The Finest Hand-Selected Downloads
Individually reviewed & tested
Store News

Monitor your PCs open internet connections with TCPView

18 November 2009, Mike Williams

tcpviewAt any one time a typical PC will have a host of applications trying to get online. There might be a browser, perhaps; an email client checking your Inbox; an antivirus program downloading the latest signatures, or one of your other programs calling home to see if there’s an updated version available.

Of course if your PC has been infected by something nasty then the list may also detail more dubious activities, like spyware trying to transmit your personal information to its owner, or bots downloading new ways to compromise your system. That’s why it pays to check your open connections, just occasionally, to make sure you know exactly how your internet connection is being used.

Launch the tiny TCPView (a mere 208kb zip file) and it’ll immediately list all your PCs open connections. For each connection you’ll see the name of the process that opened it, the remote address (the place it’s trying to reach) and the status of that connection. This might be “Listening” if the process is waiting for something to respond, for instance, or “Established” if it’s reached the remote address and started to exchange information.

It’s surprising how many connections you might find – we spotted 92 on our test PC – but don’t panic, most of these will be network connections and perfectly normal. If the “Remote Address” column includes your PCs name (“MyPC:0”), “localhost”, a local network address (192.168….) or just “*.*”, for instance, then the connection isn’t trying to communicate over the web. Ignore those and look instead for Remote Address entries that look like internet server names or IP addresses. We found only one of these, where the address was cpc1.bigg2-0-0-cust169.lutn.cable.ntl.com:42643 (no, really), and when we checked the Process column we found that belonged to Skype – it was legitimate.

If you’re not so lucky and find a process you don’t recognise making an internet connection, then TCPView offers several tools to help.

Right-click the process and select Process Properties, for instance. You’ll see the folder where it was stored and the command line used to launch it, which may give you some clues as to its identity.

Right-clicking the process and selecting WhoIs will display details on who owns the remote address. If it’s a legitimate business that you recognise (the company behind your spam filter, say) then that’s good; if it’s a random PC in China then it probably isn’t.

If neither the process name or remote address tell you anything useful then we’d enter them at Google to find out more. Hopefully you’ll find out they’re harmless, but if they look like malware then you can right-click the connection and select Close to shut it down, or even End Process to terminate the program (though beware, closing an important system process can immediately crash your PC).

TCPView can only close an existing connection, of course – if you have been infected by malware then it’ll come back again when you reboot, or maybe even sooner. And so your final step should be to download and install an antivirus tool like AVG Free that will track down the infection and remove it for good.

Your Comments & Opinion

45,041,859
Downloads
Secure & Tested Software
6,482
Reviews
Instant Download 24/7
315,174
Members
10+ Years of Service