Is there a way to tell the network traffic of a process?
Problem: something is leeching the internet, giving rise to emails from the isp about getting to the GB limit.
Virus scan negative, malware scan negative, wireless is off etc...
Performance monitor seems to be an overall thing, just net bytes for all processes.
I was wondering if there was a program that could monitor network traffic and break it down by "bytes per process".
When google gives me over a million hits for search terms (no matter how specific) I tend to get lost - it's a very popular search.
I trust recommendations from you blokesusually
I am even willing to buy a decent program.
Wireshark (http://www.wireshark.org/) is fantastic for network forensics.
If you wanted to look at processes that have network connections, try : netstat -oan (assuming you're on Vista or later)
unfortunately -o parameter doesn't map to a process name, but process explorer (http://technet.microsoft.com/en-us/sysinternals/bb896653) does.
I'd start with wireshark and combination of process monitor (http://technet.microsoft.com/en-us/sysinternals/bb896645) / process explorer.
use the signature verification feature of process explorer to exclude microsoft entries, then you can narrow down what program might be causing issue.
Actually...after going back to Sysinternals (Microsoft) TCPView (http://technet.microsoft.com/en-us/sysinternals/bb897437) is probably best app.
All above are free of course. :bg
Cheers, bozo. I have the sysinternals stuff, it's a matter of tying it all up - lazily, I hoped something did all the hard work.
I have heard of wireshark and will give it a burl. Thanks.
P.S. netstat is interesting eh? I tend to forget windows tools.