You can see your system internet (TCP/IP) network connections status on this display:

The "Network Connections " tab shows the detailed information on a condition of the TCP/IP connections from or to your computer system.

UDP and TCP

In general, differences in how UDP and TCP deliver data are similar to the differences between a telephone call and a postcard. TCP works like a telephone call by verifying that the destination is available and ready to communicate. UDP works like a postcard—messages are small and delivery is likely, but not always assured.

UDP is typically used by programs that transmit small amounts of data at one time or have real-time requirements. In these situations, the low overhead and multicasting capabilities of UDP (for example, one datagram, many recipients) are better suited than TCP.

UDP contrasts directly with the services and features provided by TCP. The following table compares differences in how TCP/IP communication is handled depending on whether UDP or TCP is used for transporting data.

Both UDP and TCP use ports to identify communications for each TCP/IP program.

Do not resolve names - enables or disables transformation of computers addresses and numbers of ports to symbolic names. While IP is designed to work with the 32-bit IP addresses of the source and the destination hosts, computers are used by people who are not very good at using and remembering the IP addresses of the computers with which they want to communicate. People are much better at using and remembering names rather than IP addresses.

Show TCP traffic only - enables or disables display UDP traffic. If the switch is checked, only TCP connections will be shown. Otherwise TCP and UDP connections are shown.

Table shows detailed information about your TCP and UDP connections:

Direction - specifies the initiator of connection. If the initiator of connection is your computer, connection is proceeding as outgoing connection. If remote computer initiated connection to the your system, it is the incoming traffic for your computer.

Remote host - shows remote computer name or IP address.

Service - shows network service name or port number.

TCP ports:

TCP ports use a specific program port for delivery of data sent by using Transmission Control Protocol (TCP). TCP ports are more complex and operate differently from UDP ports.

While a UDP port operates as a single message queue and the network endpoint for UDP-based communication, the final endpoint for all TCP communication is a unique connection. Each TCP connection is uniquely identified by dual endpoints.

Each single TCP server port is capable of offering shared access to multiple connections because all TCP connections are uniquely identified by two pairs of IP address and TCP ports (one address/port pairing for each connected host).

The server side of each program that uses TCP ports listens for messages arriving on their well-known port number. All TCP server port numbers less than 1,024 (and some higher numbers) are reserved and registered by the Internet Assigned Numbers Authority (IANA).

The following table is a partial list of some well-known TCP server ports used by standard TCP-based programs.

For an updated, complete list of all currently registered well-known TCP ports, see the Port Numbers Web site.

UDP ports

UDP ports provide a location for sending and receiving UDP messages. A UDP port functions as a single message queue for receiving all datagrams intended for the program specified by each protocol port number. This means UDP-based programs can receive more than one message at a time.

The server side of each program that uses UDP listens for messages arriving on their well-known port number. All UDP server port numbers less than 1,024 (and some higher numbers) are reserved and registered by the Internet Assigned Numbers Authority (IANA).

Each UDP server port is identified by a reserved or well-known port number. The following table shows a partial list of well-known UDP server port numbers that are used by standard UDP-based programs.

For an updated, complete list of all currently registered well-known UDP ports, see the Port Numbers Web site.

Protocol - is a set rules and commands by means of which computers can incorporate among themselves for reception or data transmission.

Transmission Control Protocol (TCP) is a required TCP/IP standard defined in RFC 793, "Transmission Control Protocol (TCP)," that provides a reliable, connection-oriented packet delivery service. The Transmission Control Protocol:

How TCP works

TCP is based on point-to-point communication between two network hosts. TCP receives data from programs and processes this data as a stream of bytes. Bytes are grouped into segments that TCP then numbers and sequences for delivery.

Before two TCP hosts can exchange data, they must first establish a session with each other. A TCP session is initialized through a process known as a three-way handshake. This process synchronizes sequence numbers and provides control information that is needed to establish a virtual connection between both hosts.

Once the initial three-way handshake completes, segments are sent and acknowledged in a sequential manner between both the sending and receiving hosts. A similar handshake process is used by TCP before closing a connection to verify that both hosts are finished sending and receiving all data.

User Datagram Protocol (UDP)

The User Datagram Protocol (UDP) is a TCP/IP standard defined in RFC 768, "User Datagram Protocol (UDP)." UDP is used by some programs instead of TCP for fast, lightweight, unreliable transportation of data between TCP/IP hosts.

UDP provides a connectionless datagram service that offers best-effort delivery, which means that UDP does not guarantee delivery or verify sequencing for any datagrams. A source host that needs reliable communication must use either TCP or a program that provides its own sequencing and acknowledgment services.

Status - shows TCP Connection States.

State Explanation

SYN_SEND Indicates active open.

SYN_RECEIVED Server just received SYN from the client.

ESTABLISHED Client received server's SYN and session is established.

LISTEN Server is ready to accept connection.

FIN_WAIT_1 Indicates active close.

TIMED_WAIT Client enters this state after active close.

CLOSE_WAIT Indicates passive close. Server just received first FIN from a client.

FIN_WAIT_2 Client just received acknowledgment of its first FIN from the server.

LAST_ACK Server is in this state when it sends its own FIN.

CLOSED Server received ACK from client and connection is closed.

As an example, consider the following scenario:

A socket application has been terminated, but Netstat reports the socket in a CLOSE_WAIT state. This could indicate that the client properly closed the connection (FIN has been sent), but the server still has its socket open. This could be the result of one instance (among all threads or processes) of the socket not being closed.

NOTE: It is normal to have a socket in the TIME_WAIT state for a long period of time. The time is specified in RFC793 as twice the Maximum Segment Lifetime (MSL). MSL is specified to be 2 minutes. So, a socket could be in a TIME_WAIT state for as long as 4 minutes. Some systems implement different values (less than 2 minutes) for the MSL.

A connection progresses through a series of states during its lifetime. The states are: LISTEN, SYN-SENT, SYN-RECEIVED, ESTABLISHED, FIN-WAIT-1, FIN-WAIT-2, CLOSE-WAIT, CLOSING, LAST-ACK, TIME-WAIT, and the fictional state CLOSED. CLOSED is fictional because it represents the state when there is no TCB, and therefore, no connection. Briefly the meanings of the states are:

LISTEN - represents waiting for a connection request from any remote TCP and port.

SYN-SENT - represents waiting for a matching connection request after having sent a connection request.

SYN-RECEIVED - represents waiting for a confirming connection request acknowledgment after having both received and sent a connection request.

ESTABLISHED - represents an open connection, data received can be delivered to the user. The normal state for the data transfer phase

of the connection.

FIN-WAIT-1 - represents waiting for a connection termination request from the remote TCP, or an acknowledgment of the connection

termination request previously sent.

FIN-WAIT-2 - represents waiting for a connection termination request from the remote TCP.

CLOSE-WAIT - represents waiting for a connection termination request from the local user.

CLOSING - represents waiting for a connection termination request acknowledgment from the remote TCP.

LAST-ACK - represents waiting for an acknowledgment of the connection termination request previously sent to the remote TCP (which includes an acknowledgment of its connection termination request).

TIME-WAIT - represents waiting for enough time to pass to be sure the remote TCP received the acknowledgment of its connection

termination request.

CLOSED - represents no connection state at all.

Process - shows local process name, which works with this network connection. Process name only available on Windows XP/2003 systems and above.

Connections Allocation chart shows distribution of connections between the remote computers, which have established connection with your computer or your computer have established connection with remote computers.