As a savvy Internet user you are well armed when it comes to ensuring your system is not open to compromise, or exploitation, by malware.
You have protected your machine with an appropriate defense system including a Firewall (either software or hardware), sound and effective antimalware applications (including anti-virus and antispyware), anti-keylogger, and an additional protection layer against zero-day threats with the installation of an application such as ThreatFire.
But, you can take your existing defense system to another level by installing a small application which will provide you with the tools you need to analyze the activity on your ports.
There are a number of free real-time port analyzers available for download, and the following is a brief description of two such applications.
If you are familiar and comfortable with using the Windows command structure, then you may want to try the command line utility Netstat, which displays protocol statistics and current TCP/IP connections. This utility and the process are covered later in this article.
But first:
Process and Port Analyzer 2
Process and Port Analyzer 2 is a real time process, port, and network connections analyzer, which will allow you to find which processes are using which ports. A good little utility that does what it says it will do.
Quick Facts:
View currently running processes along with the full path and file which started it.
View the active TCP Listeners and the processes using them.
View the active TCP and UDP connections along with Process ID.
Double click on a process to view the list of DLL’s.
Download at: Download.com
CurrPorts
CurrPorts allows you to view a list of ports that are currently in use, and the application that is using it. You can close a selected connection and also terminate the process using it.
As well, you can export all, or selected items to an HTML or text report. Additional information includes the local port name, local/remote IP address, highlighted status changes and more.
Quick Facts:
View current active ports and there starting applications
Close selected connections and processes
Save a text/ HTML report
Info on local port name, local/remote IP address, highlighted status changes
Download at: Download.com
Netstat:
Windows includes a command line utility which can help you determine if you have Spyware/Botware running on your system. Netstat displays protocol statistics and current TCP/IP connections.
I use this utility as a test, to ensure that the anti-malware tools and Firewall running on my systems are functioning correctly, and that there are no open outgoing connections to the Internet that I am not aware of.
How to use Netstat:
You should close all open programs before you begin the following process, if you are unsure which ports/connections are normally open while you are connected to the Internet. On the other hand, if you are familiar with the ports/connections that are normally open, there is no need to close programs.
There are a number of methods that will take you to a command prompt, but the following works well.
Click Start>Run>type “cmd” – without the quotes>click OK> this will open a command box.
From the command prompt, type Netstat –a (be sure to leave a space), to display all connections and listening ports.
You can obtain additional information by using the following switches.
Type netstat -r to display the contents of the IP routing table, and any persistent routes.
The -n switch tells Netstat not to convert addresses and port numbers to names, which speeds up execution.
The netstat -s option shows all protocol statistics.
The netstat-p option can be used to show statistics for a specific protocol or together with the -s option to show connections only for the protocol specified.
The -e switch displays interface statistics.
Running Netstat occasionally is a prudent move, since it allows you to double check which applications are connecting to the Internet.
If you find there are application connections to the Internet, or open ports, that you are unfamiliar with, a Google search should provide answers. A very good source of information is Steve Gibson’s website, Shields Up, where you can test all the ports on your machine, as well as testing the efficiency of your Firewall. Take the Firewall test; you may be surprised at the results!
If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.
Hey Bill,
This is an excellent article and very important. Personally, I use CurrPorts whenever I am connected to the net. It is an excellent little program, highlighting those programs automatically that might be suspicious. It’s very configurable too.
I do know how to use the netstat command, but don’t use it much since getting CurrPorts. But as you say, it is important to double check with netstat occasionally, just like we do with several malware applications.
I haven’t used Process and Port Analyzer 2 but I am going to download it now to try it out.
Cheers
Hey Mal,
I’m with you – CurrPorts is way easier than using Netstat.
You’ve got a real handle on CurrPorts. That is so cool!!
Best,
Bill
Pingback: Tweets that mention Who’s Using Your Ports? Find Out With These Free Port Analyzers « Bill Mullins' Weblog – Tech Thoughts -- Topsy.com
Pingback: Geek Squeaks’ of the Week (#73) « What's On My PC