Home » Networking » Viewing and killing TCP IP connections Windows
Many time in troubleshooting or needing to view network traffic information or connection information, seeing your TCP/IP connections in Windows can provide valuable insight into problems or issues that may be going on in Windows with connectivity. Also, viewing connection information is a great way to narrow down on possible backdoor traffic to a workstation if malware is suspected. In this guide, we want to look at several tools and utilities to both view connection information as well as kill TCP connections in Windows that may be problematic or malicious.
Windows itself has many really nice tools built-in that will enable you to see TCP and UDP connections right out of the box via the commandline. Especially the later versions of Windows which include Powershell expand these capabilities as well.
Commandline Tools
Powershell
With powershell we have a whole new array of commandlets to peer inside of and control what is going on with Network connections in Windows. There are two commands in general among others that provide really powerful monitoring inside of Powershell and that is the get-nettcpconnection and get-udpendpoint. Take a look at the whole list of new powershell commands for monitoring and controlling TCP activity here: https://docs.microsoft.com
Get-NetTcpConnection – cmdlet gets current TCP connections. Use this cmdlet to view TCP connection properties such as local or remote IP address, local or remote port, and connection state.
Get-NetUDPEndpoint – gets current statistics for a UDP endpoint. The cmdlet returns UDP end point properties, such as local and remote UDP ports. If you do not specify any parameters, the cmdlet gets statistics for all UDP end points.
Netstat
Displays active TCP connections, ports on which the computer is listening, Ethernet statistics, the IP routing table, IPv4 statistics (for the IP, ICMP, TCP, and UDP protocols), and IPv6 statistics (for the IPv6, ICMPv6, TCP over IPv6, and UDP over IPv6 protocols). Used without parameters, netstat displays active TCP connections.
Below the command was issued netstat -ano
With the PID information you see above in the netstat output, you can use this number to correlate with PID information in Task Manager to identify the exact process and kill if need be.
wkillcx
Wkillcx is a small command-line utility to close any TCP connection under Windows XP/Vista/Seven as well as Windows Server 2003/2008. This is a great little commandline program that allows you to kill the remote IP:port connection information without knowing the PID. You simply issue the command, feed the appropriate connection information, it searches for that connection and kills it. Download wkillcx here: https://wkillcx.sourceforge.net/
syntax : wkillcx [dest_ip:dest_port] wkillcx 10.11.22.23:1234
GUI Tools
Along with the commandline tools included in Windows there are also a couple of really nice GUI tools that allow ones to see TCP activity as well as kill those TCP connections via killing the process that is spawning the TCP connections.
TCPView
TCPView is a Windows SysInternals Tool that is designed to basically show detailed listings of all TCP and UDP endpoints on your system, including the local and remote addresses and state of TCP connections. The download of the utility also includes a commandline version of the tool in tcpvcon. Download TCPView here: https://technet.microsoft.com/en-us/sysinternals/bb897437.aspx
Another really nice feature of TCPView is that you can right-click on any connection entry and then Kill the process that is using it:
Microsoft Message Analyzer 1.0
Microsoft Message Analyzer is a new tool for capturing, displaying, and analyzing protocol messaging traffic and other system messages. This is a relatively new tool that also can import data from the legacy Microsoft Network Protocol Analyzer 3.4.
This is a more full blown protocol analyzer, but can do many of the basic things we are referring too in the above guide. Download the Microsoft Message Analyzer here: https://docs.microsoft.com
Final Thoughts
Using the tools listed above, one can view network connection information via either the commandline or using GUI tools. This is extremely helpful when you are tracking down a rogue connection or a problematic process that has network hooks.
Brandon Lee is the Senior Writer, Engineer and owner at Virtualizationhowto.com, and a 7-time VMware vExpert, with over two decades of experience in Information Technology. Having worked for numerous Fortune 500 companies as well as in various industries, He has extensive experience in various IT segments and is a strong advocate for open source technologies. Brandon holds many industry certifications, loves the outdoors and spending time with family. Also, he goes through the effort of testing and troubleshooting issues, so you don’t have to.
Трансферное обучение с предобученными моделями в Keras с Python
AI_Generated 06.05.2025
Суть трансферного обучения проста: взять модель, которая уже научилась решать одну задачу, и адаптировать её для решения другой, похожей задачи. Мозг человека работает по схожему принципу. Изучив. . .
