LiveTcpUdpWatch – Displays live TCP and UDP Activity

LiveTcpUdpWatch is a tool for Windows that displays live information about all TCP and UDP activity on your system.

Every line displays the protocol , local/remote IP address, local/remote port, number of sent/received bytes, number of sent/received packets, connect/disconnect time (For TCP only), and the process (ID and path) responsible for this activity.

This tool may look very similar to other tools of NirSoft – CurrPorts and NetworkTrafficView, but every tool behave differently and uses different technique to extract the network information.

  • CurrPorts displays the current table of active TCP connections and TCP/UDP listening ports. but this technique has some disadvantages, for example, if UDP packets are sent from your computer to remote network address, you won’t see it with CurrPorts, because with UDP there is no really a connection and the UDP table contains only listening UDP ports. The advantage of CurrPorts is the ability to use it without elevation (Run As Administrator).
  • NetworkTrafficView uses network sniffing technique – It analyzes every packet sent/received by your network card and displays extensive summary according to the display mode you choose. The disadvantages of this tool: You have to choose a network card and capture method for activating the network sniffer.
  • LiveTcpUdpWatch uses event tracing API to get live information from Windows Kernel about every TCP/UDP packet sent/received on your system. As opposed to CurrPorts, it captures all UDP activity with process information, but without the need of using a network sniffer.

