Do you know which programs and processes access the Internet on your computer and why? While it is easy enough to tell for programs that won't really work without Internet, web browsers for instance, it is often the case that the sheer number of system processes and programs that connect to the Internet is surprising.
I like to check these on my machines regularly to make sure only those that I'm comfortable with happen. One of the programs that I use for this is the excellent CurrPorts by Nirsoft.
NetStalker feels in many regards like an improved version of CurrPorts. It displays all network activity on start but instead of refreshing the list on demand only, it is refreshing it in real-time to make sure it catches new connections as they happen.
Attention: The installer will install third-party programs without prompt. In particular, it installs Health Alert and Wajam on systems. The portable version is clean and won't do that. We suggest you use the portable version of the program because of this.
Apart from that, it displays prompts whenever it catches a new program connecting to the Internet to give you options on how to handle it.
The main program interface lists process names, protocols, local and remote addresses as well as the process' location on the system.
A right-click on a row displays a context menu with options related to that process and connection. This includes options to kill the process or close the connection, to resolve the host or copy the remote address, and to create a new rule which enables you to allow or block connections permanently.
Rules and policies work independently from other security software that you may use or have installed on your system.
The program ships with two policy files that consist of a number of rules that determine which ports and addresses are allowed and rejected. You will still receive prompts if programs try to access the Internet using any of the select address/port combinations but will notice that everything else is rejected outright.
It is important to make sure all required ports are accepted by the program and that ports that may not be required are not.
This can be done under Policy in the program interface. The program uses a normal policy file by default but ships with a high policy file as well which you can load. The core difference is that fewer ports are accepted by default by the high policy file.
NetStalker ships with options to pause the real-time monitoring of connections or the filtering at any time via the filter menu. There you find the list of filtered processes which lists all programs that tried to access the Internet while the program was running.
Policies can be saved and you may create new ones as well from within the program. This can be useful if you want to import the set of rules on another machine.
What I like the most about NetStalker is that it goes beyond the reporting of processes with network connections. While that is certainly useful, the notification prompts it displays, the real-time monitoring and the option to block or allow certain address/port combinations makes it that more useful.
The main difference to a firewall is the program's simplicity when compared to most firewall solutions for Windows. Plus, it is available as a portable program that you can run from any location on the system.
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.