People like you are spending more and more time online every day. You get the information you need from the Internet by way of the connections your computer makes with outside sources. Most of the time these connections are perfectly safe, but there may be malicious interactions taking place below the surface. Your computer may be transmitting private information, and you don’t even know it.
If you suspect your computer has malware or a security issue, there are some easy ways to see all of the connections it is making. Viewing a record of open ports and processes could expose unauthorized connections or transmission of data.
There are several tools available that display connection data for you. This article provides you with two online tools and a Windows process to use for this purpose.
To access your connections using PowerShell, first press Win + x. The Power User menu will open. This menu gives shortcuts to various tools in Windows.
Next, select the option for PowerShell (admin). You need to have admin privileges to run this tool.
Type this command:
and press Enter. At this point your computer will start recording the connections that are being made and save them to a text file.
Now let the program run for several minutes. You can continue working on something else if you’d like.
Stop the recording of the data by pressing Ctrl + c.
Type “activity.txt” and press Enter to view the information the program recorded.
Finally, open the .txt file in Notepad.
This Notepad document is stored in the System32 folder as shown below if you need to reference it later.
If you spot something on the list that you do not recognize, search online for it. If it turns out to be something that may be dangerous to your computer or privacy, search again to find out how to remove it.
TCPView from Microsoft is a tool available online to display the connections. You can download it for free, and it is also a part of SysInternals toolkit. When you run this program, you will be viewing the list of connections in real time. Since it is in real time, you can end processes, close connections, and look up more information right from the tool as it runs.
To use TCPView:
1. Go to the download site for TCPView.
2. Click where it says download TCPView.
3. After it downloads, extract the files from the .zip folder.
4. Lastly, run the TCPView application file.
Directly from there, the tool will begin displaying all the current connections your computer is using. If you see something you are unsure of, you can right-click on the process and click on “Whois …” to get more information about it.
As the program is running, specific lines of data highlight with red, yellow, or green lines. These colored lines draw attention to any changes in the processes. A green highlight shows a device connection that has just opened, and when it closes, it will be red. Yellow highlights indicate a change has occurred in that connection.
This program works quickly, and the display jumps to different parts of the list quite often, making it difficult sometimes to click on a particular line.
If you plan on using this often, you may want to drag the application’s .exe file to the desktop or take careful note of where you saved it. It does not create an icon or add it to your list of programs.
CurrPorts is another online tool available for download from Nirsoft. It is very similar to TCPView, but it offers some more focused information. It also indicates changes in connections, but it has the added feature of highlighting any suspicious activity with a pink highlight.
To get this tool, download it here. It’s near the bottom of the page, so keep scrolling. Make sure to download the correct version if you need the program for a 64-bit version of Windows.
The installation process is identical to that of TCPView.
If you think something odd is going on with your computer, these programs and tools will help you get a head start on finding a solution for the problem.