Waxaad si fiican u hubin kartaa in kombuyuutarku ku xidhan yahay server-ka martigelinaya mareegahayga markaad akhrinayso maqaalkan, laakiin marka lagu daro xidhiidhada muuqda ee shabakadaha ka furan shabakada internetka, kombuyuutarku waxaa laga yaabaa inuu ku xidho dhammaan martigaliyayaasha kale ee kale. kuwaas oo aan muuqan.

Inta badan, run ahaantii ma rabto inaad sameyso wax ku qoran maqaalkan sababtoo ah waxay u baahan tahay inaad eegto waxyaabo badan oo farsamo ah, laakiin haddii aad u maleyneyso inuu jiro barnaamij kombuyuutarkaaga ah oo aan ahayn inuu jiro si qarsoodi ah loola xiriiro. internetka , hababka^(Internet) hoose ayaa kaa caawin doona inaad aqoonsato wax aan caadi ahayn.

Waxaa xusid mudan in kombuyuutarka ku shaqeeya nidaamka hawlgalka sida Windows oo leh barnaamijyo yar oo la rakibay uu ku dambayn doono samaynta xiriiro badan oo ka baxsan server-yada. Tusaale ahaan, mashiinkayga Windows 10 ka dib dib-u-kicinta oo aan lahayn barnaamijyo socda, dhowr xiriir ayaa la sameeyaa Windows lafteeda, oo ay ku jiraan OneDrive , Cortana iyo xitaa raadinta miiska. Akhri maqaalkayga ku saabsan sugidda Windows 10^{(securing Windows 10)} si aad u ogaato siyaabaha aad uga hortagi karto Windows 10 inaad marar badan la xiriirto server-yada Microsoft .

Waxaa jira saddex dariiqo oo aad u mari karto la socodka xidhiidhada uu kombuyuutarku ku sameeyo internetka^(Internet) : iyada oo loo marayo amarka degdegga ah, addoo isticmaalaya Kormeeraha Kheyraadka^{(Resource Monitor)} ama barnaamijyada dhinac saddexaad. Waxaan doonayaa inaan xuso degdegga amarka ee u dambeeyay maadaama taasi tahay tan ugu farsamada badan uguna adag in la qeexo.

Kormeerka Kheyraadka

Habka ugu fudud ee lagu hubin karo dhammaan xidhiidhada uu kombuyuutarku samaynayo waa adiga oo isticmaalaya Kormeeraha Kheyraadka^{(Resource Monitor)} . Si aad u furto, waa in aad gujisaa Start oo aad ku qortaa  kormeeraha kheyraadka^{(resource monitor)} . Waxaad arki doontaa dhowr tabs oo ku yaal dusha sare oo ka aan rabno inaan gujino waa Network .

Shabkaan, waxaad ku arki doontaa dhowr qeybood oo leh noocyo kala duwan oo xog ah: Nidaamyada Hawsha^{(Processes with Network Activity)} Shabakadda , Hawlaha Shabakadda^{(Network Activity)} , Xiriirinta TCP^{( TCP Connections)} iyo Dekadaha Dhageysiga^{( Listening Ports)} .

Dhammaan xogta ku qoran shaashadahaan waa la cusboonaysiiyay wakhtiga dhabta ah. Waxaad riixi kartaa madaxa tiir kasta si aad u kala saarto xogta sida kor u kacaysa ama hoos u dhacaysa. Habka Hawsha Shabakadda ^{(Processes with Network Activity )} Qaybta Hawsha Shabakadda, liisku waxa ku jira dhammaan hababka leh nooc kasta oo hawlo shabakadeed ah. Waxa kale oo aad awoodi doontaa inaad aragto wadarta cadadka xogta la soo diray oo lagu helay bytes halkii ilbiriqsi ee hawl kasta. Waxaad ogaan doontaa in uu jiro sanduuq saxan oo madhan oo ku xiga hawl kasta, kaas oo loo isticmaali karo shaandhaynta dhammaan qaybaha kale.

Tusaale ahaan, maan hubin waxa nvstreamsvc.exe yahay, markaa waan hubiyay ka dibna eegay xogta qaybaha kale. Hoosta Hawsha Shabakadda^{(Network Activity)} , waxaad rabtaa inaad eegto goobta ciwaanka^(Address)  , kaas oo ku siin doona ciwaanka IP-ga ama magaca DNS ee server-ka fog.

