Display which programs accept or have established Internet connections on Windows
![netstat bona](https://www.ghacks.net/wp-content/uploads/2014/12/netstat-bona.jpg)
How do you know which programs on Windows have established connections to the Internet or are accepting them? Some programs may reveal the information to you directly while others may not reveal those information to you.
This is especially true for shady applications and those that are outright malicious. If you want to know if a program phones home you need to know how to display those information on the system.
One option that you have is to configure a software or hardware firewall to only allow connections by programs that you have verified on a case by case basis.
If you just want to get the current status of connections though, you can use various internal and third-party tools to do so.
Netstat
One of the easiest options is to use the netstat command. Here is how you use it for that purpose:
- Tap on the Windows-key and type cmd.exe.
- Right-click on the result and select run as administrator. This launches an elevated command prompt.
- Type netstat -bona and hit enter.
Wonder what the parameters stand for?
- b - displays the executable involved in creating the connection.
- o - displays the owning process ID.
- n - displays address and port numbers.
- a - displays all connections and listening ports.
The command lists executable files, local and external IP addresses and ports, and the state in list form. You immediately see which programs have created connections or are listening so that you can find offenders quickly.
Windows Powershell
You can use the Powershell as well and it is offering several interesting options.
- Tap on the Windows-key and type powershell.
- Right-click on the result and select run as administrator. This runs it with elevated privileges.
- Type $nets = NetStat. This saves the Netstat output in the variable $nets.
- Type $nets | select-string "Established" to only display established connections.
- Use the same syntax to search for other strings, e.g. listening.
Another useful command is netsh interface ipv4 show tcpconnections.
Third-party tools
The program that I find the most comfortable to use is CurrPorts by Nirsoft. It is a portable application for Windows that displays all open connections and listening ports on start.
What's great about it is that it is super easy to use and that it ships with extra features that you may find handy. You can use it to search for data for example or filters to only display specific connections.
The refresh is fast and you can export the data to other formats such as csv or xml as well.
Now You: What are you using to control the connections on your computer?
![Display which programs accept or have established Internet connections on Windows](https://www.ghacks.net/wp-content/uploads/2014/12/currports.jpg)
Martin, you are ridiculous when you blur out IPs used in your subnetwork. Those IPs are grey, no point in hiding them.
What’s wrong with having privacy of your own local network?
Privacy is important.
Last month I stambled upon a fool: he leaked both his localhost and local gateway to me.
Just like that, straight to my face !
Since he was such a fool, I’ll just go and leak them here for him : 127.0.0.1 and 192.168.0.1.
I hope that will teach him a lesson. Please do not crosslink, though: there is such a thing as going too far…
I use ‘tcpview’ from SysInternals.
I use Prio—it inserts a TCP tab in Task Manager, plus it has a few other useful things like silent elevation and task priority setting.
I think you reviewed it years ago, which is how I found out about it.
http://www.prnwatch.com/prio/
I think I have reviewed it here on Ghacks before and liked it quite a bit. Thanks!