Google

» How To Identify Unknown Network Connections In Windows (And See Who Is Connecting To Your Computer)

In our previous article, How To Identify Unknown Processes In Windows we discovered how to identify and track down processes running on your Computer using Process Explorer.

Next, we'll look at how to identify Network connections, known as TCP/IP ports, and how to find out who is connecting to your Computer.



 What Are TCP/IP Ports?

Webopedia defines TCP/IP Network ports as "an endpoint to a logical connection. The port number identifies what type of port it is. For example, port 80 is used for HTTP traffic."

Think of ports and port numbers as how services enter your house, such as your phone, where the port is the box outside your house that connects the wires from the street and phone company to your house, and port number is your phone number.

If you stood on your roof and look down at your house, you will see all services entering and leaving your house from utilities and other companies that supply electric, gas, cable, etc.

With Computers, you can also "look down" and see all the logical Network connections communicating with your computer, by using a tool called TCPView for Windows located at Microsoft TechNet Windows Sysinternals website. This tool is free and runs on Windows NT/2000/XP and Windows 98/Me. You can use TCPView on Windows 95 if you get the Windows 95 Winsock 2 Update from Microsoft.

Using TCPView

Once downloaded, unzip to a location on your PC and execute TCPview.exe. You should see a screen similar to this:

tcpview.gif

TCPview will show you a detailed listings of all TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) endpoints on your Computer, including the local and remote addresses and state of TCP connections. On Windows NT, 2000 and XP, TCPView also reports the name of the process that owns the endpoint.

The first column displays the Process name (on your Computer) and the Local Address column shows your Computer name and the port number your Computer is listening on, while the Remote Address column will display the remote Computer name (or IP Address if TCPview cannot resolve the IP address to it's Domain name) and the port number it is listening on.

As shown below, the Remote Address column is the key to who you are communicating and connected with.

tcpremotehost2.jpg

In this case the Local Address is marklap Computer and it is connected to the Remote Address known as msgr-cs128.hotmail.com.

As described above, the Port makrlap is accepting the connection on is 2185 while msgr-cs128 is accepting the connection on 1863. So how do you know what kind of communications is going on between the two hosts?

If you do not recognize the Process name, you can look up the Remote Address Port information for a list of well known common ports or here for a detailed list of well known ports.

In this case we will need to look up port 1863 using the detailed list, which is MSNP, known as Windows Messenger (from Microsoft) which provides Online Chat and Instant Messenger service.

TIP: If you did not know what MSNP was, search Google, but be carefull when searching, since a lot of results could mis-lead the meaning and lure you into buying software you do not need. In this case, search at your Computer OS vendor web site for the information.

One of the reason I like TCPview is because it's provides real-time activity. You will notice when the Endpoints change state from one update to the next, it is highlighted in yellow. Those that are deleted are shown in red, and new endpoints are shown in green.

Another reason, is that you can right click on a Process that has a connection to a Remote Address, select properties and do a WhoIS lookup for the remote host, as well as select Process Properties to display the Path and Command line information for the Process. The number next to Process is the PID (Process Identifier) running on your PC. TCPview also gives you the capability to end a process or close a connection.

An example of a WhoIS lookup:

tcpviewwhois.jpg

Example of a Process properties:

tcpviewprocprop.jpg

Other tools exist that can provide the same or more information as TCPview. With any tool you use, it is important that you understand what the data means and use the information to determine exactly who is connecting to you.

Armed with this knowledge, you can quickly identify unknown Network connections and never again wonder who is reaching into your Computer.

Filed under ,
| 925 Sterling Silver Jewellerys | Video On Demand | ATV-Sport | Baby Monitor | Basket Ball Shoes | Lady Fashion Shoes | Bedroom Sets | Best LCD TV Brand | Best Wireless Bluetooth Headset | Body Massager | Brand Sport Shoes | Brands Handbag | Car Monitor | Car MP3 Player | CCTV Camera | CCTV Systems | CDMA Cell Phones | Cheap Mountain Bikes | Cheap Road Bikes | Computer Monitor | Costume Jewellery | Dressing Shoes | Fashion Jewellery | Fashion Handbags | Fashion T-shirts | Fashionable Sports Shoes | Fashion Handbags | Fashion Shoes | Fire Extinguisher | Fishing Boats | Flash Memory Cards | Flash USB Disk | Gas BBQ | Gas Grill | Gold Jewellery | GSM Cell Phones | Home DVD Player | Ice Breakers | Integrated Kitchen Cabinets | Kids Children Furniture | Lady T-Shirt | LCD TV With DVD Combo | LCD TV With DVD Player | LCD Monitor | LED Lights | Memorial Cards | Mibo Shade | Mini Bluetooth Headset | Mini Digital Camera | Mini DVD Player | Mobile Phone Bluetooth Headset | Modern Leather Sofas | MP3 Necklace | Nokia Cell Phones | Notebook Keyboard | Outdoor Patio Furniture | Pave Diamond Wedding Bands | PC Video Cards | PC Webcam | Plywood | Polyester Fabric | Popular Shoes | Prenatal Vitamins | Safety Shoes | Sata Hard Drive | Sata Harddrive | Seas Pearl Necklace | Security Cameras | Server Hard Drive | Skin Care Products | Skin Moisturizer | Skin Oil Control | Slim Digital Camera | Slim Keyboard | Slimming Diet Pills | Small Electric Skillet | Solar Lights | Sportbasketball Shoes | Sterling Silver Jewellery | TFT LCD Display | TFT LCD Monitor | TFT LCD TV | Tiffany Lamps | USB Card Reader | USB Disk | USB DVD Player | USB External Harddrive | USB Webcam | Window Blinds | Wireless Baby Monitor | Wireless Keyboard | Wireless Multimedia Keyboard | Women Beautiful Shoes | Discounttire | Sexual Toys | iPhone 3G Accessories | Whirlpool Bathtubs | Toilets | Americanracing | Christringminist | HTC Max 4g | Car Electronics | Satellite Television | HP Laptops | HP United States | Discount Computer Software | Borders Books | Acer United States | Video Game Players | Buy Cheap Apple iPods | Magazines USA | USA Electronics | Video VHS Used Videos | Kitchen H ousewares Small Appliances Cookware | Furniture Decor Dining Bedroom Patio | Bed Bath Bedding Bathroom Accessories | Home Appliances Air Conditioners Sewing Machines | Housewares Kitchens | Home Improvement Garden Tools Lawn Hardware | Outdoor Living Grills Patio Furniture | Pet Supplies Birds Sats Dogs | Sewing Craft Hobby | Grocery Breakfast Foods Snacks Organic | Natural Organic Grocery | Gourmet Food Gifts Chocolate Seafood | Health Personal Care Nutrition Fitness | Beauty Makeup Fragrance Skin Care | Jewelry Watches Engagements Rings Diamonds | Tools Power Cordless Saws Drills | Lawn Garden Tools Hardware | Automotive Auto Truck Replacements Parts | Powersports Automotive | Industrial Scientific Fastners Raw Materials | Watches Mens Womens Children Accessories | Shoes Men Women Kids Baby | Apparel Accessories Men Women | Office Products Supplies Electronics Furniture | Musical Instruments Accessories Sound Recording | Toys Games Electronics Action Figures | Computer Video Games Hardware Accessories | Baby Car Seats Strollers Bedding | PC Components Computer Add Ons Computers | Software Business Education Finance Childrens | DVD Used HD Action Comedy Oscar | MP3 Music Download | Music Rock Classical Pop Jazz | Canon United States | Computer Tips Online |