Work on the Internet is connected with risk of theft of confidential information – logins and passwords from accounts, these credit cards, different documents, photos, etc. Any strangenesses in operation of the computer can be connected with its infection or cracking, in this situation there can be a need to check traffic.
It is required to you
- - programs of traffic observation.
Instruction
1. As a rule, theft of data happens two paths: direct connection to the remote computer as a result of which the hacker has an opportunity to browse folders of the computer and to copy information necessary to it, and with use of the Trojan programs. Find work of professionally written Trojan program very difficult. But such programs are not much therefore in most cases the user notices some strangenesses testifying to its infection in operation of the computer. For example, attempts to be connected to network, unclear network activity when you do not open any pages, etc.
2. In all similar situations it is necessary to check traffic, for this purpose you can use regular means of Windows. Open the command line: "Start-up" - "All programs" - "Standard" - "Command line". It can be opened and so: "Start-up" - "Execute", then enter the cmd command and click Enter. The black window will open, it also is the command line (console).
3. Enter in the command line the netstat command – aon and click Enter. There will be a list of connections with the indication of the IP addresses to which your computer connects. In the graph "Status" you can look at the status of connection – for example, the line ESTABLISHED says that this connection is active, that is is present at present. In the graph "Foreign address" the IP address of the remote computer is specified. You will find information on the ports opened on your computer through which connections are carried out in the graph "Local Address".
4. Pay attention to the last column – PID. In it the identifiers assigned by a system to the current processes are specified. They are very useful by search of the application responsible for the connections interesting you. For example, you see that through some port you established connection. Remember the PID identifying, then in the same window of the command line gather tasklist and click Enter. There will be a process list, in its second column identifiers are specified. Having found already familiar identifier, you easily define what application established this connection. If the name of process is unfamiliar to you, enter it into search engine, you immediately obtain about it all necessary information.
5. For traffic observation it is possible to use also special programs – for example, BWMeter. The utility is useful that it can control completely traffic, specifying to what addresses your computer connects. Remember that at the correct setup it should not climb in network when you do not use the Internet – even if the browser is started. In a situation when the connection indicator in a tray continually signals about network activity, it is necessary to find the application, responsible for connection.
6. Also the AnVir Task Manager program can render the good help in traffic observation and detection of harmful software. It shows the list of the started processes with names of executable files that allows to understand easily and quickly what program started any given process.