One set of tools that I’ve found invaluable is Microsoft’s Windows Sysinternals. They include a large number of utilities for all areas of system administration. I’d like to focus on just one of those utilities, TCPView for Windows v2.53.
TCPView is a Windows program that will show you detailed listings of all TCP and UDP endpoints on your system, including the local and remote addresses and state of TCP connections. On Windows Server 2008, Vista, NT, 2000 and XP TCPView also reports the name of the process that owns the endpoint. TCPView provides a more informative and conveniently presented subset of the Netstat program that ships with Windows. The TCPView download includes Tcpvcon, a command-line version with the same functionality.
While netstat will work in a pinch, TCPView is really nice in that it will show you connections just opened (highlighted in green) and connections that are just closed (highlighted in red). It also shows you the process that is making or attempting to make the connection.
If your using a non-GUI connection or console you can use tcpvcon.exe to dump the same output to a console. This can be very useful if you are remotely administrating a server over a telnet/SSH connection.