Subscribe

Get the Network Administrators tool pack

Subscribe to our newsletter and get 11 free network administrator tools, plus a 30 page user guide so you can get the most out of them.

Click Here to get your free tools

Recent Posts

Search

Archives

See if a program “phones home”

Post image for See if a program “phones home”

by Steve Wiseman on March 21, 2014 · 2 comments

in Tips


.

This week I got a question from Daniel:

“Hi Steve. When I find an app I like I download and play with it in a virtual machine. If it is from a lesser known firm it means I don’t know much about the company. I want to see if the app is connecting to the internet or any other network activity. How can I do this?”

Good question Daniel. First let me say that the size of the company does not matter. In fact the big ones are sometimes the worst offenders.

For example, www.download.com packages their downloads with all kinds of adware that will clog up your system. The anti-virus vendors all let it through since they are a big and trustworthy vendor (wink wink). The fun part is that our tools will get marked as a virus because they can be used for “hacking” – go figure 🙂

My point is, don’t let your guard down for anyone.

The tool I use is a free one from Microsoft. It is called Microsoft Network Monitor.

Network Monitor

Let me show you how I use it to see what an app is up to.

Lets pick an app to watch. Say…Google Chrome.

First, launch MS Netmon, and start a new capture:

New Network Capture

Start the capture, and we can see Chrome on our list:

Chrome network traffic

Click on it and lets see what chrome is up to:

Network Frame Summary

Since Chrome is *supposed* to be accessing the network / Internet, it is no surprise that there is quite a bit of info here.

From the output we can see quite a few packets. Just looking at the first one, we can see it is accessing accounts.l.google.com.

If we click on it, the frame below it shows the packet information. If you look carefully you can see that it is contacting a server on port 443.

Now with that knowledge in hand, you can setup your test VM with MS Network Capture. Run the program you are checking out, and start a capture. Let it run for a while. Then take a look and see what it has been up to. You might be surprised by what you see.

You can get NetMon from here:

32 Bit Version of Microsoft Network Monitor

64 Bit Version of Microsoft Network Monitor

One more thing…Subscribe to my newsletter and get 11 free network administrator tools, plus a 30 page user guide so you can get the most out of them. Click Here to get your free tools

Related Articles:

{ 2 comments… read them below or add one }

1 Mike Wu March 21, 2014 at 8:36 am

Thanks for the writeup steve. This is easier than I thought.

2 Dinesh M March 27, 2014 at 5:11 am

Hi Steve,

Small suggestion from my side. Sysinternals TCPView is light weight portable program which suits this need. Thank you.

Leave a Comment

Category Links - Windows Forum - Exchange Forum