Циклические зависимости в C#: методы управления и устранения
stackOverflow 06.05.2025
Если вы хоть раз работали над не самым тривиальным проектом на C#, то наверняка сталкивались с той ситуацией, когда компилятор вдруг начинает сыпать странными ошибками о невозможности разрешить. . .
Как перейти от Waterfall к Agile
EggHead 06.05.2025
Каскадная модель разработки Waterfall — классический пример того, как благие намерения превращаются в организационный кошмар. Изначально созданная для упорядочивания хаоса и внесения предсказуемости. . .
Оптимизация SQL запросов — Продвинутые техники
Codd 06.05.2025
Интересно наблюдать эволюцию подходов к оптимизации. Двадцать лет назад всё сводилось к нескольким простым правилам: «Избегайте SELECT *», «Используйте индексы», «Не джойните слишком много таблиц». . . .
Создание микросервисов с gRPC и Protobuf в C++
bytestream 06.05.2025
Монолитные приложения, которые ещё недавно считались стандартом индустрии, уступают место микросервисной архитектуре — подходу, при котором система разбивается на небольшие автономные сервисы, каждый. . .
Многопоточность и параллелизм в Python: потоки, процессы и гринлеты
py-thonny 06.05.2025
Параллелизм и конкурентность — две стороны многопоточной медали, которые постоянно путают даже бывалые разработчики.
Конкурентность (concurrency) — это когда ваша программа умеет жонглировать. . .
Распределенное обучение с TensorFlow и Python
AI_Generated 05.05.2025
В машинном обучении размер имеет значение. С ростом сложности моделей и объема данных одиночный процессор или даже мощная видеокарта уже не справляются с задачей обучения за разумное время. Когда. . .
CRUD API на C# и GraphQL
stackOverflow 05.05.2025
В бэкенд-разработке постоянно возникают новые технологии, призванные решить актуальные проблемы и упростить жизнь программистам. Одной из таких технологий стал GraphQL — язык запросов для API,. . .
Распознавание голоса и речи на C#
UnmanagedCoder 05.05.2025
Интеграция голосового управления в приложения на C# стала намного доступнее благодаря развитию специализированных библиотек и API. При этом многие разработчики до сих пор считают голосовое управление. . .
Реализация своих итераторов в C++
NullReferenced 05.05.2025
Итераторы в C++ — это абстракция, которая связывает весь экосистему Стандартной Библиотеки Шаблонов (STL) в единое целое, позволяя алгоритмам работать с разнородными структурами данных без знания их. . .
In this post, we are going to show you how to create an internet kill switch on Windows 11/10. It is mostly used in a panic situation when you need to disconnect your internet quickly. Thus, it is also known as a Panic Button.
What is the kill switch on Windows internet?
The “Kill Switch” on Windows refers to a feature or mechanism enabling users to instantly and efficiently cut off their computer’s internet access or disconnect it from a network. It is commonly used as a security safeguard that helps protect sensitive data, maintain privacy, and prevent unauthorized access while browsing the internet on Windows.
Here are the steps to create an internet kill switch on your Windows 11/10 PC:
- Open Settings.
- Go to Network & internet.
- Write down the name of your network adapter.
- Create a desktop shortcut.
- Edit the location.
- Name the shortcut as Internet Kill Switch or likewise.
- Right-click on the newly created shortcut.
- Select the Properties option.
- Click on the Advanced button.
- Tick the Run as administrator checkbox.
Let us discuss the above steps in detail now.
First, open the Settings app by pressing the Win+I hotkey and move to the Network & internet tab from the left-side pane.
Now, note down the name of your network adapter from the Status section. You can see your network adapter’s name at the top in the right-side pane. For a wireless connection, the adapter’s name is usually Wi-Fi. On the other hand, if you are using a wired connection, the name is Ethernet.
Once you have written down the adapter’s name, go to your desktop and right-click on the empty area. From the context menu, select the New > Shortcut option to create a new desktop shortcut.
Next, in the location box, you need to enter the below command:
C:\Windows\System32\netsh.exe interface set interface name=”NET” admin = disabled
C:\Windows\System32\netsh.exe interface set interface name="WiFi_Name" admin = disabled
In the above command, replace “WiFi_Name” with the name of your network adapter’s name.
For example, in my case, the command would be:
C:\Windows\System32\netsh.exe interface set interface name="Wi-Fi" admin = disabled
Next, press the Next button.
