Understanding exactly which processes are listening for incoming network connections (and why) is an important part of monitoring your PC’s security. You can uncover this information with Windows alone (just enter netstat -anb at an elevated command window), but if you’d like the data to be displayed in a more intelligible way, and get plenty of assistance to help you figure out exactly what’s going on, then you’ll need something like CloseTheDoor.
At first glance the program looks much like many similar networking tools. So you just launch it to instantly see a table of listening ports, with details like the network interface, port number, protocol (TCP -IPv4 or IPv6 – or UDP), the responsible process and its process ID, any associated services, and details taken from the process executable file (Company, Product, Description and so on). Which is good – but that’s just the start of CloseTheDoor’s abilities.
If you’re wondering why a particular port is open, for instance, then right-clicking that connection will reveal links to common Google and Wikipedia searches to help you find out. You can also jump directly to GRC.com’s port database to see if the port has an entry there. And there’s even a link to Sans.org’s usage statistics for this port. If none of the other sites know about it, and Sans.org reports a spike in usage over the past few days, then that could mean you’ve been hit by malware.
If you need more information, then the Commands menu provides easy access to useful data like the netstat report, or the list of currently running processes.
You also get quick links to many essential websites, covering everything from iana.org’s port list, to Black Viper’s service configuration site, and even GRC.com’s ShieldsUp!, ideal if you need to find out which of your ports (if any) are visible from the outside world.
If, after all this research, you’re sure a connection isn’t legitimate, then you can have CloseTheDoor terminate the parent process, or stop, disable and even uninstall the offending service. (You do need to be very sure the process isn’t anything important, though, or closing it could trash your PC.)
Or, if everything actually looks just fine, then you should probably use CloseTheDoor’s option to export its report as a CSV file. Then, the next time you run the program, you’ll have a baseline which you can use as a comparison, to help you highlight anything which might have changed.
What you won’t see listed here are processes listening to loopback addresses (localhost, 127.0.0.1), the reason being that this doesn’t in itself expose you to a security risk. While this is true, we’d still prefer to at least have the option to include them in the report, if only for completeness.
Otherwise, though, CloseTheDoor is an excellent, tiny (under 100KB download) and free tool. It’s also portable, doesn’t require administrative rights to do its work, and is a great way to find out more about network security on your PC, or any others you might visit.