How to detect the IP Adress and Location of a specific process

December 29, 2020

How to detect the IP Adress and Location of a specific process

With any computer system, and it doesn’t really matter what operating system, there are many processes that use the internet to connect to remote servers. Each of these processes uses a specific port and ip pair to connect to a server, if they are either cloud based or use a server to get updates from. In the case of cloud based process, you essentially are either getting the service directly from a server via a client application, whihc means all of the processing is done on the server’s side, or you are using a server for some of the features of the process. In the other case, the process is just run to update either a parent process or another set of programs or even itself. Although there are many other uses for processes to use distant servers for some or all of their functionalities, eg. online games, cloud based application suites, APIs and others, we can deduct that knowing a little about how these processes function on the network side will do all IT professionals good. So in this article we want to discuss first some ways we can view the IP addresses that our processes are connecting to and discover the locations of these IP addresses. Then we will introduce some tools that you can use to view your processes’s network conditions more easily. But first let’s get to know the behind the scenes of the processes and how they function.

How do Applications Connect to a Network?

Essentially what applications do when they want to connect to an outside server is done in several ways. The process will use the OSI layer 7 to send data and the data will then get transferred via the other layers. If you want to look at it in the TCP-IP view of things the application layer in TCP IP is where the program functions. But windows will show you some information about the network layer too and those are the IP addresses and ports of the process that is being used. But first you should know that applications use both ports and IP addresses to function in the network world. These ports are either TCP or UDP ports that function as a way to identify what information goes where when a server sends the data to a specific IP address.
computer networks and the internet

How Do We Find Them Out?

There are a number of occasions when you want to find out which process is accessing an open TCP or UDP port. This doesn't just have to be for security reasons, for example to detect suspicious activity. It can also happen, for example, that software tries to install a port listener and fails because another application is already listening on the same port. In such cases one wants to know what is causing this conflict. This is possible with Windows standard tools or better with the freeware CurrPorts from NirSoft . Windows itself offers netstat.exe , a utility for the command line , for this task . If you call it up with the -o switch , it also shows the ID of all processes (PID) that communicate via a certain port. In order to determine the name of the program, one then gives tasklist|find "[PID]" a. Finally, if necessary, a disruptive process can be used taskkill /PID [PID] You can see more information about how to kill tasks here in this article. break up.

CurrPorts: Convenient GUI alternative

All these steps can be carried out more comfortably with the free CurrPorts under a graphical interface. The portable tool does not require any installation and shows all open ports and the associated processes after starting. The usually long list can be easily restricted using filters, whereby entries can either be included in or excluded from the display according to various criteria. CurrPorts can then terminate individual or all processes connected to a selected port as required. Above all, the tool shines with its diverse options for configuring the display, starting with an automatic refresh with selectable intervals and defining the protocols to be monitored through to the option to resolve IP addresses. CurrPorts: Convenient GUI alternative

Extensive logging options

The second focus of the program is the detailed logging of all activities, whereby the required information can be put together almost as desired. CurrPorts supports HTML, XML and CSV as output formats. Compared with the also free analysis tool TCPEye provides CurrPorts less actions that can be applied to Displaying processes, for example, no reference virus information. You don't have to install it and you get numerous options for filtering and logging network activities.