By Roy Lopez

Posted: 2 Mar 2006

PROBLEM: Client calls you up and says that their computer seems to be slow, and that it seems to be talking a lot to the network even when they are not doing anything.

Here is a way to determine what your client's computer may be talking to. The following will help you to better understand what is going on.

SOLUTION: First, to understand what your system is talking to requires that you be able to access the command line in your client's Windows system. Once there, you will need to run the following command:

netstat ano

This will produce a listing of enabled IP addresses on the workstation. The listing will also break out the Protocols, the systems that are talking, and which ports they are using, but more importantly it also gives you the PID or Process ID. This PID is the Process ID of the application on your system that is the endpoint of this communication connection.

So now the question is, how do you figure out which process in your system is related to a particular PID.

Well in Linux or Unix you would run the ps command, but to my knowledge Windows does not have such a built-in command line utility. So Windows 2000 and XP the built-in alternative is to run the task manager, and there you will find all of the processes that are running on your system, but by default, without their PID. You can enable viewing of the PID by View, Select Columns, and select the PID.

After you have done this, opening the Process tab will show a listing of all the processes running on your client's computer and their related PID.

With all of this information, now you can tell what process is talking and make a educated determination as to whether it should be doing this or not. If the answer is not, then it is time to either run Add/Remove Programs, or your virus scanner, or your malware cleaner to get rid of this unauthorized talker. Hope this helps.

If you have any questions you may contact Roy at rlopez@askabas.com

