Interpreting tcpview output

[Leslie]

I've recently become aware of the tcpview utility. It seems to me that, when
it runs, it tells me information which could be very useful to me for
security purposes. However, I don't have sufficient knowledge to understand
what it all means.

I would like to ask some questions about it, but don't want to bother people
here unnecessarily.

So I only ask now whether this would be an appropriate newsgroup in which to
ask such questions.

 

[Guest]

I want to know " How can it be useful, if you can understand or interpret it?"

To keep your PC performing at its peak, don't load it up with useless
applications that only slow it down, for no real reason.

 

[Touch Base]

http://www.winternals.com/documentation/userguides/TCPView_Professional_Users_Guide.pdf

 

[Leslie]

Thank you for the reference. I had already found and read that, but it
didn't answer the questions I have.

For instance, if I restrict tcpview to showing established connections only,
what I usually see, apart from occasional references to IP addresses (which
I can check by using WHOIS), is a series of connections which are
symmetrical. One process shows a local port number "x" and a remote port
number "y", while another process shows a local port number "y" and a remote
port number "x". Each port number is one on my machine. Why is that
happening?