How do I log outgoing TCP connections from my computer?

I'm trying to track down a problem where something is causing my active directory account to get locked out. I think that I could figure it out if I can log all connections to 2 specific servers.

I want to log all outgoing TCP connections (maybe UDP also) to servers X and Y along with what process initiated the connection (PID, EXE path, & full command used to start the process). How do I do that?

I tried TCPView, but that only shows me current TCP connections. I want connections from the past 15 minutes, even if they've already died.

Solution 1:

I would reccomend using Process Monitor. It is made by the same people who made TCPView but it shows a lot more. It also allows you to log the information to disk so you can look at it later.

Note: The program will need to be open and running for it to record the logs, but if you set it up to save the logs to disk as it records them you can always review them later.

Solution 2:

Wireshark is a good place to start. Its a pretty versatile, and widely used tool. One shortfall, however, is that the process information never makes it past the NIC, meaning that it might not be suitable for your specific asking. Check out here for a few suggestions on what can be done. Another tool which might help is netmon direct from M$.