During the work on the Internet the computer connects to various network resources. In certain cases the user has a need to look at the current network connections – for example, at suspicion on presence at the system of the Trojan programs.
Instruction
1. For control of network connections in the Windows operating system there is a regular netstat utility. For its use open the command line: "Start-up" - "All programs" - "Standard" - "Command line" also enter the netstat command – aon. Click Enter, you will see the list of the current network connections.
2. In the first column the connection type – TCP or UDP is specified. In the second you can look at the local addresses and numbers of the ports used at connection. The third column will give you information on the external IP addresses to which your computer connects. The fourth shows the status of connection. In the fifth the identifier of connection (PID) – number at which this process in a system appears is specified.
3. In the analysis of network connections, first of all, pay attention to open ports. Each port opens any program, several ports can open some applications at once. How to learn what program opens port? For this purpose gather in the same window of the command line tasklist and click Enter. The process list will open: in the first column their names are specified, in the second identifiers are given.
4. Look in the first list displayed by the netstat utility, the identifier of the connection (graph PID) interesting you. Then find this identifier in the second list. To the left of it, in the first column, you will see the name of the process which established this connection.
5. Pay attention to network processes with LISTENING status. This status means that the program is in standby mode connections – "listens to port". Usually so some services Windows and backdoors - the Trojan programs allowing to establish connection with the infected computer behave. Define process of such program: if the name is unfamiliar to you and does not speak about anything, enter it into a line of the searcher for obtaining detailed information.
6. The status of ESTABLISHED indicates that connection exists at present. You can identify the process which established this connection by the identifier, and to the IP address to find out from what computer the connection is carried out. For this purpose use http://url-sub.ru/tools/web/whois/ service
7. The netstat utility is present also at the Linux operating system. Work with it is carried out in precisely the same way, as well as in Windows. For a process list output instead of the tasklist command use the ps command – A.