Laftigeeda, macluumaadka halkan kuuma caawin doono inaad ogaato inay wax fiican yihiin ama xun yihiin. Waa inaad isticmaashaa qaar ka mid ah boggaga internetka ee dhinac saddexaad si ay kaaga caawiyaan inaad aqoonsato habka. Marka hore, haddii aadan aqoonin magaca habraaca, horay u sii soco oo Google u isticmaal adiga oo isticmaalaya magaca buuxa, ie nvstreamsvc.exe .

Had iyo jeer, dhagsii ugu yaraan afar ilaa shanta xiriir ee hore oo waxaad isla markiiba heli doontaa fikrad wanaagsan in barnaamijku badbaado yahay iyo in kale. Kiiskeyga, waxay la xiriirtay adeegga qulqulka NVIDIA , kaas oo badbaado leh, laakiin maaha wax aan u baahanahay. Gaar ahaan, nidaamku waa ka qulqulka ciyaaraha kombuyutarkaaga ilaa NVIDIA Shield , oo aanan haysan. Nasiib darro, markaad rakibto darawalka NVIDIA , waxay ku rakibaysaa waxyaabo badan oo kale oo aadan u baahnayn.

Maadaama adeegani uu gadaal ka socdo, waligay maan ogayn inuu jiro. Kamay muuqan qaybta GeForce oo markaa waxaan u qaatay inaan kaliya darawalka ku rakibay. Markii aan ogaaday inaanan u baahnayn adeegan, waxaan awooday inaan uninstall-ka ka saaro qaar ka mid ah software-ka NVIDIA oo aan ka takhaluso adeegga, kaas oo ku xiran shabakada mar kasta, inkastoo aanan waligey isticmaalin. Markaa taasi waa hal tusaale oo ku saabsan sida qodista geeddi-socod kastaa uu kaa caawin karo inaadan kaliya aqoonsan malware-ka suurtagalka ah, laakiin sidoo kale meesha laga saaro adeegyada aan loo baahnayn ee suurtogalka ah inay ka faa’iidaystaan ​​tuugadu.

Marka labaad, waa inaad raadisaa ciwaanka IP-ga ama magaca DNS ee ku qoran goobta ciwaanka^(Address) . Waxaad ka eegi kartaa qalab sida DomainTools , kaas oo ku siin doona macluumaadka aad u baahan tahay. Tusaale ahaan, hoos Hawsha Shabakadda^{(Network Activity)} , waxaan ogaaday in habka steam.exe uu ku xirayo ciwaanka IP 208.78.164.10. Markii aan taas ku dhejiyay aaladda aan kor ku soo sheegnay, waan ku faraxsanahay inaan barto in domainka ay maamusho Valve , oo ah shirkadda iska leh Steam .

Haddii aad aragto ciwaanka IP-ga oo ku xidhan serfer ku yaal Shiinaha^(China) ama Ruushka^(Russia) ama meel kale oo qariib ah, waxa laga yaabaa inaad dhibaato kala kulanto. Googling habka ayaa sida caadiga ah kuu horseedi doonta maqaallo ku saabsan sida loo saaro software-ka xun.

Barnaamijyada Xisbiga Saddexaad

Kormeere kheyraadku^{(Resource Monitor)} aad buu u fiican yahay wuxuuna ku siinayaa macluumaad badan, laakiin waxaa jira qalabyo kale oo ku siin kara macluumaad yar oo dheeri ah. Labada qalab ee aan ku taliyo waa TCPView iyo CurrPorts . Labaduba waxay u egyihiin isku mid, marka laga reebo in CurrPorts ay ku siiso xog badan oo dhan. Halkan waxaa ah sawirka TCPView:

Safafka aad xiisaynayso inta badan waa kuwa leh Dawlad^(State) la Dhisay^{(ESTABLISHED)} . Waxaad xaq u guji kartaa saf kasta si aad u dhammayso hawsha ama u xidho xidhiidhka Halkan waxaa ah sawirka CurrPorts:

Mar labaad, fiiri isku xirka ESTABLISHED marka aad ka dhex baadhayso liiska. Sida aad ka arki karto gunta gunta hoose, waxaa jira tiirar kale oo badan oo geeddi-socod kasta oo CurrPorts ah . Waxaad runtii heli kartaa macluumaad badan adoo isticmaalaya barnaamijyadan.

Line Command

Ugu dambeyntii, waxaa jira khadka taliska. Waxaan u isticmaali doonaa amarka netstat si uu na siiyo macluumaad faahfaahsan oo ku saabsan dhammaan isku xirka shabakadaha hadda ee loo soo saaro faylka TXT . Xogtu asal ahaan waa qayb ka mid ah waxa aad ka hesho Kormeeraha Kheyraadka^{(Resource Monitor)} ama barnaamijyada qolo saddexaad, marka runtii waxa ay faa'iido u leedahay teknoolojiyadda.

