v4.19 Current Version

~1.5 MB Download Size

Free License

History and Development

TCP View has been around for over two decades, evolving alongside Windows itself. Here is a look at the key moments in its history.

1998

Mark Russinovich releases the first version of TCPView as part of his growing collection of Windows system utilities under the Sysinternals brand. The tool fills a gap that netstat left open: a real-time, visual way to inspect network connections.

2006

Microsoft acquires Sysinternals, bringing TCPView and dozens of other tools under the Microsoft umbrella. Russinovich joins Microsoft as a Technical Fellow, and the Sysinternals tools gain official backing and wider distribution.

2010s

Ongoing updates add IPv6 support (TCPv6 and UDPv6 protocols), sent/received packet counters, and improved process identification. The tool keeps pace with new Windows versions without losing its lightweight nature.

2023

Version 4.19 ships with full Windows 11 compatibility, continued refinements to the UI, and maintained support for both 32-bit and 64-bit builds. The bundled Tcpvcon command-line tool also receives updates.

What TCP View Does

At its core, TCP View maps every active network connection on your Windows machine to the process that owns it. Here is what you get when you open the tool:

Real-time listing of all TCP and UDP endpoints, updated every second by default
Color-coded rows that make it easy to spot new connections (green), closed ones (red), and state changes (yellow)
Process name and PID for each connection, so you know exactly which program is responsible
Local and remote address display with optional DNS name resolution
Right-click options to close connections or terminate processes directly
Built-in Whois lookup for investigating remote IP addresses
Export and save connection data for later analysis
Tcpvcon, a companion command-line tool included in the same download for scripting and automation

System administrators use TCP View to track down rogue processes making unauthorized connections. Developers use it to debug client-server communication. Security professionals rely on it to spot suspicious outbound traffic. And regular power users use it to figure out why their bandwidth is suddenly maxed out.

The Developer

Mark Russinovich / Microsoft Sysinternals

Mark Russinovich created TCPView as part of the Sysinternals suite, a collection of advanced Windows utilities that has become standard issue for system administrators worldwide. After Microsoft acquired Sysinternals in 2006, Russinovich became a Microsoft Technical Fellow and currently serves as CTO of Microsoft Azure.

The Sysinternals suite includes other widely used tools like Process Explorer, Autoruns, Process Monitor, and PsExec. All of them share the same philosophy: give administrators deep visibility into what Windows is actually doing under the hood, in a portable and free package.

Why Users Rely on TCP View

TCP View occupies a specific niche that no built-in Windows tool covers as well. The Task Manager shows network usage per process, but not individual connections. The netstat command shows connections, but only as a static snapshot with no process names by default. TCP View combines both in a live, continuously updating interface.

IT professionals regularly recommend TCP View in forums and communities as the first thing to try when diagnosing network problems on Windows. It takes no installation, runs as a standalone executable, and shows results immediately. That combination of simplicity and depth keeps it relevant after more than 25 years.

Whether you are tracking down malware phoning home, figuring out which app is hogging your connection, or just curious about what your machine is doing on the network, TCP View gives you a clear answer in a few seconds.

About This Website

Independent Resource

TCP View (tcpview.net) is an independent, fan-made informational website. We are not affiliated with Microsoft, Sysinternals, or Mark Russinovich in any way.

We built this site to help users find accurate information about TCP View, including download links, setup guides, feature explanations, and frequently asked questions. All download links point to official Microsoft sources.

We do not host, modify, or redistribute the software. We respect the developers and their intellectual property, and we encourage all users to visit the official Microsoft Sysinternals page for the latest updates and documentation.

Our goal is simple: make it easier for people to discover TCP View, understand what it does, and start using it. If this site helped you find and set up the tool, we have done our job.

Questions or Feedback?

Have a question about this website or want to report an issue? Reach out to us through our contact page. For official TCP View support, visit the Microsoft Sysinternals documentation.