Process & Port Analyzer logo

Process & Port Analyzer

User Guide

Process and Port Analyzer is a Windows tool for inspecting what's running on your computer and what it's doing on the network. It shows running processes, open network ports, active connections, failed sign-in attempts, live network packets, and lets you create firewall rules to block unwanted traffic.

Contents
  1. Getting Started
  2. Processes
  3. Listening
  4. Connections
  5. Failed Logins
  6. Sniffer
  7. Firewall
  8. Creating a Firewall Rule
  9. Tips

1. Getting Started

Administrator rights are required. The app asks for elevation when it starts — click Yes at the Windows prompt. Several features (failed logins, packet capture, firewall rules) only work when running as Administrator.

The status bar at the bottom shows whether you're running as ● Administrator or ○ User, along with a running count of items on the current tab.

The toolbar (top)

ButtonWhat it does
RefreshReloads the information on the current tab.
ExitCloses the app.
Search boxFilters the Processes tab as you type.
Light / DarkSwitches between the light and dark colour themes.

The sidebar (left)

Four summary cards show live totals: Running Processes, Listening Ports, Failed Logins, and Firewall Rules. They update automatically as you use each tab.

2. Processes

Lists every running process with its icon, name, process ID (PID), memory use, file path, architecture (32- or 64-bit), and whether it's a System or User process.

  • Use the controls above the list to filter:
    • Hide Protected / Show All — hide or include protected system processes.
    • System / User / 32-bit / 64-bit checkboxes — narrow the list by type.
    • Sort by dropdown — order by Name, PID, or Memory.
  • Type in the toolbar Search box to filter by name or path.
  • Click any column header to sort by that column; click again to reverse.
  • Double-click a process to see the modules (DLLs) it has loaded.

3. Listening

Shows processes that are listening for incoming connections, with the local address, port, owning process, and protocol (TCP/UDP).

  • Filter by protocol or use the search box above the list.
  • Right-click a row for:
    • Block listening port — opens the firewall dialog pre-filled to block that port.
    • Show details.
  • Double-click a row to view that process's loaded modules.

4. Connections

Shows all active network connections (TCP and UDP): the owning process, local and remote address/port, and the connection state (such as Established or Listen).

  • Filter by protocol and state, or use the search box.
  • Right-click a rowBlock connection to create a firewall rule for it.
  • Double-click a row to view that process's loaded modules.

5. Failed Logins

Lists failed sign-in attempts recorded by Windows (requires Administrator).

1
Enter how many hours back to look (default is 24).
2
Optionally tick Remote only to hide local attempts.
3
Click Load.

Each entry shows the time, user name, source IP, logon type, whether it was local or remote, and the related process ID.

6. Sniffer

Captures live network packets on a chosen network address (requires Administrator).

1
Pick your Local IP from the dropdown.
2
Choose a protocol (ALL, TCP, UDP, or ICMP).
3
Optionally enter source/destination IPs and ports to capture only matching traffic.
4
Tick Dump packets to file if you want a saved record.
5
Click Start. Captured packets stream into the colour-coded log. Click Stop to end.

If file dumping is on, packets are saved to a dumps folder next to the app (dump.log). When you start a new capture, any previous dump is kept by being renamed with a date and time stamp.

Note: Packet capture reads raw network traffic and is intended for troubleshooting and security analysis on systems you own or are authorised to monitor.

7. Firewall

Lists the firewall rules created by this app and lets you manage them.

  • Click Add Rule… to open the rule dialog (see below).
  • Use the search box to find a rule by name.
  • Right-click a rule to Enable, Disable, or Delete it.

Only rules created by Process and Port Analyzer are shown here, so you won't accidentally change unrelated Windows rules.

8. Creating a Firewall Rule

The rule dialog opens from Firewall → Add Rule…, or pre-filled from a Block listening port / Block connection action.

  • Rule name — a name to identify the rule (required).
  • DirectionIN (incoming) or OUT (outgoing).
  • ActionBLOCK or ALLOW.
  • Protocol — TCP, UDP, ICMP, or ANY.
  • Local / Remote ports — leave blank for any, or enter:
    • a single port: 443
    • a list: 80,443
    • a range: 8000-8100
    • (Ports apply only to TCP and UDP.)
  • Local / Remote addresses — type an address and click Add. Accepted formats:
    • a single IP: 192.168.1.10 or fe80::1
    • a subnet: 192.168.1.0/24 or 192.168.1.0/255.255.255.0
    • a range: 192.168.1.1-192.168.1.50
    • a keyword: LocalSubnet, DNS, DHCP, Gateway, Internet, and others
    • Leave the list empty to mean any address. Invalid entries are rejected with a message.

Click Add Rule to save. The new rule appears on the Firewall tab.

9. Tips

  • Colours and badges help you scan quickly — for example, protected system processes, established connections, and allow/block firewall rules are tinted differently, and labels like System, User, ALLOW, and BLOCK appear as badges.
  • Click any column header on any list to sort; click again to reverse the order.
  • Use Refresh any time to get the latest information for the current tab.
← Back to Process & Port Analyzer Changelog →