After that, name this shortcut “Internet Kill Switch” or something similar to easily identify the shortcut when needed. And, press the Finish button.
Once the shortcut is created, right-click on it and choose the Properties option from the context menu.
Now, click on the Advanced button.
Then, tick the Run as administrator checkbox in the opened prompt. And, click on the OK button.
Next, press the Apply > OK button to save changes.
You can now double-click on this newly created shortcut i.e., internet kill switch to run the command and quickly disconnect your computer from the internet.
In case you want to reconnect the internet, you can create another switch to instantly connect to the internet. To do that, follow the steps mentioned above to create a shortcut. However, while entering the location of the shortcut, enter the below command:
C:\Windows\System32\netsh.exe interface set interface name="Wi-Fi" admin = enabled
Once the shortcut is created, you can run it whenever you want to quickly reconnect your internet.
Related: How to disable WiFi using CMD or Powershell
Create an Internet Kill Switch using a Batch file
Another method to create a kill switch is via a batch file. You can create a batch file to instantly cut off your internet connection. Here’s how you can do that:
First, open Notepad using Windows Search and then enter a similar command like the following one:
C:\Windows\System32\netsh.exe interface set interface name="Wi-Fi" admin = disabled
Replace Wi-Fi with your network adapter’s name in the above command.
Now, go to the File > Save as option and choose the Save as type as All files in the opened Save as prompt.
After that, enter the name of the batch file, e.g., KillSwitch.bat or PanicButton.bat. And, click on the Save button to create the batch file.
When done, right-click on the newly created batch file and choose the Run as administrator option. It will then disconnect your internet.
You can also create a batch file to restore your internet connection, you can create another batch file using the same steps. Just replace the command you have used above with the following one:
C:\Windows\System32\netsh.exe interface set interface name="Wi-Fi" admin = enabled
This is how you can create a kill switch to quickly disconnect Windows from the internet.
Read: VPN Kill Switch and Obfuscated Servers not working.
How do I turn off internet on Windows 11?
To switch off your internet on a Windows 11/10 PC, click on the WiFi icon from your taskbar. After that, click on the right arrow button and then press the Disconnect button. Alternatively, open Settings using Win+I, go to the Network & internet tab, and switch Off the toggle associated with the Wi-Fi option.
When you want to remove network drives from your Windows 10 or 11 computer you could use explorer. Another option is to use the Net Use command. This way you can remove all network connections easily with a single command on your own computer a remove one.
In this article, I will explain how you can use the Net Use Delete command to remove a single, or all network connections.
Before we are going to remove the network connections, let’s first take a look at the existing network connections on our computer with Net Use. You can use the Net Use command in Command Prompt or in Windows PowerShell.
To list all existing connections type:
Net use
Remove a single network connection
To remove a single network connection with net use we can type net use x: /delete. Where x: is the drive letter of the network drive that you want to remove:
Net use x: /delete # or in short net use x: /d
Delete Network Connection without a drive letter
On some occasions, you might have a network connection without a drive letter. These connections can also be removed with the net use command. Instead of using the drive letter we then have to use the remote path.
So the remove the drive mapping to \\LT3452\C$\temp from the above screenshot we can use the following command:
net use \\LT3452\c$\temp /delete
Net Use Delete All
It’s also possible to delete all active network connections from a computer. For this, we can use the command net use * /delete.
net use * /delete # or in short: net use * /d
Net use * /delete Force
When you run the delete command with the wildcard to delete all connections, you will be prompted to confirm the deletion. To force the delete command we can add the parameter /yes to it to delete the network connections silently:
# Force delete of all network connections net use * /delete /yes # or in shot: net use * /d /y
Wrapping Up
The net use delete command is really useful when you want to clean up network connections on a computer with a script or before you apply new network connections. If you want to learn more about the command net use, then make sure you read this article where I explain more about it.
If you have any questions, just drop a comment below!
You may also like the following articles
Категории
Главная
-
-
Просмотров: 9901
Очень простой, но в то же время очень часто встречающийся вопрос, который вводит в ступор Windows-админов:
Как разорвать tcp/udp соединение в windows из командной строки?
ответ простой:
netsh advfirewall FIREWALL add rule name=»KMS» dir=in action=allow protocol=tcp localport=1688
или заюзать wipfw — всё это он умеет (аналог FreeBSD-фаервола ipfw)