necessary to run a command line cmd.exe.To do this, click "Start," click "Run."
In the window that opens, in line with a blinking cursor would type cmd.exe.Press enter.That opens a window interpreter: this step may skip, and jump to the next step in the command line of your file manager, for example FAR.111111
Next you need to type a network command netstat.exe /? (You can just netstat /?).You can run it by pressing «Enter».As a result, we get a list of tips, namely, what result can provide network program in the operation of certain keys.In this case, we are interested in more information about the activity of the network ports
and specific application name.
Next you need to check to see whether the scans some attacker is now our car.Enter the command prompt: Netstat -p tcp -n or Netstat -p tcp -n.There need to draw your attention to the fact, not to be repeated very often one and the same external IP-address (1st IP - the local address of your machine).In addition, about an intrusion attempt may also reveal a huge number of entries of this type: SYN_SENT, TIME_WAIT from one IP.For insecure can take frequent reruns of network ports 139, 445, protocol TCP, and 137 and 445 protocol UDP, an external IP.
Then we can assume that we are lucky, external invasion is not seen, and we continue to look for the "poor application", which consumes bandwidth.
dialing the following: Netstat -b (here need administrator privileges).As a result, unloaded a huge protocol statistics using the Internet all your applications: This segment of the protocol shows that the program uTorrent.exe (client for downloading and file sharing network BitTorrent) was distributed files on the two machines on the network to open local ports1459 and 1461.
your right to decide whether to stop the application.Perhaps there is some sense to remove it from startup.There has to detect the activity of other legitimate programs that work with network services: Skype, Miranda, and the 2nd working through a secure protocol, https.
The ultimate goal of this analysis should be to identify unfamiliar to you applications that without your knowledge, are connected to the Internet network (who knows what they convey).Next, you should already use a variety of ways of dealing with "bad" applications, since their startup and shutdown of the test ending special tools.