, the maker of EventSentry, offers a set of free tools as part of the SysAdmin Tools. This pack of tools contains a graphical tool for monitoring network connections called IPMon+. IPMon+ is GUI version of IPMon and includes additional capabilities beyond the command-line version (ipmon.exe).

To install IPMon+, you will need to download the entire pack of SysAdmin Tools (v2.4.1.0 at the time of writing this post). Once you have downloaded the free tools, install them via the downloaded .exe. To open up IPMon+, you can search via the Windows Start menu or go to C:\Program Files (x86)\essysadmintools\ipmonplus.exe and run it directly.

Dialog box

Dialog box

If you do not have it already (Wireshark users can skip this step), then you will also need a compatible network capturing driver installed. IPMon+ supports both the WinPcap (Windows Packet Capture) Network Driver as well as the newer Npcap driver (needs to be installed in WinPcap-compatible mode)

When you first open IPMon+ you are presented with a mostly blank dialog. To start capturing data, first select an interface by clicking the Interfaces button in the Control section of the dialog.

Once you have selected the appropriate interface you can start capturing network traffic by clicking the Start button. As soon as network traffic is picked up by the driver, IPMon+ will begin displaying all the relevant information you will need. Additionally, you have several ways to sort and filter this information for your needs.

For example, if you wanted to sort by time and filter by only TCP connections, you would see the following (as an example):

Network capture output

Network capture output

Interestingly, you can select the Threat Intelligence checkbox in the control section, which will be display a new column in the output when you start to capture network traffic. This checkbox enables IPMon+ to check IP addresses against, an open-source intelligence platform.

IPMon+ uses, an open source threat intelligence platform

IPMon+ uses, an open source threat intelligence platform

Even if you do not enable the Threat Intelligence option, you can still select a specific IP and right-click it. This brings up an option to View threat intel on x.x.x.x for the specific IP address you selected:

Viewing thread intel

Viewing thread intel

As I mentioned before, you also have the ability to filter your captured results. You can filter by UDP, TCP, ICMP, and ARP protocols. Additionally, you can filter by specific ports or port ranges.

With IPMon+, you get access to the following data columns in a sortable data grid view:

  1. Time
  2. Protocol
  3. Source Hostname
  4. Source IP
  5. Source Port
  6. Dir (direction)
  7. Destination Hostname
  8. Destination IP
  9. Destination Port
  10. Bytes
  11. Packets (count)
  12. KB/sec
  13. Threat intel (optional)

IPMon+ also supports copying data to another application for additional analytics. Simply select one or more row and press CTRL+C to copy the traffic data to the clipboard which can then be pasted into another application like Excel.

If you need to quickly grab and visualize network traffic on a workstation or server, IPMon+ is a great choice. It's fast and extremely easy to use. If you need more detailed information, for example viewing the packets coming across the wire, you will need to use another tool like Wireshark.

The SysAdmin Tools, including IPMon+, are a great set of free tools that help with troubleshooting applications and services on Windows workstations and servers. Their documentation is decent, but the command-line help is outstanding.

IPMon+ adds an easy-to-use GUI wrapper to the IPMon command-line utility, with the added benefit of built-in threat intelligence using the open-source threat intelligence feed. This is by far the best feature about this product, and it's extremely helpful when you're attempting to determine potentially suspicious activity on a system.

Subscribe to 4sysops newsletter!

Overall, IPMon+ and the SysAdmin Tools are most definitely a toolset you should keep around for the just-in-case moments. I myself am throwing it on my personal thumb drive.


Leave a reply

Your email address will not be published.


© 4sysops 2006 - 2023


Please ask IT administration questions in the forums. Any other messages are welcome.


Log in with your credentials


Forgot your details?

Create Account