Thanks to the presence in the tray of an icon in the form of two computers, the user can generally judge the network activity of his machine. In the event that even an idle computer actively communicates with the Internet, there is a need for more complete traffic control.
It is necessary
rights to run applications on the local computer
Instructions
Step 1
A properly configured computer will never go online on its own. The only exceptions are scheduled updates of the operating system and antivirus program. If the computer constantly climbs into the network, it can be assumed that it is incorrectly configured or viral.
Step 2
To view the network activity of your computer, run the command line: "Start - All Programs - Accessories - Command Line". Enter the command netstat –aon and do not forget to press Enter. A table of five columns will appear in front of you. The first will indicate the protocol - UDP or TCP. The second lists all active connections, while you can see the ports open on your machine. The third column shows the external address, the fourth shows the connection status. In the fifth, you can see the PID - the digital identifier of the process.
Step 3
The ports indicated in the second column indicate that they were opened by some programs, among which there may well be Trojans. In order to understand which program opens a particular port, enter the tasklist command in the same window - you will see a list of running processes. In this case, the process identifier will go immediately after the name of the executable file.
Step 4
Let's say you see that you have port 1025 open, its PID is 1480 (it may be different for you). Find this identifier in the list of processes and see which program it belongs to. If you do not know what this program is, type its name in a search engine.
Step 5
The "Status" column gives you the ability to see the status of the connection. For example, the LISTENING line indicates that the program is waiting for a connection. This is exactly how backdoors behave - Trojans, the server part of which is located on the victim's computer. But other programs, such as Windows services, can also be in this state. In Windows XP, some potentially dangerous ports can be closed using the wwdc utility, which can be downloaded from the Internet.
Step 6
If you need a complete traffic analysis, use the BWmeter program. It will track all connections to your computer with the indication of ip-addresses, the data can be written to the log. The program is useful both for calculating spyware and for detecting and then disabling all kinds of services that climb into the network without the permission of the computer owner.
