Is Your Computer Connecting

[Humpty]

If you are worried that some programs on your PC are secretly making connections to websites in the background, here's a quick tip that uses a simple DOS command to detect and prevent such suspicious activity:

 

1. Type cmd in your Windows Run box.

 

2. Type "netstat -b 5 > activity.txt" and press enter. After say 2 minutes, press Ctrl+C.

 

3. Type "activity.txt" on the command line to open the log file in notepad (or your default text editor)

 

The file activity.txt will have a log of all process that made a connection to the Internet in the last two minutes. It will also show which process connected to which website in this time. And not just the web browsers (like iexplore.exe or opera.exe), the log will also show your IM clients, download managers, email programs or any software that requires a net connection.

 

Stolen from here

[Anthony A]

If you are worried that some programs on your PC are secretly making connections to websites in the background, here's a quick tip that uses a simple DOS command to detect and prevent such suspicious activity:

 

1. Type cmd in your Windows Run box.

 

2. Type "netstat -b 5 > activity.txt" and press enter. After say 2 minutes, press Ctrl+C.

 

3. Type "activity.txt" on the command line to open the log file in notepad (or your default text editor)

 

The file activity.txt will have a log of all process that made a connection to the Internet in the last two minutes. It will also show which process connected to which website in this time. And not just the web browsers (like iexplore.exe or opera.exe), the log will also show your IM clients, download managers, email programs or any software that requires a net connection.

 

Stolen from here

 

 

Read that on Life Hacker today.

[Tunerz]

It's pretty useful to me. I've check the log and I saw some "unwanted entries" for me

 

TCP DESKTOP:3140 1a.9.344a.static.theplanet.com:http ESTABLISHED 2956

[Opera.exe]

 

TCP DESKTOP:3141 1a.9.344a.static.theplanet.com:http ESTABLISHED 2956

[Opera.exe]

 

TCP DESKTOP:3142 1a.9.344a.static.theplanet.com:http ESTABLISHED 2956

[Opera.exe]

 

TCP DESKTOP:3143 1a.9.344a.static.theplanet.com:http ESTABLISHED 2956

[Opera.exe]

 

TCP DESKTOP:3122 checkip-pao.dyndns.com:http CLOSING 3508

[DynDNS.exe]

 

TCP DESKTOP:3136 checkip-pao.dyndns.com:http CLOSING 3508

[DynDNS.exe]

 

TCP DESKTOP:3137 checkip-pao.dyndns.com:http CLOSING 3508

[DynDNS.exe]

 

TCP DESKTOP:3130 1a.9.344a.static.theplanet.com:http TIME_WAIT 0

TCP DESKTOP:3132 1a.9.344a.static.theplanet.com:http TIME_WAIT 0

TCP DESKTOP:3134 1a.9.344a.static.theplanet.com:http TIME_WAIT 0

TCP DESKTOP:3139 1a.9.344a.static.theplanet.com:http TIME_WAIT 0

[YoKenny]

TCPView from Microsoft's Mark Russinovich is very good:

http://www.microsoft.com/technet/sysintern...es/tcpview.mspx

[hazelnut]

@Tunerz

 

As far as I know The planet.com is a web hosting service used by some forums.

[Tunerz]

Why does desktop (not Opera) access "theplanet.com"? Perhaps it's still connected to Opera's processes.

[DennisD]

Nice post Humpty.

[login123]

Very nifty, Humpty.

[Andavari]

I remember years ago when I used the original MP3.com, and back in the ZoneAlarm version 2 era that MP3.com would show up in the firewall logs as the browser communicating with the website on the websites port 80 an hour or so later after I'd left the site and was browsing elsewhere. It was always something that made me go hmm, but I never thought of it as a threat after reading some security info about it.

[Caldor]

Whats really going to twist your noodle is what the contents of encrypted packets going back to MS are doing I know of three, might be more.