Monday, 9 October 2017

How to detect the website that your computer/PC is secretly connecting to

I know at times you may be wondering why your connection to the internet seems too slow to your liking but that may be due to some spyware, malware that may using your network connection unknown to you, in the system background but in this article we are going to see how to detect website that your computer secretly connecting to.


It’s worth noting that most third-party firewalls will probably give you this same type of information as well as block things that are trying to connect… unless the applications managed to add an exclusion already. Better check anyway.

How to Check the Site Your Computer is Connecting To

Some many might have asked this question. How do find out the website that my computer connects to secretly? Don’t worry we are going to be sharing a method using netstat command from a command prompt window. This works for windows 7,8,10, Vista and XP. If you’re still using XP, make sure you are running at least Service Pack 2, and just assume that somebody already hacked your computer because your operating system is now a teenager.

In this tutorial we will use the netstat command to generate a list of everything that has made an Internet connection in a specified amount of time. To use the netstat command, you must run the command prompt window as administrator.
If you are using Windows 8.x you can right-click on the Start Button and choose the Command Prompt (Admin) option.

If you are on Windows 7 or Vista, open the Start menu and enter “cmd.exe” in the Search box. When the results display, right-click on cmd.exe and select Run as administrator from the popup menu and also for windows 10 users, you can search for cmd in your system and run as an administrator to continue with this tutorial.

Whenever the User Account Control dialog box displays, click Yes to continue. Note: The dialogue box displays depend on the User Account Control Settings

At the command prompt, input in the below commands and press Enter.

netstat -abf 5 > activity.txt

The –a option shows all connections and listening ports, the –b option shows you what application is making the connection, and the –f option displays the full DNS name for each connection option for easier understanding of where the connections are being made to. You can also use the –n option if you wish to only display the IP address. The 5 option will poll every 5 seconds for connections to make it more easy to track what is going on, and the results are then piped into the activity.txt file.
Wait about two minutes and then press Ctrl + C to stop the recording of data.

After you are done recording your data, open the activity.txt file in any editor of your choice to view the generated results or you can also type activity.txt at the command line to open it in Notepad

The results will display all the processes on your computer (browsers, IM clients, email programs, etc.) that have made an internet connection in the last two minutes, or however long you waited before pressing Ctrl + C. It also lists which processes connected to which websites on your computer.


If you see process names or website addresses with which you are not familiar, you can search for “what is (name of unknown process)” in Google and see what it is. It may be a system function you don’t know about or a function of one of your running programs. However, if it seems like a bad site, you can use Google again to find out how to get rid of it.

Using TCPView to Check What Your PC is Connecting To

The excellent TCPView utility that comes in the SysInternals toolkit will let you quickly see exactly what processes are connecting to what resources on the Internet, and even let you end the process, close the connection, or do a quick Whois lookup to give you more information. It’s definitely our first choice when it comes to diagnosing problems or just trying to get more information about your computer.

Note: When you first load TCPView, you might see a ton of connections from [System Process] to all sorts of Internet addresses, but this usually isn’t a problem. If all of the connections are in the TIME_WAIT state, that means that the connection is being closed, and there isn’t a process to assign the connection to, so they should up as assigned to PID 0 since there’s no PID to assign it to.

This usually happens when you load up TCPView after having connected to a bunch of things, but it should go away after all the connections close and you keep TCPView open.

Using CurrPorts to Check What Your PC is Connecting To

Alternatively, you can also use a free tool, called CurrPorts to see the see the list of all currently opened TCP/IP and UDP ports on your local computer. It is a portable program and doesn’t need to be installed. To use it, extract the .zip file you downloaded and run cports.exe.

For each port that CurrPorts lists, information about the process that opened the port is displayed. You can select connections and close them, copy a port’s information to the clipboard or save it to an HTML file, an XML file, or a tab-delimited text file. You can reorder the columns displayed on the CurrPorts main window and in the files you save. To sort the list by a specific column, simply click on the header of that column.

CurrPorts runs on the following OS Windows NT, Windows 2000, Windows XP, Windows Server 2003, Windows Server 2008, Windows Vista, Windows 7, and 8, and probably 10. There is a separate download of CurrPorts for 64-bit versions of Windows. You can find more information about CurrPorts and how to use it on the website

I believe with the help of this tutorial,you have been able to see the website that your computer is secretly connecting and with this you can be able to minimize your data to avoid wastage.

Get our updates delivered to your inbox

No comments:

Post a Comment

Want to get all latest updates from

Subscribe to DbencoPlanet to get all the latest updates free!