1. Detect network connections
If you suspect that someone has installed a * on your computer or is infected with a virus, but you don’t have complete tools to detect whether this is really happening, you can use the network commands provided by Windows to see who is connecting to your computer.
The specific command format is: the netstat -an -o command can see all IPs that establish connection with the local computer. It contains four parts: proto (connection method), local aDDRess (local connection address), foreign address (local connection address), and state (current port status). Through the detailed information of this command, we can fully monitor the connections on the computer, thereby achieving the purpose of controlling the computer.
Before reading the following content, take a look: Teach you to recognize the IP address of special purpose networks
1.We pass: Start, run, input cmd, input netstat -an -o (note the space) you can see as shown in the figure:
2. I will introduce to you the specific meaning of it:
For example: TCP 192.168.0.56:2150 221.130.44.194:8080 ESTABLISHED 2860
proto (connection method) refers to: protocol type, mainly including tcp and udp
local address: Because my local ip is 192.168.0.56, it is him. 2150 is the port that your computer opens.
foreign address (the address that establishes a connection with the local area) refers to the IP address of the intrusion of the computer (when you visit some websites, each content such as pictures, flash, etc. in the website must be established separately, and it will also connect to your computer.It's not appropriate to invade the computer. For example: Visit Baidu: May appear: TCP 192.168.0.56:1045 202.108.250.249:80 ESTABLISHED) 221.130.44.194 It is connected to me. 8080: It is a connection initiated by me on port 8080.
state (current port status): For example:
TIME_WAIT: means that the connection is ended (for example: if the web page is browsing, it will become TIME_WAIT state)
LISTENING: Listening. Only the tcp port can be like this (if it is udp, it must be a *). The port is open.
ESTABLISHED: Sharing, indicating that the two are connected
CLOSE_WAIT: The connection is not closed correctly. It is still waiting for the application to be closed (CLOSE_WAIT). If it is always in the CLOSE_WAIT state, it is possible that the application exits abnormally and the exception is not properly handled.
SYN_SENT: Indicates that a connection is requested. When you want to access other computer services, you must first send a synchronization signal to the port. At this time, the status is SYN_SENT. If the connection is successful, it will become ESTABLISHED. At this time, the status of SYN_SENT is very short. But if you find that there are a lot of SYN_SENT and are sending to different machines, your machine may be infected with viruses such as shock waves or oscillation waves. In order to infect other computers, this type of virus needs to scan other computers, and during the scanning process, it must issue a synchronization request to each computer to be scanned, which is also the reason why many SYN_SENTs occur.
For other statuses, you can search on Baidu and it will be OK.
pid (session) will be discussed next.
If you suspect that someone has installed a * on your computer or is infected with a virus, but you don’t have complete tools to detect whether this is really happening, you can use the network commands provided by Windows to see who is connecting to your computer.
The specific command format is: the netstat -an -o command can see all IPs that establish connection with the local computer. It contains four parts: proto (connection method), local aDDRess (local connection address), foreign address (local connection address), and state (current port status). Through the detailed information of this command, we can fully monitor the connections on the computer, thereby achieving the purpose of controlling the computer.
Before reading the following content, take a look: Teach you to recognize the IP address of special purpose networks
1.We pass: Start, run, input cmd, input netstat -an -o (note the space) you can see as shown in the figure:
2. I will introduce to you the specific meaning of it:
For example: TCP 192.168.0.56:2150 221.130.44.194:8080 ESTABLISHED 2860
proto (connection method) refers to: protocol type, mainly including tcp and udp
local address: Because my local ip is 192.168.0.56, it is him. 2150 is the port that your computer opens.
foreign address (the address that establishes a connection with the local area) refers to the IP address of the intrusion of the computer (when you visit some websites, each content such as pictures, flash, etc. in the website must be established separately, and it will also connect to your computer.It's not appropriate to invade the computer. For example: Visit Baidu: May appear: TCP 192.168.0.56:1045 202.108.250.249:80 ESTABLISHED) 221.130.44.194 It is connected to me. 8080: It is a connection initiated by me on port 8080.
state (current port status): For example:
TIME_WAIT: means that the connection is ended (for example: if the web page is browsing, it will become TIME_WAIT state)
LISTENING: Listening. Only the tcp port can be like this (if it is udp, it must be a *). The port is open.
ESTABLISHED: Sharing, indicating that the two are connected
CLOSE_WAIT: The connection is not closed correctly. It is still waiting for the application to be closed (CLOSE_WAIT). If it is always in the CLOSE_WAIT state, it is possible that the application exits abnormally and the exception is not properly handled.
SYN_SENT: Indicates that a connection is requested. When you want to access other computer services, you must first send a synchronization signal to the port. At this time, the status is SYN_SENT. If the connection is successful, it will become ESTABLISHED. At this time, the status of SYN_SENT is very short. But if you find that there are a lot of SYN_SENT and are sending to different machines, your machine may be infected with viruses such as shock waves or oscillation waves. In order to infect other computers, this type of virus needs to scan other computers, and during the scanning process, it must issue a synchronization request to each computer to be scanned, which is also the reason why many SYN_SENTs occur.
For other statuses, you can search on Baidu and it will be OK.
pid (session) will be discussed next.
12Next pageRead the full text