I have many programs open at any point on my computer, many of which connect to the internet without me even realizing it. If I want to know which of these programs are connecting outside the world through port 443, a secured HTTPS that encrypts everything coming in or going out, how would I do that?
NetStat is a Windows command-line that displays active network connections, ports that the local computer is listening to, Ethernet statistics, routing table, etc. With the -b switch running in an elevated command prompt window, I can find the executable file involved in creating each connection and its listening port.
NetStat -b
But it’s hard to filter through the output to find out what I am exactly looking for.
Get-NetTCPConnection, the NetStat’s PowerShell cousin, also gets current TCP connections with additional filtering options available right out of the box.
To get a list of established connections to remote port 443,
Get-NetTCPConnection -RemotePort 443 -State Established
The only problem, it doesn’t tell me which program is utilizing which connection on the list.
We will need some help from the cmdlet Get-Process. To display the process name, use the following.
(Get-Process -id $id).ProcessName
If you need the full path of where the executable resides, use this instead.
(Get-Process -id $id).Path
Now since Select-Object supports calculated properties on the fly, we can define a variable that calculates the property from the original OwningProcess property from the Get-NetTCPConnect cmdlet. Thanks to the tip from PowerTips.
Putting together, the following script lists all programs that connect to the internet via HTTPS protocol.
$Process = @{
Name='Process'
Expression={
# return process path
(Get-Process -Id $_.OwningProcess -ErrorAction SilentlyContinue).ProcessName
}
}
# get all connections to port 443 (HTTPS)
Get-NetTCPConnection -RemotePort 443 -State Established |
# and resolve IP and process ID
Select-Object -Property $HostName, RemotePort, OwningProcess, $Process If you want to list all programs that connect to the internet regardless of which ports they go through, remove -RemotePort 443 out of the Get-NetTCPConnection cmdlet.
And if you want to see if you have any program using the insecure HTTP connection, replace 443 with 80 in the command. You may end up with an error message stating that no matching MSFT_NetTCPConnection objects found by CIM, which is a good sign telling you that you didn’t have any programs using the insecure HTTP connection.
The post How To Tell Which Programs are Connecting to the Internet via Certain Ports on Windows appeared first on Next of Windows.