The netstat command can help us understand the overall usage of the network. Depending on the netstat parameters, it can display different network connection information. Netstat parameters, some of which are described below. How to detect whether there is a Trojan horse, the computer system backstage has been secretly manipulated, whether to be monitored. Today we talk about how to query suspicious connection, call Task Manager Ctrl+shift+esc key combination, find the corresponding PID value, right click to end the process.
Windows comes with powerful intrusion detection Tool--netstat command query whether the Trojan
First, netstat command detailed
1, Netstat-a
-a displays all connections and listening ports, including the TCP port or UDP port used for local and remote system connections, the external connection on the local machine, and the state of the system connected to our remote and local and remote systems,
Use this parameter to see if the computer's system services are normal, to determine whether the system is planted trojan, if found abnormal port and service, to close the port or service in a timely manner. The NETSTAT-A command can also be used as a real-time intrusion detection tool to determine if an external computer is connected to the local computer.
2. The- n parameter can display the IP address of the external host connected to the local computer, not the NetBIOS name of the machine, as shown in the-a parameter.
3,-e parameters can display Ethernet statistics, combined-s-p use. -S displays statistics for each protocol , by default, displays statistics for TCP, UDP, and IP protocols, plus-p to specify whether to display TCP, UDP, or IP protocols.
4.-R parameter can display the contents of the routing table, similar to the route print (can make the dual NIC work at the same time very useful command).
5,-o parameter can display the local and external host connected to the PID value, Taskkill need to pass this value to interrupt the connection
Second, find suspicious connection, call Task Manager Ctrl+shift+esc key combination to find the corresponding PID value process
1. Some task managers do not see PID columns, such as finding the PID column
In Task Manager, locate the process that corresponds to the PID value and right-click the end process. It's not fully protected at this point, more thoroughly. New rule for Group Policy
2. Enter Group Policy command: Win+r, enter Gpeidt.msc return
3, according to the protocol new IP Security policy-new port blocking intrusion port, completely keep the computer safe.
Windows comes with powerful intrusion detection Tool--netstat command query whether the Trojan