To control network connections on Windows operating system there is a regular utility netstat. To use it open a command prompt: start - All programs - Accessories - Command prompt and type netstat –aon. Press Enter, you will see a list of current network connections.
In the first column specify the connection type – TCP or UDP. Secondly you can watch a local address to use when connecting ports. The third graph will give you information about external ip addresses that connects to your computer. The fourth shows the connection status. In the fifth set connection ID (PID) number, which is the process in the system.
In the analysis of network connections, first of all, pay attention to the open ports. Each port is opened in any program, some applications may open several ports. How to know what program opens the port? To do this, type in the same command prompt window tasklist and press Enter. Opens a list of processes: in the first column indicated the name, the second the ID.
View the first list displayed by the netstat utility, ID you are interested in the connections (column PID). Then find this identifier in the second list. To his left, in the first column, you will see the name of the process that established the connection.
Pay attention to the network processes with a status of LISTENING. This state indicates that the program is in idle mode connection "listening port". Usually because the behavior of some Windows services, and backdoors - Trojans, allowing to establish a connection with the compromised computer. Determine the process of such program: if the name is unfamiliar to you and nothing says please enter in a line of search for more information.
The ESTABLISHED status indicates that a connection exists at the moment. By identifier you can determine the process that established the connection and ip address to figure out which computer made the connection. For this use http://url-sub.ru/tools/web/whois/
Stan is present in the Linux operating system. It is carried out in exactly the same way as in Windows. For a list of processes instead of tasklist, use the command ps –A.