A large proportion of the software installed on a computer these days requires some form of internet access, whether it’s for registering, activating or just for updates, even if the software itself has no need for a web connection during normal usage. Unfortunately, malicious software will use your internet connection in a similar way as well, although what it sends is far more likely to be your personal data and what it receives could be more malware code. Sometimes there just might be a process connected to another piece of software that you really don’t expect or want to have access, but often you won’t even know this network activity is going on behind the scenes.
With so many programs periodically going online to do their tasks, it can be difficult to stay totally safe. What you need is something to give a you picture of what is going on with your internet connection and what software is actually trying to use it. There are utilities around to do this and sometimes there will be some sort of similar function in security software, but there’s a tool called Proc Net Monitor which aims to be easy to use, but also offer some very useful options. Proc Net Monitor is from SecurityXploded who make a lot of useful internet and network tools. This one will monitor and analyze the network activity of all running Programs on your system while also showing active network connections for each process and what ports are being used. If you identify that any programs accessing the internet look suspicious, there’s an option to check with some online services to hopefully find out.
There has been a recent update that added the new GUI interface, Online Malicious Process Verification, Right Click Context Menu and advanced HTML/XML Reporting. Proc Net Monitor comes with the portable version and the setup installer in the same zip file, so once it’s extracted, it can be launched either way.
The layout is pretty clean with buttons and extra options kept to a minimum. The main part of the window displays all current processes requiring network access. Listed is information such as name, PID, TCP/UDP connections along with the date and path of the process. Above the window is the option to search for processes using a specific port or unhide the processes which are not trying to access the network.
Double clicking an entry will show the file properties and right clicking will bring up a context menu with some useful options if you are not 100% sure of the running process. Firstly, if you have any major doubts about it, you can kill it. Secondly, there is a very handy sub menu to submit any suspicious processes to VirusTotal.com, ProcessLibrary.com or simply perform a Google search. The last entry can open the file location in which the selected process resides. File Properties… is the same as double clicking the entry.
The lower left window will list any open network ports the process is using and their type.
The lower right window displays the active network state of the process including host names and addresses and active local and remote ports.
There is also an option to export what is displayed in the current windows as an HTML or XML file. Compatible with Windows XP, Vista and 7