Has your Internet connection become slower than it should be? There may be a chance that you have some malware, spyware, or adware that is using your Internet connection in the background without your knowledge. Here’s how to see what’s going on under the hood.
It’s worth noting that most third-party firewalls will probably give you this same type of information as well as block things that are trying to connect… unless the applications managed to add an exclusion already. Better check anyway.
How to Check What Your Computer is Connecting To
So, how do you find out what the problem is? There is an easy method using the netstat command from a command prompt window. This works with Windows 8, 7, Vista, and XP. If you’re still using XP, make sure you are running at least Service Pack 2, and just assume that somebody already hacked your computer because your operating system is now a teenager.
We will use the netstat command to generate a list of everything that has made an Internet connection in a specified amount of time. To use the netstat command, you must run the command prompt window as administrator.
If you are using Windows 8.x you can right-click on the Start Button and choose the Command Prompt (Admin) option.
If you are on Windows 7 or Vista, open the Start menu and enter “cmd.exe” in the Search box. When the results display, right-click on cmd.exe and select Run as administrator from the popup menu.
If the User Account Control dialog box displays, click Yes to continue. Note: You may not see this dialog box, depending on your User Account Control settings.
At the command prompt, type the following command and press Enter.
netstat -abf 5 > activity.txt
The –a option shows all connections and listening ports, the –b option shows you what application is making the connection, and the –f option displays the full DNS name for each connection option for easier understanding of where the connections are being made to. You can also use the –n option if you wish to only display the IP address. The 5 option will poll every 5 seconds for connections to make it more easy to track what is going on, and the results are then piped into the activity.txt file.
Wait about two minutes and then press Ctrl + C to stop the recording of data.
Once you’ve finished recording data, you can simply open the activity.txt file in your favorite editor to see the results, or you can type activity.txt at the command line to open it in Notepad.
The resulting file will list all processes on your computer (browsers, IM clients, email programs, etc.) that have made an internet connection in the last two minutes, or however long you waited before pressing Ctrl + C. It also lists which processes connected to which websites.
If you see process names or website addresses with which you are not familiar, you can search for “what is (name of unknown process)” in Google and see what it is. It may be a system function you don’t know about or a function of one of your running programs. However, if it seems like a bad site, you can use Google again to find out how to get rid of it.
Using TCPView to Check What Your PC is Connecting To
The excellent TCPView utility that comes in the SysInternals toolkit will let you quickly see exactly what processes are connecting to what resources on the Internet, and even let you end the process, close the connection, or do a quick Whois lookup to give you more information. It’s definitely our first choice when it comes to diagnosing problems or just trying to get more information about your computer.
Note: When you first load TCPView, you might see a ton of connections from [System Process] to all sorts of Internet addresses, but this usually isn’t a problem. If all of the connections are in the TIME_WAIT state, that means that the connection is being closed, and there isn’t a process to assign the connection to, so they should up as assigned to PID 0 since there’s no PID to assign it to.
This usually happens when you load up TCPView after having connected to a bunch of things, but it should go away after all the connections close and you keep TCPView open.
Using CurrPorts to Check What Your PC is Connecting To
You can also use a free tool, called CurrPorts, to display a list of all currently opened TCP/IP and UDP ports on your local computer. It is a portable program and doesn’t need to be installed. To use it, extract the .zip file you downloaded and run cports.exe.
For each port that CurrPorts lists, information about the process that opened the port is displayed. You can select connections and close them, copy a port’s information to the clipboard or save it to an HTML file, an XML file, or a tab-delimited text file. You can reorder the columns displayed on the CurrPorts main window and in the files you save. To sort the list by a specific column, simply click on the header of that column.
CurrPorts runs under Windows NT, Windows 2000, Windows XP, Windows Server 2003, Windows Server 2008, Windows Vista, Windows 7, and 8, and probably 9. There is a separate download of CurrPorts for 64-bit versions of Windows. You can find more information about CurrPorts and how to use it on the website.
Secret Squirrel by akumath