Sometimes we notice that everything in our computer looks normal but our Internet connection become slower than it runs in routine. There may be a chance that our system may have some malware, spyware, or adware which may be using your Internet connection in the background without your knowledge. Here’s how to see what’s going on under the hood. Most of the third-party firewalls may not help you except they will probably give you the same information like blocked things that are trying to connect. The “netstat” command may be a very useful solution in such case.
|PC secretly connecting unknown websites|
What is “netstat”(Network Statistics) command.
“netstat”(Network Statistics) is a command line network utility tool that displays network connections for the Transmission Control Protocol (both incoming and outgoing), routing tables, and a number of network interface (network interface controller or software-defined network interface) and network.
Operating System supporting “netstat”(Network Statistics) command
“netstat”(Network Statistics) command can run on Windows 8, 7, Vista, and XP(Service pack 2 or higher).
How to run “netstat”(Network Statistics) command
It is easy to run “netstat” command but make sure that to run “netstat” command you need full access to the system means you must have the administrator’s rights and not a users rights.Open the command prompt.
Copy and paste or type the following command in the command prompt-
netstat -abf 5 > activity.txt
Wait for some time (About two minutes) and then press Ctrl + C to stop the recording.
Now simply open the activity.txt file in your favorite editor to see the results.
If you type activity.txt at the command line the file will open in Notepad.
Explanation about “netstat” command syntax
Here let me explain a little more. In the “netstat” I have used “-abf 5” which is a combination of “-a, -b, -f and 5” which represent as -–a to shows all connections and listening ports,
–b to shows you what application is making the connection, and the
–f to displays the full DNS name for each connection
5 to poll every 5 seconds for connections to make it more easy to track what is going on, and the results are then piped into the activity.txt file.
To display the IP address only you can use –n