Has your Internet connection become slower than it should be? There may be a chance that you have some malware, spyware, or adware that is using your Internet connection in the background without your knowledge. Here’s how to see what’s going on under the hood.
How to Check What Your Computer is Connecting To:
open the Start menu and enter “cmd.exe” in the Search box. When the results display, right-click on cmd.exe and select Run as administrator from the popup menu.
At the command prompt, type the following command and press Enter.
netstat -abf 5 > activity.txt
The –a option shows all connections and listening ports, the –b option shows you what application is making the connection, and the –f option displays the full DNS name for each connection option for easier understanding of where the connections are being made to. You can also use the –n option if you wish to only display the IP address. The 5 option will poll every 5 seconds for connections to make it more easy to track what is going on, and the results are then piped into the activity.txt file.
Wait about two minutes and then press Ctrl + C to stop the recording of data.
The resulting file will list all processes on your computer (browsers, IM clients, email programs, etc.) that have made an internet connection in the last two minutes, or however long you waited before pressing Ctrl + C. It also lists which processes connected to which websites.
If you see process names or website addresses with which you are not familiar, you can search for “what is (name of unknown process)” in Google and see what it is. It may be a system function you don’t know about or a function of one of your running programs. However, if it seems like a bad site, you can use Google again to find out how to get rid of it.
How to Check What Your Computer is Connecting To:
open the Start menu and enter “cmd.exe” in the Search box. When the results display, right-click on cmd.exe and select Run as administrator from the popup menu.
At the command prompt, type the following command and press Enter.
netstat -abf 5 > activity.txt
The –a option shows all connections and listening ports, the –b option shows you what application is making the connection, and the –f option displays the full DNS name for each connection option for easier understanding of where the connections are being made to. You can also use the –n option if you wish to only display the IP address. The 5 option will poll every 5 seconds for connections to make it more easy to track what is going on, and the results are then piped into the activity.txt file.
Wait about two minutes and then press Ctrl + C to stop the recording of data.
The resulting file will list all processes on your computer (browsers, IM clients, email programs, etc.) that have made an internet connection in the last two minutes, or however long you waited before pressing Ctrl + C. It also lists which processes connected to which websites.
If you see process names or website addresses with which you are not familiar, you can search for “what is (name of unknown process)” in Google and see what it is. It may be a system function you don’t know about or a function of one of your running programs. However, if it seems like a bad site, you can use Google again to find out how to get rid of it.
Using TCPView to Check What Your PC is Connecting To
The excellent TCPView utility that comes in the SysInternals toolkit will let you quickly see exactly what processes are connecting to what resources on the Internet, and even let you end the process, close the connection, or do a quick Whois lookup to give you more information.
If all of the connections are in the TIME_WAIT state, that means that the connection is being closed, and there isn’t a process to assign the connection to, so they should up as assigned to PID 0 since there’s no PID to assign it to.
The excellent TCPView utility that comes in the SysInternals toolkit will let you quickly see exactly what processes are connecting to what resources on the Internet, and even let you end the process, close the connection, or do a quick Whois lookup to give you more information.
If all of the connections are in the TIME_WAIT state, that means that the connection is being closed, and there isn’t a process to assign the connection to, so they should up as assigned to PID 0 since there’s no PID to assign it to.
Using CurrPorts to Check What Your PC is Connecting To:
You can also use a free tool, called CurrPorts, to display a list of all currently opened TCP/IP and UDP ports on your local computer. It is a portable program and doesn’t need to be installed. To use it, extract the .zip file you downloaded and run cports.exe.
You can also use a free tool, called CurrPorts, to display a list of all currently opened TCP/IP and UDP ports on your local computer. It is a portable program and doesn’t need to be installed. To use it, extract the .zip file you downloaded and run cports.exe.