News:

MASM32 SDK Description, downloads and other helpful links
MASM32.com New Forum Link
masmforum WebSite

Network snooping

Started by sinsi, February 16, 2012, 12:01:19 PM

Previous topic - Next topic

sinsi

Is there a way to tell the network traffic of a process?
Problem: something is leeching the internet, giving rise to emails from the isp about getting to the GB limit.
Virus scan negative, malware scan negative, wireless is off etc...
Performance monitor seems to be an overall thing, just net bytes for all processes.

I was wondering if there was a program that could monitor network traffic and break it down by "bytes per process".
When google gives me over a million hits for search terms (no matter how specific) I tend to get lost - it's a very popular search.


I trust recommendations from you blokesusually
I am even willing to buy a decent program.
Light travels faster than sound, that's why some people seem bright until you hear them.

bozo

Wireshark is fantastic for network forensics.
If you wanted to look at processes that have network connections, try : netstat -oan (assuming you're on Vista or later)

unfortunately -o parameter doesn't map to a process name, but process explorer does.

I'd start with wireshark and combination of process monitor / process explorer.

use the signature verification feature of process explorer to exclude microsoft entries, then you can narrow down what program might be causing issue.

Actually...after going back to Sysinternals (Microsoft) TCPView is probably best app.

All above are free of course.  :bg

sinsi

Cheers, bozo. I have the sysinternals stuff, it's a matter of tying it all up - lazily, I hoped something did all the hard work.
I have heard of wireshark and will give it a burl. Thanks.

P.S. netstat is interesting eh? I tend to forget windows tools.
Light travels faster than sound, that's why some people seem bright until you hear them.