Your Personal Computer makes a lot of Internet connections in a day’s business, and not all of them are necessarily sites you’re aware of.
While some of these connections are harmless, there is always a chance that you have some malware, spyware, or adware using your Internet connection in the background without your knowledge.
Howtogeek.com provides tips on how to know where your system is connected to.
There are three ways you can view your PC’s active connections. The first uses the good old netstat command from PowerShell or the Command Prompt.
There are also two free tools you can use. They are the TCPView and CurrPorts.
Option One: Check active connections with PowerShell (or Command Prompt)
This option uses the netstat command to generate a list of everything that has made an Internet connection in a specified amount of time. You can do this on any PC running Windows, from Windows XP Service Pack 2, all the way up to Windows 10. And you can do it using either PowerShell or Command Prompt. The command works the same in both cases.
If you’re using Windows 8 or 10, fire up PowerShell as an administrator by hitting Windows+X, and then selecting “PowerShell (Admin)” from the Power User menu. If you’re using the Command Prompt instead, you will also have to run that as an administrator.
If you’re using Windows 7, you’ll need to hit Start, type “PowerShell” in the search box, right-click the result, and then choose “Run as administrator” instead. And if you’re using a version of Windows before Windows 7, you’ll need to run the Command Prompt as administrator.
At the prompt, type the following command, and then press Enter.
There are four modifiers on the netstat command. The -a option tells it to show all connections and listening ports. The -b option adds what application is making the connection to the results. The -f option displays the full DNS name for each connection option, so that you can more easily understand where the connections are being made.
The 5 option causes the command to poll every five seconds for connections (to make it more easy to track what is going on). There’s also the piping symbol “>” that saves the results to a text file named “activity.txt.”
After issuing the command, wait a couple of minutes, and then press Ctrl+C to stop the recording of data.
When you’ve stopped recording data, you’ll need to open the activity.txt file to see the results. You can open the file in Notepad immediately from the PowerShell prompt by just typing “activity.txt” and then hitting Enter.
The text file is stored in the \\Windows\ystem32 folder if you want to find it later or open it in a different editor.
The activity.txt file lists all processes on your computer (browsers, IM clients, email programs, etc.) that have made an Internet connection in the time during which you left the command running. This includes both established connections and open ports on which apps or services are listening for traffic. The file also lists which processes connected to which websites.
If you see process names or website addresses with which you are not familiar, you can search for “what is (name of unknown process)” in Google and see what it is. However, if it seems like a bad site, you can use Google again to find out how to get rid of it.
Option Two: Check active connections by using TCPView
The excellent TCPView utility that comes in the SysInternals toolkit lets you quickly see exactly what processes are connecting to what resources on the Internet, and even lets you end the process, close the connection, or do a quick Whois lookup to get more information. It’s definitely the first choice when it comes to diagnosing problems or just trying to get more information about your computer.
Note: When you first load TCPView, you might see a ton of connections from [System Process] to all sorts of Internet addresses, but this usually isn’t a problem. If all of the connections are in the TIME_WAIT state, that means that the connection is being closed, and there isn’t a process to assign the connection to.
This usually happens when you load up TCPView after having connected to a bunch of things, but it should go away after all the connections close and you keep TCPView open.
Option Three: Check active connections by using CurrPorts
You can also use a free tool named CurrPorts to display a list of all currently opened Transmission Control Protocol/Internet Protocol and User Data Protocol ports on your local computer. It’s a bit more focused tool than TCPView.
For each port, CurrPorts lists information about the process that opened the port. You can close connections, copy a port’s information to the clipboard, or save that information to various file formats. You can reorder the columns displayed on the CurrPorts main window and in the files you save. To sort the list by a specific column, just click on the header of that column.
CurrPorts runs on everything from Windows NT up through Windows 10. Just note that there is a separate download of CurrPorts for 64-bit versions of Windows. You can find more information about CurrPorts and how to use it on their website.