Information on the use of the portof am may be necessary in the case of suspected infection by computer Trojans. On it, in particular, may indicate features such as increased traffic or network activity of the computer at the time, when you do not use the Internet.
If you suspect infection of your computer first check which local portyou opened on it. To do this, open a command prompt: "start" - "All programs" - "Accessories" - "Command prompt". Enter in the terminal window the command netstat – aon, it will show all current connections.
In the first column of the list indicates the type of connection. In the second local address and the used port. The column "Foreign address" shows the address which connects your computer. In the column "Status" you can view the status of the connection – whether it exists in the moment - ESTABLISHED, over – TIME_WITE or program listens to the port, that is ready for communication – LISTENING. Finally, the PID column shows the process ID is a numeric code through which you can easily understand what the process is "hanging" on a particular port.
Type in the same window, the tasklist command, you will see a list of running processes. In the second column, just behind the names of the processes indicated by their identifiers. For example, you see on the first list that you open a local port 3564. Then look in the last column (PID) and find the process ID – for example, 3388 (data are different). Now go to the second table, the second column the PID 3388 and to the left of it you see the name of the opened this port of the program.
To get more information about addresses that connects to your computer, use the appropriate network services. For example, this: http://www.ip-ping.ru/whois/ Enter in the desired ip address, click "Request" and you will get all available data.
Advice 2: How to find out what ports the program uses
On the computer at the same time operates a variety of programs. If the program uses Internet connection, it is allocated a specific port. Sometimes the user may need to control which port is used by one or the other program.
The need to determine which ports uses the program (or any program uses ports), typically occurs in the case of suspected infection by computer Trojans. If you notice something suspicious, open a command prompt: "start" – "All programs" – "Accessories" – "Command prompt".
At the command prompt command tasklist and hit Enter. You will get information about all running system processes. Note the PID is the process ID. It will help to determine which program uses a particular port.
In command prompt type netstat –aon and press Enter. You will see a list of current connections. In the column "Local address" at the end of each line indicates the port number. In the graph the PID specified process IDs. Looking at the port number and the corresponding PID, go to the processes list and the ID number will determine which process is using this port.
If you are unable to name the process to understand which program it belongs to, use the one suitable in this case programs. For example, a program Everest, it is also Aida64. Run the program, select "Operating system", select "Processes". In the processes list find the right and view the line of its launch. This will help to determine which program owns a process.
Use for the same purpose the program AnVir Task Manager. It allows you to track all the suspicious processes, including the process of programs linking to the Internet. All suspicious processes are highlighted in the programs list in red.
If you see that port being used unknown to you program, in the presence of the current connection in the "External address" (netstat –aon), you will see the ip address of the computer from which the connection is established. In the column "Status" will be the value ESTABLISHED – if the connection is present at the moment; CLOSE_WAIT if the connection is closed; LISTENING, if the program is waiting for connection. The latter is typical for backdoors - one of the varieties of Trojans.