I have a situation where my applicationhas its established TCP port closed by an external entity. I am looking for a utility to monitor the established port and when it gets closed - to capture the identity of the process responsible for closing it. It only happens randomly 1-2 times per week.Wireshark can not do this. I only see a Connection Reset on the port. It does not identify the process which closed it. TCPMon only shows real-time port activity - so I would have to be lucky enough to see it happen real time - not possible.Can anyone recommend a utility capable of capturing the process nameresponsible for closing a port?ThanksJDtechsupport

the latest two versions of netmon link packet traces to PIDs. I would also consider using procmon. there is a button at the top to filter on network activity.Netmon:http://support.microsoft.com/kb/933741Procmon:http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx Mike Crowley A+, Network+, Security+, MCT, MCSE, MCTS, MCITP: Enterprise Administrator / Messaging Administrator