UGTS Document #51 - Last Modified: 8/29/2015 3:23 PM
Troubleshooting Network Connections

If a network connection between two Windows boxes is failing completely or partially, there are two main tools you can use: Process Explorer and Network Monitor.

There was also a utility produced by SysInternals called TCPView, but this is not recommended because it shows all the network connections for the machine and it has no way to filter or sort. On a busy server where hundreds of connections are being made every minute, it is therefore impossible to watch a particular connection - the view keeps moving, and the socket you want to see will be displaced by other active connections.

Process Explorer can show all the TCP/IP connections for a process if you right click the process, get Properties, and go to the TCP/IP tab. It will show listening, connected, and connecting sockets. Sometimes this is enough to see what is going on. If you need more detail, Network Monitor can show all the packets sent between the two machines.

If you run the two utilities side by side, you can see both the sockets where a process is waiting for communication, and the actual traffic. If a process is listening on a socket, and packets are being transmitted to that socket, but the network monitor at the destination does not show the packets received, then there is a firewall issue between the two machines.

If your firewall is the issue, it may be necessary to enable syslogging on the firewall and check for logged activity to see what is going on when the connection is denied. The PRTG Network Monitor has a free version supporting up to 10 sensors that can view and accumulate syslog entries, and is a very good way to collect syslogs.