Want to know if some data on your computer is being sent stealthily through your Internet connection or if some application or hidden program is connecting to Internet without your permission? You may even be interested to know about the behind-the-scene internet activity of the authorized applications (including browsers) which you may have installed yourself. Well, your computer already has a tool installed on it to know about such unwanted or unauthorized Internet activity. Of course, this tool will also tell you about the Internet activity of the authorized applications as well. This is the Netstat tool (Network Statistics), which is a command-line tool available on the Windows.
This tool may be quite useful to find out whether some stealthy applications are stealing your information such as your passwords or your keyboard-activity or some other sensitive data. The Internet has several big advantages and has revolutionized the way information can be accessed and distributed as also the way we conduct our business transactions, and much more. However, at the same time, the Internet also has several lurking dangers which can harm your interests in several ways if you are not cautious while using it. Your computer may have several applications installed on it without your knowledge. A lot of spyware, whether malicious or not, gets installed on your computer without your knowledge or permission even through your regular or normal Internet use. And, the biggest problem would be that you may not even be aware that your important data is being stolen by such hidden applications and is being sent to some unknown locations through Internet.
The Netstat tool is quite useful to know about such normal or abnormal Internet activity of your computer. This tool is available on most of the operating systems including Windows (XP, Vista, and other WinNT-based systems), Unix, Linux, Solaris, Mac OS. However, the usage of this tool may differ slightly in different operating systems. What is mentioned below is for the Windows operating system.
To detect all the Internet activity on your computer (including the secret activity of the hidden applications), do the following:
1. Click on “Start” Button and then on the “Run…” button on the Windows and then type “cmd” and click OK to start the DOS Command Prompt window. Or alternatively, you can click on the Start > Programs > Accessories > Command Prompt to open the said DOS Command Prompt window.
2. Now type “netstat –b 2 > C:\internet.txt” on the Command Prompt and press Enter button. Here “2” stands for “2 seconds” (i.e., the time interval after which Internet activity will be watched continuously); if you want you can use other time interval in seconds. The words “C:\internet.txt” show the file name and path name of the file in which the activity report generated by Netstat is to be saved; if you so wish you can use a different path and file name; for default directly open in the Command Prompt window, simply use the words “internet.txt” or any other similar file name you wish. Please also note that “-b” parameter will work only on the Windows XP and Windows 2003 Server. For other operating systems, you can try using “-a” parameter. Also see the detailed help on this tool for other parameters which can be used.
3. Now wait for some time, say 2-3 minutes, and meanwhile if you so wish you can do some computer activity such as keyboard activity or browsing some website on Internet. After that, press Ctrl + C keys to stop the Netstat tool.
4. Now, open the aforesaid text file (in the above example, “internet.txt” in the root directory of C drive). You will see the activity report of the Internet usage of your computer during the aforesaid duration of time. A sample activity report (abridged and adjusted, to show the important parts only) is displayed as under:
You can easily notice that this activity report shows all the Internet activity on your computer with the names of all the processes which connected to the Internet along with the addresses of the websites to which they connected. You will notice that the names of browsers, email clients, other applications, software, etc., which have had some Internet activity during this period will also be shown along with the names of the websites contacted.
Examine this activity report in detail. If needed, run the Netstat tool for slightly longer periods at different time intervals, and more so when you are doing some activity on the computer such as typing some password, etc. (however, be aware that if you run it for a very long period, the activity report file may grow quite big depending upon your Internet activity). If you find that there is some process name or software name which you have not installed or which is otherwise suspicious-looking and which is connecting to the Internet, you may try to look into the Task Manager to find out which process is related to which executable file on your computer (you can also use the Process Explorer tool which is made freely available by Microsoft, for finding out the executable file for that process). Once you are sure that such suspicious process or executable file is unauthorized and malicious and that you have not installed it yourself, you may consider to delete / eliminate such process / executable file to prevent future risk to your data and your computer. However, be doubly sure that you don’t delete any useful process / executable and you must know what you are doing; if needed, consult the Windows documentation or the documentation of the software(s) you have installed or else search on the Internet before deleting such suspicious-looking files.
I may point out that Netstat tool can also be used for several other purposes. Please see the help/details of this tool to find out more about it.
Certain commercial applications are also available for detecting your Internet activity which may perhaps be more user friendly. You may try to search them through Internet.
Did you like this article? To get all such articles from Tech Superb directly:
Related Articles:
If you would like to make a comment, please fill out the form below.
