Pinterest Stumbleupon Whatsapp
Ads by Google

Windows XP has a command line utility which will help you determine if you have spyware or botware running on your system. Netstat displays protocol statistics and current TCP/IP connections.

I use this utility as a test, to ensure that the anti-malware tools and firewall running on my systems are functioning correctly, and that there are no open outgoing connections to the internet that I am not aware of.

How to use Netstat:

You should close all open programs before you begin the following process, if you are unsure which ports/connections are normally open while you are connected to the internet. On the other hand, if you are familiar with the ports/connections that are normally open, there is no need to close programs.

There are a number of methods that will take you to a command prompt, but the following works well.

Click Start>Run>type “cmd” – without the quotes>click OK> this will open a command box.

Ads by Google

From the command prompt, type Netstat ““a (be sure to leave a space), to display all connections and listening ports.

You can obtain additional information by using the following switches.

    Type netstat -r to display the contents of the IP routing table and any persistent routes.

    The -n switch tells Netstat not to convert addresses and port numbers to names, which speeds up execution.

    The netstat -s option shows all protocol statistics.

    The netstat-p option can be used to show statistics for a specific protocol or together with the -s option to show connections only for the protocol specified.

    The -e switch displays interface statistics.

Running Netstat occasionally is a prudent move, since it allows you to double check which applications are connecting to the internet.

If you find there are application connections to the internet, or open ports that you are unfamiliar with, a Google search should provide answers. A very good source of information is Steve Gibson’s website, Shields Up, where you can test all the ports on your machine, as well as testing the efficiency of your firewall. Take the firewall test; you may be surprised at the results! If your Firewall fails, get yourself a better one here What Firewall Software do you Use ? [Poll] What Firewall Software do you Use ? [Poll] Read More .

If you are unfamiliar with, or uncomfortable with using the command structure, there are a number of free real-time port analyzers available for download.

(1) Process and Port Analyzer is a real time process, port and network connections analyzer which will allow you to find which processes are using which ports. A good little utility that does what it says it will do.

Quick Facts:

  • View currently running processes along with the full path and file which started it
  • View the active TCP Listeners and the processes using them
  • View the active TCP and UDP connections along with Process ID
  • Double click on a process to view the list of DLL’s

(2) CurrPorts allows you to view a list of ports that are currently in use, and the application that is using it. You can close a selected connection and also terminate the process using it. As well, you can export all, or selected items to an HTML or text report. Additional information includes the local port name, local/remote IP address, highlighted status changes and more.

Quick Facts:

  • View current active ports and there starting applications
  • Close selected connections and processes
  • Save a text/ HTML report
  • Info on local port name, local/remote IP address, highlighted status changes

  1. manish
    November 8, 2008 at 3:53 am

    thanks boss...........................

  2. Nutz
    June 6, 2008 at 5:44 am

    Hi Bill,

    It is an easy way to watch connections leaving your pc and will indeed catch some malware.

    The issue is the stealthy malware can hide connections and themselves from these tools.
    In cases of evil browser plugins it will also appear like the application is IE.

    Advanced modern bot nets are using P2P like infrastructure for command and control and in those cases you will just see some amounts of connections to 12345.dsl.isp.com that look no different tan any instant messenger.

    When i was younger i used to use this tool to freak out new ICQ contacts by asking them what the weather was like in x.

    • Bill Mullins
      June 6, 2008 at 1:00 pm

      Hey Nutz,

      Thanks for the great comment and for adding the kind of info we can all benefit from.

      Regards,

      Bill

  3. Aibek
    June 2, 2008 at 1:26 pm

    Cool post Bill, I especially like the Currports app. Next time my girlfreind IMs me about the "weird things" going on with her system i will ask her for that Currports HTML report.

    • Bii Mullins
      June 2, 2008 at 3:44 pm

      Hey Aibek,

      Thanks for the comment. There's something pretty neat about hearing from you guys!

      BM

  4. AskTheAdmin | Karl Gechlik
    June 1, 2008 at 1:11 pm

    I use this on a daily basis. Great tip Bill.

    • Bill Mullins
      June 1, 2008 at 2:39 pm

      Hey Karl,

      Thanks for the comment; appreciate it from a fellow geek!

      BM

  5. Brainiac
    June 1, 2008 at 10:54 am

    Thanks for the excellent article...at firts I found it a bit overwheling but once I tried it myself it turned out to be quite simple...Thanks

    • Bill Mullins
      June 1, 2008 at 1:01 pm

      Hey Brainiac,

      Glad you found the info worthwhile. Thanks for the comment.

      BM

Leave a Reply

Your email address will not be published. Required fields are marked *