How to see what your computer is connecting to
Your machine is talking to the internet constantly — not just the sites you open, but background apps, update services, telemetry, cloud sync, and occasionally something you didn't invite. This guide shows you how to see every one of those connections: first with the free tools already built into Windows and macOS, then the easier, live way with NetGlobe.
The short version
Free and built in: Windows has netstat -ano,
Task Manager, and Resource Monitor. macOS has lsof,
nettop, and Activity Monitor. They work, but they hand
you raw IP addresses with no owner, no location, and no threat context.
The upgrade: NetGlobe plots every connection on a live, geolocated map and, on one click, tells you who owns the endpoint, where it is, its TLS certificate, a process trust score, and whether it matches any threat feed. It's a one-time $18.99 on Windows or Mac. It shows connections — it doesn't block them.
The quick, built-in way (free).
Every Windows PC and every Mac ships with tools that list your live connections. Here's how to use them accurately.
On Windows
Open Command Prompt and list every active connection with the owning process ID (PID):
C:\> netstat -anoRun it in an administrator prompt with -b to also show the executable behind each connection:
Then match the PID in Task Manager → Details (add the PID column), or open Resource Monitor for a friendlier live view:
C:\> resmon # Network tab → TCP ConnectionsOn macOS
Open Terminal and list open network connections with their process, addresses, and ports:
$ lsof -nP -iNarrow it to established TCP sessions only:
$ lsof -nP -iTCP -sTCP:ESTABLISHEDOr watch it live, top-style, per process:
$ nettop -m tcpActivity Monitor → Network shows data sent and received per app, but not the remote endpoints — for those, use the commands above.
Where the built-in tools stop
These commands are honest and useful, but they give you a static snapshot of raw IP
addresses. You get 140.82.113.21, not "GitHub."
There's no geolocation, no network owner, no TLS detail, and no indication of whether an address
appears on a threat list. To understand a connection you'd copy each IP into a WHOIS lookup, a
geo-IP site, and a reputation checker by hand — and re-run netstat
every few seconds to catch anything short-lived. That's exactly the gap NetGlobe closes.
See it live with NetGlobe.
Same connections, but geolocated on a map and explained on one click. Five steps.
-
Install NetGlobe
On Windows 10 or 11, get it from the Microsoft Store. On Mac (macOS 11+, Apple Silicon or Intel), use the direct download. It's a one-time $18.99 on either platform — no subscription, no account.
-
Open it and let it read your connections
Launch NetGlobe. It reads your machine's live connection table locally, on the device — nothing is uploaded and there's no sign-in.
-
Watch the live map fill in
Each active connection appears as an arc from your location to the server it's talking to, geolocated in real time. The background apps, update agents, and telemetry you never see in a browser all show up here at once.
-
Click any connection for Endpoint Focus
Click a line to pivot to that endpoint. NetGlobe resolves the network owner via WHOIS/RDAP, the country and city, reverse DNS, the TLS certificate, and a 0–100 process trust score (from code-signing, parent process, and file age) — plus any hits across threat-intel feeds.
-
Triage anything that looks off
Confirm the owning process, run a built-in traceroute or MTR to the endpoint, and decide whether it belongs. NetGlobe shows and explains the connection; if you want to block one, pair it with your OS firewall.
What to look for — the red flags.
Most of what you'll see is normal. These are the patterns worth a second look.
- Connections to countries you have no reason to reach. A steady link to a region none of your apps should touch is worth investigating.
- Unsigned or unknown processes reaching the internet. A low trust score on a process you don't recognize — especially one running from a temp folder — is a classic tell.
- An endpoint that matches a threat feed. Hits against FireHOL, Spamhaus DROP/EDROP, ThreatFox, or the Tor exit list are flagged automatically in Endpoint Focus.
- Something that keeps reconnecting to the same unfamiliar host. Persistent beaconing to one odd address — on a schedule — is more suspicious than a single hit.
Seeing your connections — FAQ
How do I see what my computer is connecting to on Windows?
Run netstat -ano in Command Prompt to list every active connection with its owning PID, or netstat -anob as an administrator to include the executable name. Match the PID in Task Manager's Details tab, or use Resource Monitor (resmon) under the Network tab. These are free and built in, but they show raw IPs with no geolocation, owner, or threat context — NetGlobe adds a live geolocated map and per-connection intelligence.
How do I see what my Mac is connecting to?
In Terminal, run lsof -nP -i to list open connections with their process and addresses; add -sTCP:ESTABLISHED for live TCP only, or use nettop -m tcp for a live view. Activity Monitor's Network tab shows data per app but not the endpoints. NetGlobe maps every connection and names each owner — its Mac build is native for Apple Silicon and Intel on macOS 11+.
How can I tell if a connection is dangerous?
Check three things: who owns the endpoint, which process opened it, and whether it appears on a known-bad list. A connection to an unexpected country, opened by an unsigned or unfamiliar process, that matches a feed like FireHOL, Spamhaus, ThreatFox, or the Tor exit list, deserves a closer look. NetGlobe surfaces all of that in one Endpoint Focus panel, including a 0–100 process trust score with the reasons behind it.
Does NetGlobe block connections?
No. NetGlobe is a visibility and diagnostics tool, not a firewall. It shows and explains every connection your machine makes — geolocation, network owner, TLS certificate, process trust score, and threat-intel matches — but it doesn't block traffic. To block a connection, use your operating system's firewall for enforcement and run NetGlobe alongside it for understanding.
How much is NetGlobe?
NetGlobe is a one-time $18.99 on both platforms — on the Microsoft Store for Windows and as a direct download for Mac. No subscription, no account, and no telemetry; it runs entirely on your device.
Related guides & comparisons
See every connection, live.
Stop copying IP addresses into lookup sites. A one-time $18.99 — on the Microsoft Store for Windows, or a direct download for Mac.
No account. Runs entirely on your device. See the full feature list or the FAQ.