If you think your computer is communicating secretly with a program that shouldn’t be there, the methods below will help you identify it.
Windows 10 makes a lot of connections to outside servers by default. For example, after a reboot and without any programs running, Windows 10 makes several connections to OneDrive, Cortana, and even desktop search. To secure Windows 10 from communicating with Microsoft servers too often, read my article on the subject. ..
To start, open the command prompt and type netstat -an. This will show you all the network connections your computer has made and how many of them are active. You can then use the following command to see which websites your computer is visiting: netstat -a | grep “www.” This will list all the websites that your computer has visited since you started up your computer.
Resource Monitor
The Resource Monitor tool can help you see all the connections your computer is making. To open it, you have to click on Start and then type in resource monitor. You’ll see several tabs across the top and the one we want to click on is Network.
This tab displays different types of data about the computer’s network activity. You can see how many processes are using the network, how much traffic is being sent and received, and which ports are open. ..
In this section, you can see all the data that is being updated in real time. You can click on a header to sort the data in ascending or descending order. You can also see the total amount of data sent and received in bytes per second for each process.
For example, if you’re not sure what nvstreamsvc.exe is, you should check the data in the other sections to figure out what it is. The Address field in Network Activity should give you an IP address or the DNS name of the remote server. ..
The information in this article is not going to help you figure out whether something is good or bad. You have to use some third-party websites to help you identify the process. Firstly, if you don’t recognize a process name, go ahead and Google it using the full name, i.e. nvstreamsvc.exe.
Always, be sure to click through at least the first four to five links before making a decision about whether or not a program is safe. In my case, I found that the NVIDIA streaming service was safe, but I didn’t need it. Specifically, the process is for streaming games from your PC to the NVIDIA Shield, which I do not have. Unfortunately, when you install the NVIDIA driver, it installs a lot of other features you may not want. ..
Since this service runs in the background, I never knew it existed. It didn’t show up in the GeForce panel and so I assumed I just had the driver installed. Once I realized I didn’t need this service, I was able to uninstall some NVIDIA software and get rid of the service, which was communicating on the network all the time, even though I never used it. So that’s one example of how digging into each process can help you not only identify possible malware, but also remove unnecessary services that could potentially be exploited by hackers.
If you’re having trouble connecting to a game, first make sure that the game is installed and registered on your computer. Then, check to see if the game is up-to-date by visiting the Steam website and clicking on the Updates tab. If you’re still having trouble connecting, try restarting your computer and trying again. ..
If you see an IP address connecting to a server in a strange location, it might be a sign that there is malware on the computer. Googling the process will usually lead you to articles on how to remove the malware. ..
Third Party Programs
TCPView: This tool shows you the TCP connections on your computer. CurrPorts: This tool shows you the ports on your computer.
The rows you are mostly interested in are the ones that have a State of ESTABLISHED. You can right-click on any row to end the process or close the connection. Here’s a screenshot of CurrPorts:
When browsing through the list of CurrPorts, be sure to consider ESTABLISHED connections. There are many more columns for each process in this database than in the other programs. This information can be very useful when making decisions. ..
Command Line
Finally, there is the command line. We will use the netstat command to give us detailed information about all the current network connections outputted to a TXT file. The information is basically a subset of what you get from Resource Monitor or the third-party programs, so it’s really only useful for techies.
netstat -an This will show you the active network connections and their status. You can see that there are three active connections, one of which is the localhost.
-abfot: This is the name of the file where the netstat data will be saved. -nocolor: This tells netstat to save data in a color instead of black and white. -maxfilesize: This tells netstat to save data as much as possible.
However, there are a few differences. The first is that the file doesn’t include the process name. This is because when we run the command “ps -ef | grep processname”, it returns nothing because the process name isn’t in the system’s memory. The second difference is that the file includes a remote IP Address/DNS name instead of just a local IP Address/DNS name. This is because when we run the command “ps -ef | grep remoteIPAddress”, it returns something like 192.168.1.2 or 192.168.1.3 depending on where you are on Earth and what your network card is set up to do (like most people). The third difference is that the file includes a connection state instead of just an open or closed state. This is because when we run the command “ps -ef | grep connectionState”, it returns something like connected or not connected which can be helpful if you want to know whether or not someone has connected to your system recently (like if they were using your system for work).
This data is a first step in determining if something fishy is going on or not. You’ll have to do a lot of Googling, but it’s the best way to know if someone is snooping on you or if malware is sending data from your computer to some remote server. If you have any questions, feel free to comment. Enjoy!
