Sooner or later, the question arises where the money goes on the Internet. Often, users need information that fully provides step-by-step instructions for obtaining information - what the traffic is used for when connecting to the Internet via the DRO. This technology will be useful in finding out the reason for the increased traffic consumption.
Instructions
Step 1
You need to run the command line cmd.exe. To do this, select the "Run" item from the "Start" menu.
Step 2
In the window that has opened, in the line with the blinking cursor, you need to type cmd.exe. Press enter. A standard interpreter window has opened: you can skip this step and go directly to the next step in the command line of your file manager, for example FAR. 111111
Step 3
Next, you need to type the network command netstat.exe /? (You can just netstat /?). You can start it by pressing the "Enter" key. As a result, we get a list with hints, namely, what result the network program can produce when operating certain keys. In this case, we will be interested in more detailed information about the activity of network ports and specific names of applications.
Step 4
Next, you need to check if some intruder is scanning our machine right now. Enter in the command line: Netstat -p tcp –n or Netstat -p tcp –n. Here it is required to draw your attention to the fact that the same external IP address is not repeated very often (the 1st IP is the local address of your machine). In addition, a huge number of entries of this type: SYN_SENT, TIME_WAIT from the same IP can also indicate an intrusion attempt. Frequent retries of network ports 139, 445 of TCP, and 137, and 445 of UDP, from external IP can be taken as insecure.
Step 5
Further, we can assume that we are lucky, no external intrusion was noticed, and we continue to look for a "bad application" that devours traffic.
Step 6
We type the following: Netstat –b (administrator rights are required here). As a result, a huge protocol will be unloaded with statistics on how all your applications work on the Internet: This segment of the protocol shows that the uTorrent.exe program (a client for downloading and distributing files on the BitTorrent network) was distributing files to two machines on the network from open local ports 1459 and 1461.
Step 7
It is your right to decide whether to stop this application. Perhaps it makes some sense to remove it from startup. Here, the activity of other legal programs that work with network services has already been detected: Skype, Miranda, and the second one works through the secure https protocol.
Step 8
The final goal of this analysis should be to identify unfamiliar applications that, without your knowledge, connect to the Internet (you do not know what they are transmitting). Further, you should already use various methods of dealing with "harmful" applications, starting with disabling them from startup and ending with checking with special utilities.
