I already wrote long ago about the netstat command windows in post View the TCP / UDP sessions with the active command prompt .
Today I will explain how to identify malware or do not like applications with this simple but powerful tool.
Here is how to monitor TCP connections using netstat, and get a detailed log of the processes accessing the internet without our knowledge:
Before starting the monitoring phase is well close all programs that connect to the internet as browsers, chat programs, clients peer 2 peer, etc. .. As we want to get a log file as "clean" as possible.
Make sure that your computer no more active connections , and leaving the PC connected to interntet start the command prompt and type:
netstat -bn [intervallo] >connections.log
the output statistics will be saved in a file connections.log:
all TCP connections will be logged the IP ports (-n) and the name of the processes that have initialized connections (-b). The interval, specified in seconds, is the frequency with which the command is invoked in loop.
netstat -bn 10 >connections.log
This is potentially an infinite loop, but you can stop at any time by pressing Ctrl + C.
Ideally leave listening for several hours or overnight.
And the output, here you see a connection to MSN Messenger:
Active Connections
TCP 192.168.1.1:1031 207.46.108.86:1863 ESTABLISHED 288
[Msnmsgr.exe][...]
You could also automate the time tracking using AT to stop the process time favorite:
C:\>time
The current time is: 00.00.00,00
Enter the new time:
C:\>at 06:00 cmd /c "taskkill /F /IM cmd.exe"
C:\>netstat -bn 10 >connections.log
RSS feed for comments on this post · TrackBack URI
Leave a reply