NetGlobe is live on the Microsoft Store·Download for Windows now
How-to guide

How to see what your computer is connecting to

Your machine is talking to the internet constantly — not just the sites you open, but background apps, update services, telemetry, cloud sync, and occasionally something you didn't invite. This guide shows you how to see every one of those connections: first with the free tools already built into Windows and macOS, then the easier, live way with NetGlobe.

The short version

Free and built in: Windows has netstat -ano, Task Manager, and Resource Monitor. macOS has lsof, nettop, and Activity Monitor. They work, but they hand you raw IP addresses with no owner, no location, and no threat context.

The upgrade: NetGlobe plots every connection on a live, geolocated map and, on one click, tells you who owns the endpoint, where it is, its TLS certificate, a process trust score, and whether it matches any threat feed. It's a one-time $18.99 on Windows or Mac. It shows connections — it doesn't block them.

Start here

The quick, built-in way (free).

Every Windows PC and every Mac ships with tools that list your live connections. Here's how to use them accurately.

On Windows

Open Command Prompt and list every active connection with the owning process ID (PID):

C:\> netstat -ano

Run it in an administrator prompt with -b to also show the executable behind each connection:

C:\> netstat -anob

Then match the PID in Task Manager → Details (add the PID column), or open Resource Monitor for a friendlier live view:

C:\> resmon # Network tab → TCP Connections

On macOS

Open Terminal and list open network connections with their process, addresses, and ports:

$ lsof -nP -i

Narrow it to established TCP sessions only:

$ lsof -nP -iTCP -sTCP:ESTABLISHED

Or watch it live, top-style, per process:

$ nettop -m tcp

Activity Monitor → Network shows data sent and received per app, but not the remote endpoints — for those, use the commands above.

Where the built-in tools stop

These commands are honest and useful, but they give you a static snapshot of raw IP addresses. You get 140.82.113.21, not "GitHub." There's no geolocation, no network owner, no TLS detail, and no indication of whether an address appears on a threat list. To understand a connection you'd copy each IP into a WHOIS lookup, a geo-IP site, and a reputation checker by hand — and re-run netstat every few seconds to catch anything short-lived. That's exactly the gap NetGlobe closes.

The easier way

See it live with NetGlobe.

Same connections, but geolocated on a map and explained on one click. Five steps.

  1. Install NetGlobe

    On Windows 10 or 11, get it from the Microsoft Store. On Mac (macOS 11+, Apple Silicon or Intel), use the direct download. It's a one-time $18.99 on either platform — no subscription, no account.

  2. Open it and let it read your connections

    Launch NetGlobe. It reads your machine's live connection table locally, on the device — nothing is uploaded and there's no sign-in.

  3. Watch the live map fill in

    Each active connection appears as an arc from your location to the server it's talking to, geolocated in real time. The background apps, update agents, and telemetry you never see in a browser all show up here at once.

  4. Click any connection for Endpoint Focus

    Click a line to pivot to that endpoint. NetGlobe resolves the network owner via WHOIS/RDAP, the country and city, reverse DNS, the TLS certificate, and a 0–100 process trust score (from code-signing, parent process, and file age) — plus any hits across threat-intel feeds.

  5. Triage anything that looks off

    Confirm the owning process, run a built-in traceroute or MTR to the endpoint, and decide whether it belongs. NetGlobe shows and explains the connection; if you want to block one, pair it with your OS firewall.

Triage

What to look for — the red flags.

Most of what you'll see is normal. These are the patterns worth a second look.

  • Connections to countries you have no reason to reach. A steady link to a region none of your apps should touch is worth investigating.
  • Unsigned or unknown processes reaching the internet. A low trust score on a process you don't recognize — especially one running from a temp folder — is a classic tell.
  • An endpoint that matches a threat feed. Hits against FireHOL, Spamhaus DROP/EDROP, ThreatFox, or the Tor exit list are flagged automatically in Endpoint Focus.
  • Something that keeps reconnecting to the same unfamiliar host. Persistent beaconing to one odd address — on a schedule — is more suspicious than a single hit.
Common questions

Seeing your connections — FAQ

How do I see what my computer is connecting to on Windows?

Run netstat -ano in Command Prompt to list every active connection with its owning PID, or netstat -anob as an administrator to include the executable name. Match the PID in Task Manager's Details tab, or use Resource Monitor (resmon) under the Network tab. These are free and built in, but they show raw IPs with no geolocation, owner, or threat context — NetGlobe adds a live geolocated map and per-connection intelligence.

How do I see what my Mac is connecting to?

In Terminal, run lsof -nP -i to list open connections with their process and addresses; add -sTCP:ESTABLISHED for live TCP only, or use nettop -m tcp for a live view. Activity Monitor's Network tab shows data per app but not the endpoints. NetGlobe maps every connection and names each owner — its Mac build is native for Apple Silicon and Intel on macOS 11+.

How can I tell if a connection is dangerous?

Check three things: who owns the endpoint, which process opened it, and whether it appears on a known-bad list. A connection to an unexpected country, opened by an unsigned or unfamiliar process, that matches a feed like FireHOL, Spamhaus, ThreatFox, or the Tor exit list, deserves a closer look. NetGlobe surfaces all of that in one Endpoint Focus panel, including a 0–100 process trust score with the reasons behind it.

Does NetGlobe block connections?

No. NetGlobe is a visibility and diagnostics tool, not a firewall. It shows and explains every connection your machine makes — geolocation, network owner, TLS certificate, process trust score, and threat-intel matches — but it doesn't block traffic. To block a connection, use your operating system's firewall for enforcement and run NetGlobe alongside it for understanding.

How much is NetGlobe?

NetGlobe is a one-time $18.99 on both platforms — on the Microsoft Store for Windows and as a direct download for Mac. No subscription, no account, and no telemetry; it runs entirely on your device.

Available now

See every connection, live.

Stop copying IP addresses into lookup sites. A one-time $18.99 — on the Microsoft Store for Windows, or a direct download for Mac.

Get it from the Microsoft Store Live

No account. Runs entirely on your device. See the full feature list or the FAQ.