What do these remote addresses, local addresses, and states in TCPview mean?
Andrew Mclaughlin 
I have been using TCPview lately to see what connections are made by different processes on my PC. Would somebody please explain what the following situations mean? Thanks.
TCP
Local Address: PC1234567890:3883
Remote Address: PC1234567890:0
State: LISTENINGTCP
Local Address: PC1234567890:4696
Remote Address: localhost:4697
State: ESTABLISHEDLocal Address: PC1234567890:4697
Remote Address: localhost:4696
State: ESTABLISHEDUDP
Local Address: PC1234567890:1234
Remote Address: .
State:
2 Answers
In general, Local Address is the IP Address/hostname of the network interface on which the connection is made. Remote address is the IP Address/hostname of the remote computer to which the connection is connected. The state is the current state of the connection.
- This is describing a TCP server which is listening on port 3883. The TCP connection is not connected (
LISTENING). - This is describing a connected TCP connection (
ESTABLISHED). The connection is actually between two sockets on your computer. One end of the connection is using the PC1234567890 interface on 4697 and the other end is using the loopback interface(localhost) on port 4696. - This is describing a UDP client which is listening for UDP traffic on port 1234. UDP is stateless/connectionless, so there is no state.
Just as a note, if you would like to toggle between viewing IP Addresses and hostnames in TCPView you can uncheck the Resolve Addresses option from the Options Menu
TCP "Listening" is shown for a program on your computer that is waiting for some other program to connect and send data. UDP is shown for a program that waits for a program to send data TCP Established is a connection between two programs. The numbers behind the colon are port numbers and usually mean a specific program that is involved. "well known" port numbers are assigned and can be seen here
