Find out if programs are connecting to the Internet

Martin Brinkmann
Jan 14, 2013
Updated • Jan 14, 2013

Depending on how you have set up your system, all, some or only select applications and programs may connect to the Internet or local network resources. Especially the "allow all" approach runs the risk that programs establish an Internet connection that you may not want to do so if you'd know about it.

I revealed yesterday how Firefox add-ons may transfer data to servers without your knowledge and was asked to write a guide about how to detect these connections. While you could check the log of your firewall to find out about that, or configure your firewall to block all outgoing connections but those that you allow, it may sometimes be easier to use third party tools that provide you with a quick overview of what's going on at that time on your system.

I'd like to review two programs for that purpose, and link to a third that I have reviewed in 2008.


CurrPorts by Nirsoft is a free portable program for 32-bit and 64-bit versions of Windows that can display all open ports on the system when it is run or refreshed. It is not a real-time scanner, only a program that displays all open ports and connections at the time the system was scanned by it.

All you have to do is download, unpack and run it on your system to get a listing of all processes, their connections, ports and servers they are connected to.

currport software

You can click on the refresh button to run a new scan any time you want to. This may be useful if you have started a program after you ran CurrPort and want the program to scan its connections as well.

You can drag and drop table headers in the program. I have moved the remote host and remote address information to the left for instance as they provide me with direct information about remote servers processes are connected to. You can also sort the listing with a click on a column header-

Check out our detailed review of CurrPorts here, and if you are looking for an alternative, try Close The Door instead. There you also find download links listed.

NetBalancer Free

The second program is a real-time monitor of traffic on a Windows system. The free version of NetBalancer is sufficient for monitoring all processes and their connections. Once you have started the program on the PC you will a list of processes at the top, their current upload and download bandwidth, and the overall upload and download bandwidth they have used.

If you see data listed in the downloaded or uploaded fields you know that the process has made connections. It is a good idea to run the program in the background for some time to get a good reading on all programs you use on a daily basis.

You can click on any process listed here to have its current connections displayed at the bottom right. Here you see all remote IP addresses and protocols it has established connections to.

Block Processes from making connections

If you have identified a process using one of the tools that established connections even though it should not have done so, you have a couple of options to resolve the issue. The first option is to uninstall the program from the system. Maybe there is an alternative available that is not connecting to servers when its run.

You can naturally also try and block all outgoing traffic of the program. This can sometimes render the program useless, so keep that in mind. You can use NetBalancer free for that too, but the free version is limited to three processes only. An alternative would be to configure your firewall to block outgoing connections for selected processes.

If you are using Windows Firewall, you may find Windows Firewall Notifier useful as it displays connection attempts to you giving you the chance to evaluate them and either block or allow the connection afterwards.


Tutorials & Tips

Previous Post: «
Next Post: «


  1. iron2000 said on January 15, 2013 at 1:08 pm

    How about Windows’ built in Resource Monitor?

  2. Krishna said on January 14, 2013 at 9:42 pm

    If you prefer CurrPorts, do not forget to download GeoLite City. Just extract to CurrPorts folder.

  3. Nebulus said on January 14, 2013 at 6:52 pm

    I think Process Hacker (Network tab) is also useful for this task. If you use Process Explorer from Microsoft instead, there is a TCP/IP tab when you right-click a process and select properties. It doesn’t show the whole information in a grid though, like Process Hacker or the tools reviewed by Martin.

  4. Dan said on January 14, 2013 at 6:52 pm

    On laptop, I use Networx portable, find it accurate but its netstat doesn’t give balloon/audio alerts to device access, so I also use Nir’s “Wireless Watcher” which does do that in if set to constant scan it detects even brief connection by another device(s)…still have to pull up Networx netstat if something unusual seems running from within. Your tips sound equally good where something like Comodo firewall can’t be used.

    I loved the extensibility of CF, and way you could sandbox/be notified of all outbounds, but my Windows 7 Home Premium 64 bit on an Acer Aspire notebook is one of those that builds into random BSODs due to CF driver “inspect.sys”, so can’t use it or ZoneAlarm. Making even home network “Public” seems to at least stealth inbound ports and stop discovery of Netbios, but it’s hard to trust this way some new bootkit won’t get past AV and do damage before it’s discovered. Will check into Windows Firewall Notifier, thanks again for tip!

  5. X said on January 14, 2013 at 5:14 pm

    @JoJo: Security software tend to lock USB Storage Devices.
    Although not exactly what you are asking for, you could be interested in another utility from NirSoft: USBDView available at

  6. JoJo said on January 14, 2013 at 4:44 pm

    nice program, but I wonder if anyone can help me this request (similar but related to USB), is there a software to be used to see what program or process is using what USB port? like which is accessing the USB Stick or the Potable HDD?
    Working for several hours with HDD connected to USB and then closing all related software still didnt release the HDD from being “Safely Removed”.

    Thank you

  7. MrEprize said on January 14, 2013 at 4:08 pm

    I have also found the Free Portable version of Networx to work very well also. It has a realtime monitoring option under Netstat.

  8. livexb said on January 14, 2013 at 3:37 pm

    Windows Firewall Notifier requires .net framework.

  9. mazling said on January 14, 2013 at 3:22 pm

    Comodo firewall gets to the top end of most lists at ability to block everything properly, but the gui is a bit nasty. The new comodo is slightly better in some respects but everything has been shuffled around. These days it tends not to freeze apps while prompting for user input to allow or block traffic, which caused problems for a few,.

  10. lvexb said on January 14, 2013 at 3:02 pm

    I clicked on your Windows Firewall Notifier link, downloaded it and tried to use it. It requires .net framework which I do not have. I appreciate free programs, but wish developers would tell you such things beforehand.

  11. kktkkr said on January 14, 2013 at 2:42 pm

    I had a good laugh at “Windows Firefox”. Firewall, of course.

    1. Martin Brinkmann said on January 14, 2013 at 3:44 pm

      Ha, sorry for that. Corrected.

  12. imu said on January 14, 2013 at 2:08 pm

    TCPView by Sysinternals might be worth to mention too :)


    1. Jopat said on January 15, 2013 at 2:11 pm

      I totally agree with imu, TCPVIEW is the most efficient and lightweight tool to monitor TCP/IP Connections

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.