How do I work out who connects to what application?


  1. Posts : 50
    Windows 7 Home Premium 64 bit
       #1

    How do I work out who connects to what application?


    I have Win 7 Home Premium and I run Netgadget which tells me amongst other things what active connections there are on my system at the moment. I have often been curious about this information and wondered about how legitimate some of these connections are.

    For instance right now I have a connection established to IP address 62.103.65.80 and netGadget says this is "dulac--r.static.otenet.gr". If I do a Whois search on the IP address I'm told it belongs to OTENET who are "Multiprotocol Service Provider to other ISP's and End Users located in Greece and having nodes in 63 cities".

    Now I have no reason to believe this isn't a genuine site, but to the best of my knowledge there is no reason why I should have any connection right now to a site in Greece. I have my Hotmail account open and 2 IE tabs open to WHOIS and this forum. In addition I have several other gadgets open to the BBC, the UK Met office, Airmiles (a UK rewards company) and Skype.

    So my question is does anyone know how I might track down which application on my system is holding the connection to the OTENET user?

    By the way whilst I was writing this entry the Greek connection went away and I now see I have a connection to a site in Russia (83.149.3.64 ip-83-149-3-64.nwgsm.ru on port 57104) - I'm getting quite worried (paranoid, even) about these even though I have a good firewall etc all up to date.
      My Computer


  2. Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       #2

    Nwgsm.ru - Nw Gsm
    Are you downloading anything? It could also be just a cyberspace ping.
      My Computer


  3. Posts : 8,870
    Windows 7 Ult, Windows 8.1 Pro,
       #3

    Wireshark is pretty good at this sorta thing.
    Wireshark Go deep.
      My Computer


  4. Posts : 1,289
       #4

    Bernard46 said:
    So my question is does anyone know how I might track down which application on my system is holding the connection to the OTENET user?
    Hi Bernard,

    A tool I develop called Process Hacker should do exactly what you need, You can grab it from here: https://www.sevenforums.com/projects/...esshacker.html

    Just click the network tab to view all processes network activity, you can also right-click a connection and ping/tracert/whois the connection directly from PH.
    If you spot any processes with suspicious network connections, right-click them on the Processes tab and goto Miscellaneous > Upload to VirusTotal and have that executable scanned by over 30 different anti-virus engines

    (FYI: The latest versions don't have four tabs, this does since Im working on a new interface )

    How do I work out who connects to what application?-ph.jpg

    Hope it helps

    Steven
      My Computer


  5. Posts : 50
    Windows 7 Home Premium 64 bit
    Thread Starter
       #5

    Fantastic


    That's a great tool Steven - just what I needed and way beyond what I was expecting. You have yourself a donation - not a lot, but enough to buy yourself a beer or two when the sun gets too hot down there.

    Can I make one suggestion? How about allowing a choice of colour coding based on the state of network connections (ala Process view) - say pastel shades which could be permanent (not go away after a few seconds) to enable one to monitor estblished or listening etc?

    regards, Bernard
      My Computer


  6. Posts : 5,747
    7600.20510 x86
       #6

    From a command prompt:

    netstat -abno

    Wireshark is very good too. Process Hacker seems like a cool deal, although I never used it.
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 02:15.
Find Us