Working on the Internet is associated with the risk of stealing confidential information - logins and passwords from accounts, credit card data, various documents, photographs, etc. Any oddities in the operation of the computer may be associated with its infection or hacking, in this situation it may be necessary to monitor the traffic.
It is necessary
traffic control programs
Instructions
Step 1
As a rule, theft of data occurs in two ways: by direct connection to a remote computer, as a result of which a hacker is able to view the folders of the computer and copy the information he needs, and by using Trojans. It is very difficult to detect the operation of a professionally written Trojan horse. But there are not so many such programs, therefore, in most cases, the user notices some oddities in the computer's work, indicating that it is infected. For example, attempts to connect to the network, incomprehensible network activity when you do not open any pages, etc. etc.
Step 2
In all such situations, it is necessary to control the traffic; for this you can use the standard Windows tools. Open Command Prompt: Start - All Programs - Accessories - Command Prompt. You can also open it like this: "Start" - "Run", then enter the command cmd and press Enter. A black window will open, this is the command line (console).
Step 3
Type netstat –aon at a command prompt and press Enter. A list of connections will appear indicating the ip-addresses to which your computer connects. In the "Status" column you can see the status of the connection - for example, the ESTABLISHED line indicates that this connection is active, that is, it is present at the moment. The "External address" column contains the ip-address of the remote computer. In the column "Local address" you will find information about the ports open on your computer through which connections are made.
Step 4
Pay attention to the last column - PID. It contains identifiers assigned by the system to current processes. They are very useful in finding the application responsible for the connections you are interested in. For example, you see that you have established a connection through a port. Remember the PID-identifier, then in the same command line window type tasklist and press Enter. A list of processes will appear with identifiers in its second column. Once you find a familiar identifier, you can easily determine which application has established a given connection. If the name of the process is unfamiliar to you, enter it into a search engine, you will immediately receive all the necessary information about it.
Step 5
To control traffic, you can also use special programs - for example, BWMeter. The utility is useful in that it can completely control traffic, indicating which addresses your computer connects to. Remember that if configured correctly, it should not go online when you are not using the Internet - even if the browser is running. In a situation where the connection indicator in the tray now and then signals about network activity, you need to find the application responsible for the connection.
Step 6
AnVir Task Manager can also be of great help in monitoring traffic and detecting malicious software. It shows a list of running processes with the names of executable files, which makes it easy and quick to understand which program launched a particular process.