Waa kan tusaale degdeg ah. Marka hore^(First) , fur amarka maamulaha^{(Administrator)} oo ku qor amarka soo socda:

netstat -abfot 5 > c:\activity.txt

Sug^(Wait) ilaa hal daqiiqo ama laba ka dibna taabo CTRL + C kiiboodhkaaga si aad u joojiso qabashada. Amarka netstat ee kor ku xusan wuxuu asal ahaan qabsan doonaa dhammaan xogta isku xirka shabakada shantii ilbiriqsi kasta wuxuuna ku keydin doonaa faylka qoraalka. Qaybta abfot waa tiro xaddidan si aan macluumaad dheeri ah ugu helno faylka. Waa kan micnaha halbeeg kasta, haddii aad xiisaynayso.

Markaad furto faylka, waxaad arki doontaa isla macluumaadka aan ka helnay labada hab ee kale ee kor ku xusan: magaca nidaamka, borotokoolka, nambarada dekedaha maxalliga iyo kuwa fog, IP Address/DNS magaca DNS, gobolka isku xirka, aqoonsiga nidaamka, iwm. .

Mar labaad^(Again) , dhammaan xogtan ayaa ah tillaabada ugu horreysa ee lagu go'aaminayo in wax kalluunku socdo iyo in kale. Waxaad u baahan doontaa inaad sameyso wax badan oo Googling ah , laakiin waa habka ugu fiican ee lagu ogaan karo haddii qof uu kugu khiyaameynayo ama haddii malware uu xogta ka soo dirayo kombuyuutarkaaga server-ka fog. Haddii aad wax su'aalo ah qabtid, xor u noqo inaad faallo ka bixiso. Ku raaxayso!

Monitor Hidden Website and Internet Connections

You can be pretty sure that your computer is connected tо the server hostіng my website as you rеad this articlе, but in additiоn to the obvious connections to the sites open in your web browser, your computer may be connecting to a whole host of оther servers that are not visiblе.

Most of the time, you’re really not going to want to do anything written in this article since it requires looking at a lot of technical stuff, but if you think there is a program on your computer that shouldn’t be there communicating secretly on the Internet, the methods below will help you identify anything unusual.

It’s worth noting that a computer running an operating system like Windows with a few programs installed will end up making a lot of connections to outside servers by default. For example, on my Windows 10 machine after a reboot and with no programs running, several connections are made by Windows itself, including OneDrive, Cortana and even desktop search. Read my article on securing Windows 10 to learn about ways you can prevent Windows 10 from communicating with Microsoft servers too often.

There are three ways you can go about monitoring the connections that your computer makes to the Internet: via the command prompt, using Resource Monitor or via third-party programs. I’m going to mention the command prompt last since that’s the most technical and hardest to decipher.

Resource Monitor

The easiest way to check out all the connections your computer is making is to use Resource Monitor. To open it, you have to click on Start and then type in resource monitor. You’ll see several tabs across the top and the one we want to click on is Network.

On this tab, you’ll see several sections with different types of data: Processes with Network Activity, Network Activity, TCP Connections and Listening Ports.

All the data listed in these screens are updated in real time. You can click on a header in any column to sort the data in ascending or descending order. In the Processes with Network Activity section, the list includes all the processes that have any kind of network activity. You’ll also be able to see the total amount of data sent and received in bytes per second for each process. You’ll notice there is an empty checkbox next to each process, which can be used as a filter for all the other sections.

For example, I wasn’t sure what nvstreamsvc.exe was, so I checked it and then looked at the data in the other sections. Under Network Activity, you want to look at the Address field, which should give you an IP address or the DNS name of the remote server.

In and of itself, the information here won’t necessarily help you figure out whether something is good or bad. You have to use some third-party websites to help you identify the process. Firstly, if you don’t recognize a process name, go ahead and Google it using the full name, i.e. nvstreamsvc.exe.

Always, click through at least the first four to five links and you’ll instantly get a good idea of whether or not the program is safe or not. In my case, it was related to the NVIDIA streaming service, which is safe, but not something I needed. Specifically, the process is for streaming games from your PC to the NVIDIA Shield, which I don’t have. Unfortunately, when you install the NVIDIA driver, it installs a lot of other features you don’t need.

