Posted: March 6, 2012 in by Bobby Ray Stacy
Tags: , , ,


I found this last night during my travels and tried it out today. It works like a charm, takes all of about a minute, and I believe it turned up a hacker on my PC, in that it revealed two established connections.

I actually believe the video is misleading, in that it’s only logical that if you’re connected to the internet in the first place, then this utility should reflect that, listing an “established connection”. To me this is only basic common sense.

But I have two, and I’m only hooked up to the internet once. And after further investigation into this method and approach to finding hackers and malware, I have found independent verification of its validity and utility by expert sources.

So I have included this video here as a visual teaching aid for you to use while learning this method.

Just kinda getting into it all now, when I learn more I’ll get back to you…


Cmd.exe / Command Shell Overview

The command shell is a separate software program that provides direct communication between the user and the operating system. The non-graphical command shell user interface provides the environment in which you run character-based applications and utilities.

The command shell executes programs and displays their output on the screen by using individual characters similar to the MS-DOS command interpreter

The Windows XP command shell uses the command interpreter Cmd.exe, which loads applications and directs the flow of information between applications, to translate user input into a form that the operating system understands. (Microsoft)



Displays active TCP connections, ports on which the computer is listening, Ethernet statistics, the IP routing table, IPv4 statistics (for the IP, ICMP, TCP, and UDP protocols), and IPv6 statistics (for the IPv6, ICMPv6, TCP over IPv6, and UDP over IPv6 protocols).

Used without parameters, netstat displays active TCP connections and includes the process ID (PID) for each connection, however, addresses and port numbers are expressed numerically and no attempt is made to determine names. You can find the application based on the PID on the Processes tab in Windows Task Manager. (Microsoft)



The netstat command is a Command Prompt command that you can use to dig up all sorts of very interesting things about the individual connections your computer is making to other computers – both over the Internet and on your own network.

One of the coolest netstat tricks is netstat -o. Running netstat this way will show you all the active connections at that moment, plus show you the process identifier (PID) for each of those connections. You can then use Task Manager to track down the program with the corresponding PID, matching the open connection to a specific program on your computer.

This can be extremely  handy when trying to track down a piece of malware, figure out where a keylogger is sending your information to, or determine which of your programs is hogging your bandwidth.

Netstat is available in all versions of Windows – Windows 7, Windows Vista, Windows XP, the Server operating systems, and even Windows 98! (Tim Fisher, Guide)


Tim Fisher over at has this command line thing down to a fine art. Rather than plagiarize all his stuff and plant it over here to take up reams of space, go on over there and take a look at what he’s got. He pretty much covers all the bases on how to run “Tracert” checks, etc., and get hostnames, find out whatever’s lying between your computer and your ISP, etc.

I’ll include that link and some other links to extremely comprehensive material regarding all this, and you can figure it out on your own while I get out here and try and make a dollar to pay the rent.  When I get a clear handle on how to work everything I’ll probably revise this post and lay it all out in streamlined, organized fashion.

I’m really glad I found this… I think it’s a good thing to learn how to use. And it’s dirt simple. I just haven’t had time to take it all the way yet. When I do I’ll post up the results…


Tim Fisher’s Netstat material, located at:



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s