Using TCPView to understand network activity: Advice?

Discussion in 'privacy general' started by Thelps, Dec 2, 2017.

  1. Thelps

    Thelps Registered Member

    Apr 1, 2012
    Hi all,

    Using SysInternals' TCPView to get an idea of what programs are communicating with the network on Windows 10.

    Any tips as to how to minimise unsolicited network traffic both to and from my Windows 10 machine?

    Also, why do many programs sit in the LISTENING state with a Local Address of and [0:0:0:0:0:0:0:0]?
  2. Rasheed187

    Rasheed187 Registered Member

    Jul 10, 2004
    The Netherlands
    Normally speaking, Windows Firewall should block all incoming and outgoing connections. Only certain apps like the browser and certain system processes like svchost.exe should be able to make outbound connections. I'm not a firewall expert, but I believe the apps that are in the "LISTENING state" don't actually connect out, that's why they have a Local Address of I assume they are all system processes, at least that's the case on my system.
  3. mirimir

    mirimir Registered Member

    Oct 1, 2011
    Ummm, because they're listening ;)

    I'm pretty sure that, for IP addresses, zero always means *. So they're listening on all of the device's addresses.
  4. RockLobster

    RockLobster Registered Member

    Nov 8, 2007
    Listening means waiting for an incomming connection. is unspecified address you should only see that if your computer is not connected to the internet so has no IP address.
    Unless, you are running a server application, in which case means it is listening for incomming connections on all IP addresses assigned to your machine, for example the internet and a LAN at the same time.
    Last edited: Dec 2, 2017
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.