This week I got a question from Daniel:
“Hi Steve. When I find an app I like I download and play with it in a virtual machine. If it is from a lesser known firm it means I don’t know much about the company. I want to see if the app is connecting to the internet or any other network activity. How can I do this?”
Good question Daniel. First let me say that the size of the company does not matter. In fact the big ones are sometimes the worst offenders.
For example, www.download.com packages their downloads with all kinds of adware that will clog up your system. The anti-virus vendors all let it through since they are a big and trustworthy vendor (wink wink). The fun part is that our tools will get marked as a virus because they can be used for “hacking” – go figure 🙂
My point is, don’t let your guard down for anyone.
The tool I use is a free one from Microsoft. It is called Microsoft Network Monitor.
Let me show you how I use it to see what an app is up to.
Lets pick an app to watch. Say…Google Chrome.
First, launch MS Netmon, and start a new capture:
Start the capture, and we can see Chrome on our list:
Click on it and lets see what chrome is up to:
Since Chrome is *supposed* to be accessing the network / Internet, it is no surprise that there is quite a bit of info here.
From the output we can see quite a few packets. Just looking at the first one, we can see it is accessing accounts.l.google.com.
If we click on it, the frame below it shows the packet information. If you look carefully you can see that it is contacting a server on port 443.
Now with that knowledge in hand, you can setup your test VM with MS Network Capture. Run the program you are checking out, and start a capture. Let it run for a while. Then take a look and see what it has been up to. You might be surprised by what you see.
You can get NetMon from here:
32 Bit Version of Microsoft Network Monitor
64 Bit Version of Microsoft Network Monitor
One more thing…Subscribe to my newsletter and get 11 free network administrator tools, plus a 30 page user guide so you can get the most out of them. Click Here to get your free tools
{ 2 comments… read them below or add one }
Thanks for the writeup steve. This is easier than I thought.
Hi Steve,
Small suggestion from my side. Sysinternals TCPView is light weight portable program which suits this need. Thank you.