Port Explorer provides real-time port-traffic updates, but you can instruct Port Explorer to pause so that the view is static. Also, the tool saves all activity to a local file that you can view from the GUI. I placed Port Explorer under a heavy load that would typically cause Netstat to slow to a crawl or die, and without hesitation, Port Explorer showed every port as it started up.
Port Explorer's GUI and operations are customizable. You can instruct Port Explorer to show you the filename or the full file path of the program that owns the port. The latter option is beneficial if you're trying to ferret out an evasive program. The main screen contains several columns of information that you can sort with a mouse click at the top of the sort column, and you can drag and drop columns to different areas of the screen without stopping the program. Tabs across the top of the main screen provide several methods for viewing activity. You can customize colors, refresh rates, and even the language. Port Explorer offers eight language choices—it's the only port enumerator to do so besides Netstat. The tool can also display network statistics.
Port Explorer offers several diagnostics and forensics utilities to help track the remote computer. Tools include Ping, Lookup, Whois, Traceroute, and even a packet sniffer called Socket Spy. By typing in PIDs, you can instruct Socket Spy to capture packet information on local programs. You can also kill any process that Port Explorer sees. Without a doubt, Port Explorer is the fastest, most stable, and most impressive port enumerator that I tested.
OpenPorts
DiamondCS recently released a command-line utility called OpenPorts, which is free for home and educational use. The tool functions similarly to Fport; in fact, you can use an -fport command-line switch to mimic Fport's output. (OpenPorts also offers a -netstat output switch.) Interestingly, in its default mode, OpenPorts lists ports sorted by process name—a helpful feature that lets you see all the ports (TCP and UDP) associated with a particular program. Imagine the usefulness of this feature if your browser connects to a Web site that has links from 15 other sites and each one opens a different port. OpenPorts lists the process name (but not the path), local IP address and port number, remote IP address and port number, and state. The tool can also export to three file formats. Because it reports remote IP address, remote port number, and state, OpenPorts is a more effective free utility than Fport.
Socket Port Owner
FlyYa Software's Socket Port Owner ($14.99) barely beats Fport in the amount of useful information it offers. Its simple GUI reminds me of Active Network Monitor's main screen. Socket Port Owner shows PID, executable path, local and remote IP addresses and ports, and protocols. Strangely, the tool contains a column called Remote Location, which wrongly marked my private IP address as residing in Holland (although this glitch might be only in the demonstration version). Another column, called Listen, contains only a yes or no value—not exactly the best state information. Finally, Socket Port Owner offers no Help file.
TCPView
Sysinternals' TCPView (free) is a no-frills product. The utility runs as one executable and features a real-time GUI that displays the right information where you need to see it. It lists process name, PID, protocol, local and remote IP address and port number, and state. By clicking a process connection, you can obtain the full path location and take steps to kill the process. New activity is color-coded for easy viewing.
A free product that delivers the basics seems hard to beat. However, in my tests, TCPView suffered from stability problems on Windows NT Server 4.0. For example, when I chose to save screen results to a text file, the program disappeared or crashed. Also, in the past, I've experienced stability problems when I've installed TCPView on NT 4.0 workstations—namely, continuous blue screen problems starting immediately after the first reboot. However, the program is stable on newer Windows platforms. Sysinternals and Wininternals Software have released a lot of high-quality free and commercial software, but use this utility at your own risk on NT.
Initially, I was going to review TCPView Pro, which is TCPView's more feature-rich commercial cousin. However, an evaluation version wasn't available for download from the company's Web site. TCPView Pro appears to be available only as part of a large Administrator's Pak (i.e., one of five utilities).
X-NetStat Professional 4.0
Although Fresh Software's X-NetStat Professional 4.0 ($20) is quickly and easily installed, it has an awkward GUI. Determining how to access specific information is difficult. The top half of the GUI lists a few connections, along with the local and remote addresses, local and remote ports, protocol, and state (which this program calls Status). At the bottom of the GUI are several boxes, each containing an open port (some UDP, some TCP). To obtain general information about what program is using the port, you must right-click one of the boxes, then choose Port Information. The whole program is buggy and awkward. The only bright side of X-NetStat Professional is its ability to perform banner-grabbing on ports, which proved occasionally useful in port identification.
At Fresh Software's Web site, I found an announcement for the release of version 5.0 in November 2002. That version hasn't yet arrived. The site also bombarded me with a flurry of pop-up ads. I assume that the developers have abandoned the product and are seeking revenue in other directions.
Ahead of the Pack
When you're searching for malware, the ability to list open TCP/IP ports with their initiating programs or services is beneficial. Netstat is limited, but it's installed on every version of Windows, which makes it always available for troubleshooting. Unfortunately, it doesn't make connecting an open port to the source program easy. On Windows 2003 and XP computers, Netstat -ano will do in a pinch—you can compare the information it provides with Task Manager's PID list. On other Windows platforms, however, you need to look for alternatives. The strongest contender in this comparative review is DiamondCS, with its GUI utility Port Explorer and its command-line tool OpenPorts. Sysinternals' TCPView is a good backup choice, if you can avoid the stability problems I experienced on NT. Foundstone's Fport is a good alternative to OpenPorts in the command-line port-enumerator field. But if you perform network security or administration for a living, you should have a copy of Port Explorer.