On the computer it is more than 65 thousand ports. Some of them are busy with the programs which opened them. All others – are free. In that case if the user notices suspicious network activity of the computer, it is necessary to see open ports and to find out what programs open them.
Instruction
1. Correctly configured computer communicates with the Internet only in two cases: when you work in network and when there is an update of anti-virus bases or the operating system. If you see that the computer itself "climbs" in network, it is a reason for its check.
2. It is necessary to know that even the computer protected by an antivirus and a firewall is not impregnable. Hackers learned to deceive the most known protective programs long ago therefore you watch closely behavior of the computer and regularly check open ports.
3. For check of open ports open the command line: "Start-up" - "All programs" - "Standard" - "Command line". There is also simpler path: "Start-up" - "Execute", enter the cmd command and click OK. Enter in a window of the command line netstat – aon, start the utility clicking of Enter.
4. In the first column of the appeared table the type of network connection is specified. In the second – "The local address" - you will see the local addresses and numbers of open ports (behind the address, after a colon). In the Foreign address column the network addresses to which your computer connects are specified.
5. Pay attention to the section "Status" showing the status of connection: ESTABLISHED – connection is established. LISTENING – connection waiting. CLOSE_WAIT – connection is complete. At last, the last column – PID – shows a process identifier. This number under which any given process appears in a system.
6. Thanks to existence of PID you can understand what program opens any given port. For example, you see that you open port 1499, its identifier – 1580 (at you all data will be others). Gather the tasklist command in the same window of the command line. You will see the list of all processes, at the same time in the second column their identifiers (PID) are specified. Now you should find in this column PID interesting you, in this case 1580. You find, you watch in a column a process name at the left – let it will be AAWService.exe.
7. If the process name is unfamiliar to you, enter it into a line of the searcher. Entered, obtained information – process belongs to the Ad-Aware program. Do you have on the computer such program? Whether it is started automatically at start? Whether it is necessary to you? Start the Aida64 (Everest) program and look at the folder of automatic loading and, if necessary, delete from it the Ad-Aware file. If at you do not cost such program, then AAWService.exe - process of the trojan masking under the popular utility. Use this algorithm for verification of all other applications opening ports.
8. Pay special attention to connections with LISTENING status. The application listens to the port opened for them, expecting connection. In this way can behave as "lawful" programs – for example, Windows services, and Trojan, expecting when with them connection is established.