ureadit

Sometimes when I’m bored – or just curious – I like to have a look at what’s going on in my PC’s network connections. I’m often surprised by the number of connections my PC maintains without my knowledge.

For example, late one evening I was on my PC and suddenly an MSN Messenger window popped up with a message from my stepson. He lives in Amsterdam, which is 9 hours ahead of my location in California. I was surprised, because I could have sworn that I’d shut down MSN Messenger. Not that I didn’t want the conversation, but it was a shock nevertheless because I thought MSN Messenger was shut down. It turns out that I’d recently updated MSN Messenger to a new version, and for some reason, the old version was still running in the background. I found it unsettling that I did not know a network connection was running without my knowledge.

Anyway, there’s a good, quick method to see what’s happening on your network, and you can use it to perform occasional “spot checks” to ensure you’re not taken by surprise. It’s called “netstat”, and you can run it from a command window.

If you’re running Windows, you can start netstat by opening a command window. If you’re using Vista or Windows 7, you need to run the command window in the “Administrator” mode. You can do this by right-clicking on the “Command Prompt” icon under “Start” and “Accessories” and then selecting “Run as Administrator.”

You can then simply enter “netstat”, and your PC will retrieve the currently established connections. This list can appear somewhat cryptic, as shown below:

In this case, you can see that I have 11 connections, all based on the TCP protocol. The local address for the first six connections appears to be my local home address of 127.0.0.1. These connections are internal-only connections used to help internal programs communicate with the system. The last 5 connections are more interesting, because their IP address is 192.168.1.205, which, I happen to know, is the IP address of my network card. Looking at the “Foreign Address” column, you can see the target of these connections. Three of them are using the secure HTTP protocol, one of them is something called “DanAvidLaptop”, which, I happen to know, is the PC that my wife is currently using.

To get more information, you can add options to the netstat routine. A good option is the “-b” option, which gives a more thorough explanation of the connections.

Active Connections

Okay, this looks a bit more cryptic, but at least there are some descriptions with the connection entries. You can see that the first two entries are related to my installation of Carbonite, which is an off-site backup storage service. (Which, by the way, I highly recommend.) There is also a “vpngui” service, which is something left over from a VPN service that I’d terminated several hours ago. (Not sure why it’s still running here!) I have several connections associated with Yahoo Messenger. Finally, I have a few sessions running under Google Chrome. Note that these sessions are using the secure HTTP protocol, as I am running my Gmail program using th HTTPS option.

In this blog, I’ve only scratched the surface of what is possible with netstat. I recommend that you run netstat for yourself so you can learn not only about the connections that are currently running, but you can also learn what connections your PC is listening for. This is important when ascertaining your vulnerability to a cyber attack.

Best,

Dan

TrackBack URI for this entry

Name

Email

Website

Title

Comment

smaller | bigger

Write the displayed characters

Add Comment