When you work on the Internet, your computer connects to a wide variety of network resources. In some cases, the user needs to view the current network connections - for example, if he suspects the presence of Trojans in the system.
Instructions
Step 1
To control network connections in the Windows operating system there is a standard utility netstat. To use it, open the command line: "Start" - "All Programs" - "Accessories" - "Command Prompt" and enter the command netstat –aon. Press Enter, you will see a list of current network connections.
Step 2
The first column indicates the type of connection - TCP or UDP. In the second, you can see the local addresses and numbers of ports used when connecting. The third column will give you information about the external ip-addresses that your computer connects to. The fourth shows the connection status. The fifth contains the connection identifier (PID) - the number under which this process is listed in the system.
Step 3
When analyzing network connections, first of all, pay attention to open ports. Each port is opened by some program, some applications can open several ports at once. How do I know which program is opening the port? To do this, type tasklist in the same command line window and press Enter. A list of processes will open: the first column contains their names, the second contains identifiers.
Step 4
Look in the first list displayed by the netstat utility for the identifier of the connection you are interested in (the PID graph). Then find that ID in the second list. To the left of it, in the first column, you will see the name of the process that established this connection.
Step 5
Pay attention to network processes with LISTENING state. This state means that the program is waiting for a connection - "listening on a port". Typically, this is the behavior of some Windows services and backdoors - Trojans that allow you to establish a connection with an infected computer. Define the process of such a program: if the name is unfamiliar to you and does not mean anything, enter it into the search bar for detailed information.
Step 6
The ESTABLISHED status indicates that the connection currently exists. By the identifier, you can determine the process that established this connection, and by the ip-address you can find out from which computer the connection was made. To do this, use the service
Step 7
The netstat utility is also available on the Linux operating system. You work with it in exactly the same way as in Windows. Instead of the tasklist command, use the ps –A command to display a list of processes.