Display which programs accept or have established Internet connections on Windows

Martin Brinkmann
Dec 1, 2014

How do you know which programs on Windows have established connections to the Internet or are accepting them? Some programs may reveal the information to you directly while others may not reveal those information to you.

This is especially true for shady applications and those that are outright malicious. If you want to know if a program phones home you need to know how to display those information on the system.

One option that you have is to configure a software or hardware firewall to only allow connections by programs that you have verified on a case by case basis.

If you just want to get the current status of connections though, you can use various internal and third-party tools to do so.


One of the easiest options is to use the netstat command. Here is how you use it for that purpose:

  1. Tap on the Windows-key and type cmd.exe.
  2. Right-click on the result and select run as administrator. This launches an elevated command prompt.
  3. Type netstat -bona and hit enter.

Wonder what the parameters stand for?

  • b - displays the executable involved in  creating the connection.
  • o - displays the owning process ID.
  • n - displays address and port numbers.
  • a - displays all connections and listening ports.

The command lists executable files, local and external IP addresses and ports, and the state in list form. You immediately see which programs have created connections or are listening so that you can find offenders quickly.

Windows Powershell


You can use the Powershell as well and it is offering several interesting options.

  1. Tap on the Windows-key and type powershell.
  2. Right-click on the result and select run as administrator. This runs it with elevated privileges.
  3. Type $nets = NetStat. This saves the Netstat output in the variable $nets.
  4. Type $nets | select-string "Established" to only display established connections.
  5. Use the same syntax to search for other strings, e.g. listening.

Another useful command is netsh interface ipv4 show tcpconnections.

Third-party tools


The program that I find the most comfortable to use is CurrPorts by Nirsoft. It is a portable application for Windows that displays all open connections and listening ports on start.

What's great about it is that it is super easy to use and that it ships with extra features that you may find handy. You can use it to search for data for example or filters to only display specific connections.

The refresh is fast and you can export the data to other formats such as csv or xml as well.

Now You: What are you using to control the connections on your computer?

Display which programs accept or have established Internet connections on Windows
Article Name
Display which programs accept or have established Internet connections on Windows
How to display all open connections and programs that listen on a port on Windows using native tools and third-party programs.

Previous Post: «
Next Post: «


  1. - said on December 1, 2014 at 7:42 pm

    Martin, you are ridiculous when you blur out IPs used in your subnetwork. Those IPs are grey, no point in hiding them.

    1. anon said on December 2, 2014 at 5:42 am

      What’s wrong with having privacy of your own local network?

      1. archie said on December 2, 2014 at 3:21 pm

        Privacy is important.

        Last month I stambled upon a fool: he leaked both his localhost and local gateway to me.

        Just like that, straight to my face !

        Since he was such a fool, I’ll just go and leak them here for him : and

        I hope that will teach him a lesson. Please do not crosslink, though: there is such a thing as going too far…

  2. DJ said on December 1, 2014 at 4:05 pm

    I use ‘tcpview’ from SysInternals.

  3. Glen said on December 1, 2014 at 3:13 pm

    I use Prio—it inserts a TCP tab in Task Manager, plus it has a few other useful things like silent elevation and task priority setting.

    I think you reviewed it years ago, which is how I found out about it.


    1. Martin Brinkmann said on December 1, 2014 at 3:29 pm

      I think I have reviewed it here on Ghacks before and liked it quite a bit. Thanks!

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.