Since this service run in the background, I never knew it existed. It didn’t show up in the GeForce panel and so I assumed I just had the driver installed. Once I realized I didn’t need this service, I was able to uninstall some NVIDIA software and get rid of the service, which was communicating on the network all the time, even though I never used it. So that’s one example of how digging into each process can help you not only identify possible malware, but also remove unnecessary services that could possibly be exploited by hackers.

Secondly, you should look up the IP address or DNS name listed in the Address field. You can check out a tool like DomainTools, which will give you the information you need. For example, under Network Activity, I noticed that the steam.exe process was connecting to IP address 208.78.164.10. When I plugged that into the tool mentioned above, I was happy to learn that the domain is controlled by Valve, which is the company that owns Steam.

If you see an IP address is connecting to a server in China or Russia or some other strange location, you might have a problem. Googling the process will normally lead you to articles on how to remove the malicious software.

Third Party Programs

Resource Monitor is great and gives you a lot of info, but there are other tools that can give you a little bit more information. The two tools that I recommend are TCPView and CurrPorts. Both pretty much look exactly the same, except that CurrPorts gives you a whole lot more data. Here’s a screenshot of TCPView:

The rows you are mostly interested in are the ones that have a State of ESTABLISHED. You can right-click on any row to end the process or close the connection. Here’s a screenshot of CurrPorts:

Again, look at ESTABLISHED connections when browsing through the list. As you can see from the scrollbar at the bottom, there are many more columns for each process in CurrPorts. You can really get a lot of information using these programs.

Command Line

Finally, there is the command line. We will use the netstat command to give us detailed information about all the current network connections outputted to a TXT file. The information is basically a subset of what you get from Resource Monitor or the third-party programs, so it’s really only useful for techies.

Here’s a quick example. First, open an Administrator command prompt and type in the following command:

netstat -abfot 5 > c:\activity.txt

Wait for about a minute or two and then press CTRL + C on your keyboard to stop the capture. The netstat command above will basically capture all network connection data every five seconds and save it to the text file. The –abfot part is a bunch of parameters so that we can get extra information in the file. Here is what each parameter means, in case you are interested.

When you open the file, you’ll see pretty much the same information that we got from the other two methods above: process name, protocol, local and remote port numbers, remote IP Address/DNS name, connection state, process ID, etc.

Again, all of this data is a first step to determining whether something fishy is going on or not. You’ll have to do a lot of Googling, but it’s the best way to know if someone is snooping on you or if malware is sending data from your computer to some remote server. If you have any questions, feel free to comment. Enjoy!

Related posts

• Yaa Leh Internetka? Dhismaha Shabakadda ee La Sharaxay

• Sida Looga Badbaadiyo Kormeerahaaga si aad u Hesho Qiimo Cusub oo Ciyaareed

• Anshaxa Faallaynta Internetka si aad u horumariso khibradaada bulsho

• Dib u eegista Kormeeraha Firefox: waxa ay tahay iyo sida ay u ilaaliso faahfaahinta soo galitaankaaga

• 7 shay oo ay tahay inaad maskaxda ku hayso markaad barbardhigto bixiyaasha internetka ee cusub

• Sida Loo Helo Furaha Qarsoon & Keydsan ee Daaqadaha

• Sida loogu daro aag qarsoon gudaha mugga VeraCrypt sir ah

• 10 Shabakadda 3.0 Tusaalayaal: Ma Mustaqbalka Internetka baa?

• Sida loo aamusiyo qof khilaaf ku jira

• Sida Facebook Xusuus Loogu Helo

• Sida loo soo dejiyo oo loogu rakibo Peacock on Firestick

• Sida loo wadaago isku xirka shabakada Wi-Fi gudaha Windows 11

• Sida Loo Sameeyo Internet Gurigaaga (Bilow)

• Ka ilaali qof kale inuu isticmaalo Isku-xidhka Internetka ee Wireless-kaaga

• Maxaad U Doonaysaa Kormeeraha CRT 2019?

• Ma bedeli kartaa Magacaaga Twitch? Haa, Laakin ka digtoonow

• Sida Loo Helo Mareeg Been Abuur ah Ama Isku-dayga Fiishka Xiliga Fasaxa

• Sida Loo Abuuro Shabakad Qarsoon Share Gudaha Daaqadaha

• Sida loo damiyo ama loo damiyo Koofiyadaha Qufulka ee Chromebook

• 10 Talooyin ah oo lagu xallinayo dhibaatada haddii intarneedkaagu ku xidhan yahay laakiin aanu shaqaynayn