Thanks to existence in an icon tray in the form of two computers the user can judge network activity of its machine in general. If even the idle computer actively communicates with the Internet, there is a need of more complete control of traffic.
It is required to you
- - rights for applications launch on the local computer.
Instruction
1. Correctly configured computer itself will never climb in network. An exception are only the planned updates of the operating system and the antivirus software. If the computer constantly climbs in network, it is possible to assume its wrong setup or virus activity.
2. To look at network activity of the computer, start the command line: "Start-up – All programs – Standard – the Command line". Enter the netstat command – aon and do not forget to click Enter. You will see the table of five columns. In the first the protocol – UDP or TCP will be specified. In the second all active connections are listed, at the same time you can see also the ports opened on your machine. The third column shows a foreign address, the fourth a connection status. In the fifth you can see PID – a digital process identifier.
3. The ports specified in the second column say that they were opened by some programs among which can quite be and Trojan. To understand what program opens any given port, in the same window enter the tasklist command – you will see the list of the started processes. At the same time right after the name of an executable file there will be a process identifier.
4. Let's say you see that you open port 1025, its PID – 1480 (it can be your another). Find this identifier in the process list and look to what program it belongs. If you do not know what the program is, type its name in the searcher.
5. The column "Status" gives you the chance to see a connection status. For example, the line LISTENING says that the program is in wait state of connection. Quite so backdoors – the Trojan programs which server part is on the computer of the victim behave. But in this status there can be also other programs – for example, Windows services. In the Windows XP operating system some potentially dangerous ports can be closed using the wwdc utility, it can be downloaded on the Internet.
6. If you need complete analysis of traffic, use the BWmeter program. It will monitor all connections to your computer with the indication of the IP addresses, data can be written in the log. The program is useful both to calculation of spy programs, and to identification and the subsequent shutdown of the various services climbing in network without the permission of the owner of the computer.