Using TCPView to understand network activity: Advice?

Discussion in 'privacy general' started by Thelps, Dec 2, 2017.

  1. Thelps

    Thelps Registered Member

    Joined:
    Apr 1, 2012
    Posts:
    3
    Hi all,

    Using SysInternals' TCPView to get an idea of what programs are communicating with the network on Windows 10.

    Any tips as to how to minimise unsolicited network traffic both to and from my Windows 10 machine?

    Also, why do many programs sit in the LISTENING state with a Local Address of 0.0.0.0 and [0:0:0:0:0:0:0:0]?
     
  2. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    9,890
    Location:
    The Netherlands
    Normally speaking, Windows Firewall should block all incoming and outgoing connections. Only certain apps like the browser and certain system processes like svchost.exe should be able to make outbound connections. I'm not a firewall expert, but I believe the apps that are in the "LISTENING state" don't actually connect out, that's why they have a Local Address of 0.0.0.0. I assume they are all system processes, at least that's the case on my system.
     
  3. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,879
    Ummm, because they're listening ;)

    I'm pretty sure that, for IP addresses, zero always means *. So they're listening on all of the device's addresses.
     
  4. RockLobster

    RockLobster Registered Member

    Joined:
    Nov 8, 2007
    Posts:
    1,097
    Listening means waiting for an incomming connection.
    0.0.0.0 is unspecified address you should only see that if your computer is not connected to the internet so has no IP address.
    Unless, you are running a server application, in which case 0.0.0.0 means it is listening for incomming connections on all IP addresses assigned to your machine, for example the internet and a LAN at the same time.
     
    Last edited: Dec 2, 2017
Loading...