Tech Juice

Say you have identified – through Wireshark or other means – that your computer is communicating with a certain IP. If you suspect this might be a rogue process or a virus ‘phoning home’ then you might want to dig a little deeper.

The oldest trick in the book is to use netstat. A post on Techrepublic describes this method in-depth, but I will describe the important elements here. With command below you get a list of all TCP and UDP sockets, and their associated process ID’s:

netstat -noa

The image below is courtescy of Techrepublic

Now you can use the process ID (PID) to find the name of the process. The default Windows task manager does not display them, but they are easily enabled through View -> Select Columns. Check the PID box, see the image below.

Of course if you are using Process Explorer (as you should) then the PID’s are at your disposal already. With other tools in the the brilliant Sysinternals suite you can make life even easier. The TCPView tool was specifically built for the problem we are trying to solve:

TCPView is a Windows program that will show you detailed listings of all TCP and UDP endpoints on your system, including the local and

…

I found a post at tech-recipes.com, which contains some very useful information. Sometimes you need to open a command prompt, i.e. when programming or doing some administrative tasks. This requires opening cmd.exe, then typing some commands to navigate to the directory of choice. There is a shortcut: a way to open the command prompt that opens up with a Windows Explorer directory as its current working directory.

Windows 7

On Windows 7 it is really simple: right-click anywhere in the Windows Explorer window while holding shift. This will add the option Open command window here to the context menu.

Windows XP

This requires some more work, check the original article for a detailed guide!…