Scammers are very creative in how they make you think you have a problem with your computer. Which brings us to the point of this short, but important article.
In the following screenshot of a Windows 10 PC, notice the black box.
The black box in the picture above is is referred to as a command box and is a common tool used by legitimate tech support. The netstat command is a legitimate program used to help diagnose certain kinds of networking issues.
Unfortunately, the problem occurs when a scammer uses this as “proof” that you have hackers in your computer. This is incorrect.
A scammer may say something like, “Look at all these hackers in your computer.” A scary statement this is also completely incorrect. In fact, the scammer is the “hacker”!
What Is Netstat?
Netstat is available on Windows, macOS, and Linux and shows detailed information about specific network connections. Per Wikipedia:
Netstat (network statistics) is a tool that displays network connection and is used for finding problems in the network and determine the amount of traffic on the network as a performance measurement.
First let’s talk about hardware. It’s possible that you may see in netstat, hardware such as:
Local computers (within your network)
Network attached storage (NAS)
Shared Hardware or Folders
Second, there are many programs that are installed on your computer that check for updates using the Internet and netstat may report these:
Windows Major and Minor
Anti-Virus Program / Definitions
Software License Checks
There are many other programs that may show up in netstat as well, like a VPN, etc.
So Why Does Netstat Show Many Connections?
Netstat may show dozens of connections even surpassing 100 connections. Each type of hardware and software noted above may have one or more connections open. And usually each one has several connections open, resulting in a long list displayed in netstat.
Can Netstat Show Hackers?
Yes and no. Netstat shows all connections, good and bad, so it can be used as a tool to begin identifying areas to check for malware, viruses, ransomware, hackers, etc. But netstat alone doesn’t show hackers, just activity, good and potentially bad.
An example of netstat showing a hacker is of the scammers remote connection to your computer. The scammer’s remote connection to you will be one or two entries in a list of dozens of entries.
Netstat is a tool, not “proof” of dozens of hackers.
Check it out for yourself.
Windows Vista, Windows 7, Windows 8, Windows 10
Click Start (orb / flag)
Click on the “cmd” program
This will open the black box
Click inside the black box
Type: netstat (and then press enter)
You can scroll up the list to review and you can search online for each of the IP addresses if you want. To close the command box, click the X in the upper right of the command box window.
Open a Terminal Window (Applications, Utilities, Terminal.app)