When you are having doubt about some program installed on your system or want to quickly check which ports are opened on your desktop there might be a time to check which tool fits for this situation. There are tools to track open ports and show detailed listings of your network connections. Tools which can help identify which programs are connecting to the internet and how much data they have sent or received.
Those tools can be used to detect unknown, misbehaving or data-intensive processes on your network. Today we'll have a look at two of them but I'm sure that there is ton of others as well. There is TCPView from Microsoft and Curports from Nirsoft.
TCPView allows to get detailed listings of all TCP and UDP endpoints on your system, including the local and remote addresses and state of TCP connections. The TCPView download includes Tcpvcon, a command-line version with the same functionality.
Right clicking a Process presents several options:
- Process Properties – shows the filename and full path of the process so you can recognize or research unknown processes.
- End Process – (for Advanced users), kill off a process if it is using too much data or is suspicious.
- Close Connection – (for Advanced users), only available if the connection is Established.
- Whois – opens in a separate window. See who owns the domain registered for a remote address.
- Copy – copy the Process and associated details for pasting into a document or file. You can save the whole list by selecting File Save As from the menubar.
TCPview can be downloaded from here.
Curports
Curports in addition to detailed informations about ports used by different applications, can also mark in pink the suspicious communication.
In addition, CurrPorts allows you to close unwanted TCP connections, kill the process that opened the ports, and save the TCP/UDP ports information to HTML file , XML file, or to tab-delimited text file. Looks like we have more in depth informations and possibilities than through TCPview. After, depending of the usage….
CurrPorts also automatically mark with pink color suspicious TCP/UDP ports owned by unidentified applications (Applications without version information and icons)
If you want to get more information about the remote IP address displayed in CurrPorts utility, you can utilize the Integration with IPNetInfo utility in order to easily view the IP address information from WHOIS servers:
- Download and run the latest version of IPNetInfo utility. (If you have IPNetInfo with version prior to v1.06, you must download the newer version.)
- Select the desired connections, and then choose “IPNetInfo” from the File menu (or simply click Ctrl+I).
- IPNetInfo will retrieve the information about remove IP addresses of the selected connections.
Curports – download from this page.
What are you using for monitoring ports and outbound connections? Share your knowledge! If you found this post useful, just share…
