


LiveTcpUdpWatch v1.16
Copyright (c) 2018 - 2019 Nir Sofer
Web site: http://www.nirsoft.net



Description
===========

LiveTcpUdpWatch is a tool for Windows that displays live information
about all TCP and UDP activity on your system. Every line in the main
table of LiveTcpUdpWatch displays the protocol (TCP/UDP/IPv4/IPv6),
local/remote IP address, local/remote port, number of sent/received
bytes, number of sent/received packets, connect/disconnect time (For TCP
only), and the process (ID and path) responsible for this activity.



LiveTcpUdpWatch vs CurrPorts vs NetworkTrafficView
==================================================

This tool may look very similar to other tools of NirSoft - CurrPorts and
NetworkTrafficView, but every tool behave differently and uses different
technique to extract the network information.
* CurrPorts displays the current table of active TCP connections and
  TCP/UDP listening ports. but this technique has some disadvantages, for
  example, if UDP packets are sent from your computer to remote network
  address, you won't see it with CurrPorts, because with UDP there is no
  really a connection and the UDP table contains only listening UDP
  ports. The advantage of CurrPorts is the ability to use it without
  elevation (Run As Administrator).
* NetworkTrafficView uses network sniffing technique - It analyzes
  every packet sent/received by your network card and displays extensive
  summary according to the display mode you choose. The disadvantages of
  this tool: You have to choose a network card and capture method for
  activating the network sniffer.
* LiveTcpUdpWatch uses event tracing API to get live information from
  Windows Kernel about every TCP/UDP packet sent/received on your system.
  As opposed to CurrPorts, it captures all UDP activity with process
  information, but without the need of using a network sniffer.



System Requirements
===================

This tool works on any version of Windows, starting from Windows XP and
up to Windows 10. Both 32-bit and 64-bit versions of Windows are
supported. On Windows Vista and later this tool requires to run as
Administrator (elevation).



Versions History
================


* Version 1.16:
  o Added 'Put Icon On Tray' option.

* Version 1.15:
  o Added option to capture only the specified TCP/UDP ports (In
    'Advanced Options' window - F9).

* Version 1.13:
  o Added 'Save File Encoding' option.

* Version 1.12:
  o Added 'Sort On Every Update' option.

* Version 1.11:
  o Added 'Add Header Line To CSV/Tab-Delimited File' option (Turned
    on by default).
  o Added 'Always On Top' option.

* Version 1.10:
  o Added command-line options to save the report of LiveTcpUdpWatch
    into a file without displaying any user interface.

* Version 1.07:
  o Added 'Save All Items' option (Shift+Ctrl+S).

* Version 1.06:
  o Added option to choose another font (name and size) to display in
    the main window.

* Version 1.05:
  o Added new option: 'Exclude Localhost Addresses';
  o Added new option: 'Automatically Scroll Down On New Items'

* Version 1.00 - First release.



Start Using LiveTcpUdpWatch
===========================

LiveTcpUdpWatch doesn't require any installation process or additional
DLL files. In order to start using it, simply run the executable file -
LiveTcpUdpWatch.exe

After running LiveTcpUdpWatch, it immediately starts display any TCP/UDP
activity on your system. You can choose from the Options menu which
protocols you want to capture (TCP, UDP, IPv4, IPv6). You can also press
Ctrl+X (Clear All) to clear all accumulated data and start again with
empty table. If you want to temporary stop the network tracing , simply
uncheck the 'Capture Network Data' option or press F2.

If you want to see only the active TCP connections, simply turn on the
'Remove Closed TCP Connections' option (Under the Options menu).



Merge if only local port is different
=====================================

If you want to decrease the number of lines displayed by LiveTcpUdpWatch,
you can activate the following options: 'Merge TCP if only local port is
different', 'Merge UDP if only local port is different' (Under the
Options menu).
For example: If your Web browser creates 5 TCP connections to the same IP
address and the same port (80 or 443) - instead of 5 lines, you'll get
the summary of all 5 connections in one line and the 'Connections Count'
column will display '5'.

For UDP, it's even more significant, because every DNS query is sent to
the same remote address and port (53), but different local port, so
activating the 'Merge UDP' option will put all DNS activity in one line
instead of many lines.



Command-Line Options
====================



/CaptureTime <Milliseconds>
Specifies the capture time in milliseconds for the save command-line
options (/stext, /stab, /scomma, and so on...)
The default is 10000 milliseconds (10 seconds).

/cfg <Filename>
Start LiveTcpUdpWatch with the specified configuration file. For example:
LiveTcpUdpWatch.exe /cfg "c:\config\ltuw.cfg"
LiveTcpUdpWatch.exe /cfg "%AppData%\LiveTcpUdpWatch.cfg"

/stext <Filename>
Save the report of LiveTcpUdpWatch into a simple text file.

/stab <Filename>
Save the report of LiveTcpUdpWatch into a tab-delimited text file.

/scomma <Filename>
Save the report of LiveTcpUdpWatch into a comma-delimited text file (csv).

/shtml <Filename>
Save the report of LiveTcpUdpWatch into HTML file (Horizontal).

/sverhtml <Filename>
Save the report of LiveTcpUdpWatch into HTML file (Vertical).

/sxml <Filename>
Save the report of LiveTcpUdpWatch into XML file.

/sjson <Filename>
Save the report of LiveTcpUdpWatch into JSON file.

/sort <column>
This command-line option can be used with other save options for sorting
by the desired column. The <column> parameter can specify the column
index (0 for the first column, 1 for the second column, and so on) or the
name of the column, like "Local Address" and "Remote Address". You can
specify the '~' prefix character (e.g: "~Received Bytes") if you want to
sort in descending order. You can put multiple /sort in the command-line
if you want to sort by multiple columns.





Translating LiveTcpUdpWatch to other languages
==============================================

In order to translate LiveTcpUdpWatch to other language, follow the
instructions below:
1. Run LiveTcpUdpWatch with /savelangfile parameter:
   LiveTcpUdpWatch.exe /savelangfile
   A file named LiveTcpUdpWatch_lng.ini will be created in the folder of
   LiveTcpUdpWatch utility.
2. Open the created language file in Notepad or in any other text
   editor.
3. Translate all string entries to the desired language. Optionally,
   you can also add your name and/or a link to your Web site.
   (TranslatorName and TranslatorURL values) If you add this information,
   it'll be used in the 'About' window.
4. After you finish the translation, Run LiveTcpUdpWatch, and all
   translated strings will be loaded from the language file.
   If you want to run LiveTcpUdpWatch without the translation, simply
   rename the language file, or move it to another folder.



License
=======

This utility is released as freeware. You are allowed to freely
distribute this utility via floppy disk, CD-ROM, Internet, or in any
other way, as long as you don't charge anything for this and you don't
sell it or distribute it as a part of commercial product. If you
distribute this utility, you must include all files in the distribution
package, without any modification !



Disclaimer
==========

The software is provided "AS IS" without any warranty, either expressed
or implied, including, but not limited to, the implied warranties of
merchantability and fitness for a particular purpose. The author will not
be liable for any special, incidental, consequential or indirect damages
due to loss of data or any other reason.



Feedback
========

If you have any problem, suggestion, comment, or you found a bug in my
utility, you can send a message to nirsofer@yahoo.com
