"How to learn where traffic leaves"

"How to learn where traffic leaves"

Sooner or later there is a question where money on the Internet disappears. Often users need information which completely provides the step-by-step instruction for obtaining information - on what traffic at connection with the Internet on UCI is used. This technology will be useful at clarification of the reason of the raised traffic expense.

Instruction

1. It is necessary to start the command line of cmd.exe. For this purpose select the Execute item in the Start menu.

2. In a window which opened in line with the blinking insertion point it is necessary to type cmd.exe. We click input. The standard window of the interpreter opened: it is possible to pass this step and to pass at once to execution of the following step in the command line of your file manager, for example FAR. 111111

3. Further it is necessary to make the network netstat.exe team/? (netstat / is possible just?). It is possible to start it having keyed "Enter". As a result we receive the list with hints namely what result the network program at operation of any given keys can give. In this case we will be interested in more detailed information on activity of network ports and specific applications names.

4. Further it is necessary to check whether any malefactor scans our machine now. We enter in the command line: Netstat - p tcp – n or Netstat - p tcp – n. Here it is required to pay your attention to that very often same external IP address did not repeat (the 1st IP – the local address of your machine). Besides, about attempt of invasion a huge number of records of this kind can also testify: SYN_SENT, TIME_WAIT from one IP. For unsafe it is possible to accept frequent repetitions of network ports 139, 445 of the TCP protocol, both 137, and the 445th UDP protocol, from external IP.

5. Further we can consider that we are lucky, external invasion it is not noticed, and we continue to look for "the bad application" which devours traffic.

6. We gather the following: Netstat – b (the rights of the administrator are necessary here). As a result of it the huge protocol with statistics of work on the Internet of all your applications will be unloaded: This segment of the protocol shows that the uTorrent.exe program (the client for downloading and distribution of files in BitTorrent network) made distribution of files on two machines in network from open local ports 1459 and 1461.

7. Your right to decide whether it is necessary to stop this application. Perhaps, there is a certain sense to delete it from automatic loading. Here the activity of other licensed programs which work with network services is already marked: Skype, Miranda, and the 2nd works through the protected https protocol.

8. Definition of applications unfamiliar to you which without your permission, are connected to the Internet of network should become the final purpose of this analysis (it is unknown that they transfer). Further you already should use different methods of fight against "harmful" applications, since their shutdown from automatic loading and finishing with check by special utilities.

Author: «MirrorInfo» Dream Team


Print