How can I see all active connections?

Question

My Internet connection has been slow lately, and I think it might be a possible attack. A friend has told me to use Wireshark, but it is a big install, and I do not have the time to learn how to use it. Is there an easier way to see all the connections on my PC so I can take further action?

score 66 · Accepted Answer · 2009-07-23T07:22:44.843

You are looking for the netstat command. This command should provide what you're looking for:

netstat -a

if you would also like to see what programs are using the specified ports you can use:

netstat -b

to use the netstat program:

Go to the start menu (or press Win + r and skip to step 3)
If on XP, click "Run", If on vista or later, search for cmd in the search box and skip to step 4.
type cmd
after cmd opens, type netstat -a
a list of all open connections with their ports will be displayed

more info about netstat:

C:\Documents and Settings\Administrator>netstat /?

Displays protocol statistics and current TCP/IP network connections.

NETSTAT [-a] [-b] [-e] [-n] [-o] [-p proto] [-r] [-s] [-v] [interval]

-a          Displays all connections and listening ports.
-b          Displays the executable involved in creating each connection
            or
            listening port. In some cases well-known executables host
            multiple independent components, and in these cases the
            sequence of components involved in creating the connection
            or listening port is displayed. In this case the executable
            name is in [] at the bottom, on top is the component it 
            called,
            and so forth until TCP/IP was reached. Note that this option
            can be time-consuming and will fail unless you have 
            sufficient
            permissions.
-e            Displays Ethernet statistics. This may be combined with the
            -s
            option.
-n          Displays addresses and port numbers in numerical form.
-o          Displays the owning process ID associated with each connection.
-p proto    Shows connections for the protocol specified by proto; proto
        may be any of: TCP, UDP, TCPv6, or UDPv6.  If used with 
            the -s option to display per-protocol statistics, proto may be
            any of:
        IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, or UDPv6.
-r          Displays the routing table.
-s          Displays per-protocol statistics.  By default, statistics are
            shown for IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, and UDPv6;
            the -p option may be used to specify a subset of the default.
-v          When used in conjunction with -b, will display sequence of
            components involved in creating the connection or listening
            port for all executables.
interval    Redisplays selected statistics, pausing interval seconds
            between each display.  Press CTRL+C to stop redisplaying
            statistics.  If omitted, netstat will print the current
            configuration information once.

score 21 · Answer 2 · answered Jul 23 '09 at 03:32

21

Sysinternals TCPView

I would also recommend running Autoruns and Process Explorer, also in the Sysinternals Suite to help diagnose your problem.

answered Jul 23 '09 at 03:32

arathorn

8,769

score 2 · Answer 3 · answered Apr 18 '16 at 08:42

2

If you're looking for a simple look at which connections are hungry on Windows 7 onwards, then bring up Task Manager, Performance tab, Resource Monitor, Network tab.

answered Apr 18 '16 at 08:42

Luke Puplett

1,691

score 0 · Answer 4 · answered Jul 23 '09 at 04:04

0

Prio (http://www.prnwatch.com/prio.html) can provide, as part of the Windows Task Manager, an updating list connections with some additional context that may help you make sense of what is going on.

answered Jul 23 '09 at 04:04

pcapademic

3,821

score 0 · Answer 5 · answered Jul 23 '09 at 06:08

0

Another alternative is Extensoft Free Task Manager Extensions

You can see the active ports aligned with the processes in use.

It adds a lot of functionality to the task manager and it is all contained in one area.

answered Jul 23 '09 at 06:08

Qwerty

1,759

ChemEng · Answer 6 · 2020-04-20T03:36:44.243

I am not a computer scientist but I find that netstat is a bit slow and many connections pass through unrecorded, wireshark is fast but has too many packets to filter through and windows resource monitor is too hard to look through the list to see who is making connections.

The easiest way I could come up with is going into your antivirus software and in the firewall section add the program to the list of blocked programs (or add it to the list of allowed programs and edit it to blocked). You should get a warning if you open a file of that program and it tries to connect or the program just tries to connect.See the security history of your antivirus to get a list of suspicious connections.

P.S. If you want to see all connections your computer is making I think wireshark is the best. Filter with your mac address: eth.addr==xyz

How can I see all active connections?

6 Answers6

Linked

Related