Analyze active network connections with Process Network Monitor
Process Network Monitor is a free tool which highlights the network activity of the processes running on your PC.
The program opens with a table telling you more about any running process which has a network connection open: process name, description and file details, PID, session ID, TCP count, UDP count and the total number of connections.
Clicking any network connection lists active connections, including the local and remote hosts and port numbers, the remote host name and the connection status.
You’re able to filter the process list by port number, for example searching for port 80 to look for web-related processes.
There are right-click options to search for processes on VirusTotal, Process Library or Google. These work, but in a much more primitive way than other tools.
For example, Process Network Monitor doesn’t query VirusTotal directly and display the results within its own interface: instead it creates a hash of the file, creates a basic temporary HTML file to display and submit this, displays the page in your default browser, and finally takes you to the VirusTotal site to view the results.
If the process does seem suspect, you’re able to close it from the right-click menu in a couple of clicks (there’s no option to close the connection alone).
Overall, Process Network Monitor is a very basic tool which can’t begin to compare with best-of-breed system or network monitors. But it does just about do enough to be useful, and although the program requires installation, in our tests we were able to run it stand-alone. Just copy ProcNetMonitor.exe to a USB key and run it as required, on any convenient PC.
Process Network Monitor is available for Windows XP and later.