Your PC establishes many Internet connections during the day, and not all of them are sites you are in contact with. Although some of these connections are harmless, it is still possible that you have malware, spyware or adware using your Internet connection in the background without your knowledge. Here's how to see what's going on under the hood.
We'll cover three ways to see your PC's active connections. The first uses the good old netstat command from PowerShell or the command prompt. Then we will show you two free tools, TCPView and CurrPorts, which also do the work and can be more convenient.
Option 1: Check Active Connections with PowerShell (or Command Prompt)
This option uses the netstat command to generate a list of everything that created an Internet connection within a specified amount of time. You can do this on any Windows-based PC, from Windows XP Service Pack 2 to Windows 10. And, you can do it using PowerShell or Command Prompt. The control works the same way in both.
Start by running PowerShell as administrator by pressing Windows + X, then selecting "PowerShell (Admin)" from the Power User menu. If you use the command prompt instead, you will also need to run it as an administrator.
At the prompt, type the following command, and then press ENTER.
netstat -abf 5> activity.txt
We use four modifiers on the netstat command. The -a option tells him to show all the connections and the ports that are listening. The -b option adds which application establishes the connection to the results. The -f option displays the full DNS name for each connection option, which makes it easier for you to understand the location of the connections. Option 5 causes the command to be polled every five seconds for connections (to make it easier to track what is happening). We then use the pipe symbol ">" to save the results in a text file named "activity.txt".
After issuing the command, wait a few minutes, then press Ctrl + C to stop the data logging.
When you have stopped saving data, you must open the activity.txt file to see the results. You can open the file in Notepad immediately from the PowerShell prompt by simply typing "activity.txt" and then pressing Enter.
The text file is stored in the Windows System32 folder if you want to find it later or open it in a different editor.
The activity.txt file lists all the processes on your computer (browsers, instant messaging clients, e-mail programs, etc.) that have established an Internet connection during the execution of the command. This includes both established connections and open ports on which applications or services listen for traffic. The file also lists the processes connected to which websites.
If you see process names or website addresses that you are not familiar with, you can search for "what is (name of the unknown process)" in Google and see what it is like ; about. It is possible that we even covered it ourselves as part of our current series explaining various processes found in Task Manager. However, if it seems like a bad site, you can use Google again to find out how to get rid of it.
Option Two: Check Active Connections Using TCPView
The excellent utility TCPView provided with the SysInternals Toolkit allows you to quickly see which processes connect to which resources on the Internet and even finish the process. login, or do a quick Whois search to get more information. This is certainly our first choice when it comes to diagnosing problems or simply trying to get more information on your computer.
Note: When you load TCPView for the first time, you can see a ton of [System Process] connections to all kinds of Internet addresses, but that's usually not a problem. If all the connections are in the TIME_WAIT state, this means that the connection is closed and there is no process to assign the connection, so they must be assigned to the 0 PID as it there is no PID to assign to
This usually happens when you load TCPView after connecting to a lot of things, but it should disappear after all connections are completed and TCPView remains open.
Option Three: Check Active Connections Using CurrPorts
You can also use a free tool named CurrPorts to view a list of all currently open TCP / IP and UDP ports on your local computer. This is a slightly more focused tool than TCPView.
For each port, CurrPorts lists information about the process that opened the port. You can close connections, copy information from a port to the clipboard, or save this information in different file formats. You can rearrange the columns displayed in the main CurrPorts window and in the files you save. To sort the list by a specific column, simply click on the header of that column.
CurrPorts works on everything from Windows NT to Windows 10. Note that there is a separate download of CurrPorts for 64-bit versions of Windows. You can find more information about CurrPorts and how to use it on their website.