What do these remote addresses, local addresses, and states in TCPview mean

tcp

I have been using TCPview lately to see what connections are made by different processes on my PC. Would somebody please explain what the following situations mean? Thanks.

  1. TCP
    Local Address: PC1234567890:3883
    Remote Address: PC1234567890:0
    State: LISTENING

  2. TCP
    Local Address: PC1234567890:4696
    Remote Address: localhost:4697
    State: ESTABLISHED

    Local Address: PC1234567890:4697
    Remote Address: localhost:4696
    State: ESTABLISHED

  3. UDP
    Local Address: PC1234567890:1234
    Remote Address: .
    State:

Best Answer

In general, Local Address is the IP Address/hostname of the network interface on which the connection is made. Remote address is the IP Address/hostname of the remote computer to which the connection is connected. The state is the current state of the connection.

  1. This is describing a TCP server which is listening on port 3883. The TCP connection is not connected (LISTENING).
  2. This is describing a connected TCP connection (ESTABLISHED). The connection is actually between two sockets on your computer. One end of the connection is using the PC1234567890 interface on 4697 and the other end is using the loopback interface(localhost) on port 4696.
  3. This is describing a UDP client which is listening for UDP traffic on port 1234. UDP is stateless/connectionless, so there is no state.

Just as a note, if you would like to toggle between viewing IP Addresses and hostnames in TCPView you can uncheck the Resolve Addresses option from the Options Menu

Related Question