A couple of tools we use frequently:
– Sysinternal’s TCPView
Wireshark is a must!
The Sysinternals toolkit is another excellent selection of utilities for security managers. It is also very valuable to be able to use these tools “live” from the internet. Simply use the address http://live.sysinternals.com/toolname.exe. This will get you the latest version of the tool and you can be sure it is not malware.
I also want to confirm that nmap is a must-have tool for scanning networks and finding open ports and listening services. You don’t know what’s happening on your network unless you listen (Wireshark) and scan (nmap). You can then use the Sysinternals tools (psexec for example to open a remote command shell) to investigate what you found with Wireshark and nmap.