CurrPorts 2.5: sent and received bytes added to program
CurrPorts 2.5, a new version of the program that lists open TCP/IP network ports and connections, lists sent and received bytes, and sent and received packets in its interface.
CurrPorts by Nirsoft was one of the first programs that I reviewed here on Ghacks Technology News. The first CurrPorts review dated back to November 2005, the second to 2010.
The application lists processes that with open ports or connections when you run it. It lists programs that you started, a web browser like Chrome or Firefox, but also processes that started automatically or are listening on specific ports.
The program serves two main purposes in my opinion. First, as a helper program to harden a Windows PC. Harden in this context means to close ports that are open but not required. Hardening requires research often as you may not know if you can close a port like 135 or how to close it when you come to the realization that closing it has no negative impact on the functionality of the PC.
CurrPorts 2.5
CurrPorts is a portable program that you may run right after you have downloaded it to the local system and extracted the archive it is distributed as.
Some functionality requires elevated privileges; right-click on CurrPorts to run the program with administrative rights.
Version 2.5 of CurrPorts introduces new data columns for sent and received bytes, and sent and received packets.
You need to run CurrPorts 2.5 with elevated rights to see the new columns. Nir Sofer notes that the new columns are only displayed if "auto refresh" is enabled and if "collect send/receive bytes information" is turned on; this is the case by default for both of the options.
CurrPorts displays lots of information in a table when you run it. You may need to scroll to the right to display the new data columns in the interface.
Note that you may reorder the columns using drag and drop, and also hide columns by right-clicking on a column and selecting "choose columns" from the context menu.
A left-click on a column header sorts the list of processes using that metric. You may sort by sent or received bytes to display the processes used to transfer the most bytes, or to list all processes with data transfers.
You can disable auto refresh at any time using Alt-D to block the program from refreshing the whole table. Another option that you have is to export the data to analyze it in a different program.
Closing Words
CurrPorts 2.5 introduces sent and received bytes and packets information which extend the use of the application even further. You may use the new functionality to list all programs with network traffic; useful in finding out which programs connect to a network or Internet, and in prioritizing the hardening process.
Now You: Have you used CurrPorts in the past? What's your take on the application?
Related articles
- Harden Windows with Hard Configurator
- Harden Windows PCs with SysHardener
- Hardentools: make Windows more secure by disabling features
I prefer using Sysinternals “TCPView”, which has had that functionality since forever. I do however, like Nir Sofers’ programs a lot and his “curports” has been around as long as TCPView, and it works well.
Watch out for Windoze Defender on this one, tags it as a trojan and automagically deletes it as soon as you try to unzip the file.
In contrast to Defender, AVG Internet Security marked the install as suspicious. and completed its analysis in an hour or two with a message it was OK to install.
A good way to have all Nirsoft, Winternals etc tools ready and updated is called WSCC, check it out
@Emil:
Seconded, except that I’m pretty sure WSCC doesn’t cover *all* Nirsoft and Sysinternals tools: it excludes several that it and a whole bunch of anti-malware programs consider to be “hacking” tools. (And I guess they are, but not if *you* use them on *your own* computer.)
I may recommend this to a few people to check out.
Am using the paid version of NetLimiter
that has a connection killer on each separate
application(that can be expanded, showing all
and a kill switch on all).
Wonder if CurrPorts runs off the Base Filtering Engine like NetLimiter does.
Regular user of of cports. With cports I found out Waterfox connects every time with my Facebook blocking host file, even when all extensions are disabled.
So for me it is very useful to see what connections different browsers make at startup. Thanks for the update.