Re: Unknown download activity in background - how to determine what it is?

Cyberiade.it Anonymous Remailer · 07-28-2007, 10:47 AM

On Sat, 28 Jul 2007, "Vanguard" <vanguard.x@comcast.net> wrote:
>"John" wrote in message news:46aaffc3$0$31730$db0fefd9@news.zen.co.uk...
>>
>> Vanguard wrote:
>>
>>> Use a software firewall that shows you the current connections and
>>> level of traffic. Comodo has a good firewall for free.
>>
>> I'm not sure that will show the poster what they want to know. It will
>> only confirm what they already know surely.
>
>Mine shows which which process (by applications) is using what port and
>to where it connects and on what port along with how many bytes came in
>or went out. Seems what the OP wants to know.
>
>I'm using the Comodo firewall (free) right now. As I recall when using
>the Sygate Pro firewall, it also had decent logging.

That is good to know. It seems to be a good firewall, especially for
freeware. I just installed it and it's working great, AFAICT.

Here is the manufacturer's link:

http://www.personalfirewall.comodo.com/

Ckyp

Andy Walker · 07-28-2007, 10:56 AM

Cyberiade.it Anonymous Remailer wrote:

>>>> Use a software firewall that shows you the current connections and
>>>> level of traffic. Comodo has a good firewall for free.

Or, you could simply run some simple DOS commands to determine what
program(s) are using external connections.

c:\netstat -nab > netstat.txt
c:\more netstat.txt

Look for established connections using foreign addresses other than
127.x.x.x. You should be able to determine what port and what process
is communicating, as well as the external IP address.

To check the external IP address go to http://www.dnsstuff.com and
enter it into the "IP Information" box.

Vanguard · 07-28-2007, 03:52 PM

"Andy Walker" wrote in message news:46ab6529.6936765@news.webtv.com...
>
> Or, you could simply run some simple DOS commands to determine what
> program(s) are using external connections.
>
> c:\netstat -nab > netstat.txt
> c:\more netstat.txt
>
> Look for established connections using foreign addresses other than
> 127.x.x.x. You should be able to determine what port and what process
> is communicating, as well as the external IP address.
>
> To check the external IP address go to http://www.dnsstuff.com and
> enter it into the "IP Information" box.

I couldn't remember the 'netstat' command. I kept thinking 'net' but
that doesn't list the current port usage. Thanks for the reminder. One
of these, it'll find some better brain cells to stick to.

dc · 07-28-2007, 11:55 PM

Andy,

What does the -b parameter do?
I couldn't find it, and when I included it, I got the help legend.
After looking at the legend, I did this...
c:\netstat -na > netstat.txt
Did you mean to use another pararmeter
and if so, what is the command
What is this for? c:\more netstat.txt
Just trying to learn...

thanks in advance,
dc

"Andy Walker" <awalker@nspank.invalid> wrote in message
news:46ab6529.6936765@news.webtv.com...
> Cyberiade.it Anonymous Remailer wrote:
>
> >>>> Use a software firewall that shows you the current connections and
> >>>> level of traffic. Comodo has a good firewall for free.
>
> Or, you could simply run some simple DOS commands to determine what
> program(s) are using external connections.
>
> c:\netstat -nab > netstat.txt
> c:\more netstat.txt
>
> Look for established connections using foreign addresses other than
> 127.x.x.x. You should be able to determine what port and what process
> is communicating, as well as the external IP address.
>
> To check the external IP address go to http://www.dnsstuff.com and
> enter it into the "IP Information" box.

Andy Walker · 07-29-2007, 03:18 PM

dc wrote:

>Andy,
>
>What does the -b parameter do?

Here is the help description from netstat:

-b Displays the executable involved in creating each connection or
listening port. In some cases well-known executables host
multiple independent components, and in these cases the
sequence of components involved in creating the connection
or listening port is displayed. In this case the executable
name is in [] at the bottom, on top is the component it called,
and so forth until TCP/IP was reached. Note that this option
can be time-consuming and will fail unless you have sufficient

You can use an alternative method through the use of the -o switch.

-o Displays the owning process ID associated with each connection.

In order to determine the process name you can run task manger
(ctrl-alt-del), select view/select columns and add Process Identifier.
This will allow you to match the process ID output from the netstat
command with a process name.

>I couldn't find it, and when I included it, I got the help legend.

Older versions of the netstat command did not include the -b switch.

>After looking at the legend, I did this...
>c:\netstat -na > netstat.txt
>Did you mean to use another pararmeter
>and if so, what is the command

See the -o info above.

>What is this for? c:\more netstat.txt

It is the "more" command used to read the file "netstat.txt" created
when you used the ">" pipe command. Using more allows you to see the
entire file one page at a time. You could also use a text reader like
notepad or to stay in the DOS window try "edit netstat.txt".

dc · 08-01-2007, 11:00 PM

"Andy Walker" <awalker@nspank.invalid> wrote in message
news:46acf1f3.108514421@news.webtv.com...
> dc wrote:
>
> >Andy,
> >
> >What does the -b parameter do?
>
> Here is the help description from netstat:
>
> -b Displays the executable involved in creating each connection or
> listening port. In some cases well-known executables host
> multiple independent components, and in these cases the
> sequence of components involved in creating the connection
> or listening port is displayed. In this case the executable
> name is in [] at the bottom, on top is the component it called,
> and so forth until TCP/IP was reached. Note that this option
> can be time-consuming and will fail unless you have sufficient
>
> You can use an alternative method through the use of the -o switch.
>
> -o Displays the owning process ID associated with each connection.
>
> In order to determine the process name you can run task manger
> (ctrl-alt-del), select view/select columns and add Process Identifier.
> This will allow you to match the process ID output from the netstat
> command with a process name.
>
> >I couldn't find it, and when I included it, I got the help legend.
>
> Older versions of the netstat command did not include the -b switch.
>
> >After looking at the legend, I did this...
> >c:\netstat -na > netstat.txt
> >Did you mean to use another pararmeter
> >and if so, what is the command
>
> See the -o info above.
>
> >What is this for? c:\more netstat.txt
>
> It is the "more" command used to read the file "netstat.txt" created
> when you used the ">" pipe command. Using more allows you to see the
> entire file one page at a time. You could also use a text reader like
> notepad or to stay in the DOS window try "edit netstat.txt".

Thank you Andy,
Appreciate your taking the time

dc

Thread: Re: Unknown download activity in background - how to determine what it is?

Thread Tools

Display