Depending on how you have set up your system, all, some or only select applications and programs may connect to the Internet or local network resources. Especially the "allow all" approach runs the risk that programs establish an Internet connection that you may not want to do so if you'd know about it.
I revealed yesterday how Firefox add-ons may transfer data to servers without your knowledge and was asked to write a guide about how to detect these connections. While you could check the log of your firewall to find out about that, or configure your firewall to block all outgoing connections but those that you allow, it may sometimes be easier to use third party tools that provide you with a quick overview of what's going on at that time on your system.
I'd like to review two programs for that purpose, and link to a third that I have reviewed in 2008.
CurrPorts by Nirsoft is a free portable program for 32-bit and 64-bit versions of Windows that can display all open ports on the system when it is run or refreshed. It is not a real-time scanner, only a program that displays all open ports and connections at the time the system was scanned by it.
All you have to do is download, unpack and run it on your system to get a listing of all processes, their connections, ports and servers they are connected to.
You can click on the refresh button to run a new scan any time you want to. This may be useful if you have started a program after you ran CurrPort and want the program to scan its connections as well.
You can drag and drop table headers in the program. I have moved the remote host and remote address information to the left for instance as they provide me with direct information about remote servers processes are connected to. You can also sort the listing with a click on a column header-
The second program is a real-time monitor of traffic on a Windows system. The free version of NetBalancer is sufficient for monitoring all processes and their connections. Once you have started the program on the PC you will a list of processes at the top, their current upload and download bandwidth, and the overall upload and download bandwidth they have used.
If you see data listed in the downloaded or uploaded fields you know that the process has made connections. It is a good idea to run the program in the background for some time to get a good reading on all programs you use on a daily basis.
You can click on any process listed here to have its current connections displayed at the bottom right. Here you see all remote IP addresses and protocols it has established connections to.
If you have identified a process using one of the tools that established connections even though it should not have done so, you have a couple of options to resolve the issue. The first option is to uninstall the program from the system. Maybe there is an alternative available that is not connecting to servers when its run.
You can naturally also try and block all outgoing traffic of the program. This can sometimes render the program useless, so keep that in mind. You can use NetBalancer free for that too, but the free version is limited to three processes only. An alternative would be to configure your firewall to block outgoing connections for selected processes.
If you are using Windows Firewall, you may find Windows Firewall Notifier useful as it displays connection attempts to you giving you the chance to evaluate them and either block or allow the connection afterwards.Advertisement
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.