Windows 10: Monitor internet activity of a process
Monitor internet activity of a process
I know that in windows its possible to monitor which processes are connecting to the internet and which ip they are connecting to and which ports they are using.
But is there a way to monitor the data a process downloads or uploads while connected to the internet?
I saw some suspicious programs connected to the internet in Resource Center, so I wanted to know what they are downloading or uploading.
You can use the free protocol analyzer Wireshark to capture traffic in and out of a PC on which it's running, then use the TCP or UDP socket number(s) associated with the questionable processes to run protocol decodes to see what data is being transferred. Learning how to do this requires some investment of time and energy, though: it's covered in some detail in my college textbook Guide to TCP/IP (fourth edition) and also in Laura Chappell's excellent books on Wireshark as part of their Wireshark Certified Network Analyst (WCNA) credential. My book is hideously expensive (~$160!!) so if you want a copy and will pay shipping and handling, I can send you one at no charge.
As mentioned in the previous post, Wireshark is the most popular traffic capture software that people use and so is the best supported with training material, etc.. The biggest issue is now-a-days a large percentage of connections are over HTTPS, meaning they're encrypted. Therefore if the connections you want to capture traffic on are to port 443, they'll probably be encrypted and so you will need to use something like Fiddler with Wireshark to decrypt those connections on-the-fly.
Microsoft also have their own version called Microsoft Message Analyser (which replaced Microsoft Network Monitor), and that will also decrypt some encrypted connections without messing around with fiddler and certs if you set it up to do so. However, neither will do much good if the data is encrypted separately by an application before sending it. Both have a pretty steep learning curve as they aren't aimed towards consumer use, but rather towards troubleshooting network issues. As I mentioned previously, Wireshark will have more training material available for beginners than Microsoft Message Analyser.
You mentioned that Resource Monitor shows network connections. The data that's being transferred is usually being read/written to disk too, so another quick tip is to use the 'Disk' tab in Resource Monitor to see what locations are being written and read from as well. Process Monitor (not to be confused with Process Explorer) from Sysinternals will probably give even more details, but it's not something I've used much.
Here's a real life example of Microsoft Message Analyser's native decryption in action (hence the 'Local' Source field). We've all heard that Windows 10 is spying on you and that even with Web Search/Cortana switched off, when you search locally from within the Start Menu it connects to Bing and still sends all your search queries to Bing.com right? Whilst it's true that SearchUI.exe connects to www[.]bing.com, it's not true that it still sends all your search queries to them, as anyone can verify for themselves if they really wanted to.
I'm having random problems with the internet connection, slowing down and failure of signal to my router. The phone line voltage is ok, I have measured it at the incoming box. I have moved the router to a better location and hope it will be more...
I was checking my system configuration and happened across this weird one!
Note the spelling:
"Monitor Virutal Wlan Service" - "Virutal" rather than "Virtual" but either way, I can see no reference to such a process on the net.
Insider Preview 50532.
Preview 50532 has more Activity to the internet then build 50512 or Standard Windows 10.Like it is checking for update (more the it should) Normal or do I have to turn some thing off (all titles are off) ?
When I boot into Win Ten on my ancient laptop the HDD goes into 100% use for the first 10 to 15 minutes. Is this Windows file indexing? Does it ever stop? There is nothing on the HDD except the OS. Why does it have to R+W all the files all over...
I noticed that I have two Epson Status Monitor processes running in the background.
I've already tried to disable this process from startup, but they are loaded anyway. In fact, both processes are loaded. I also noticed that one...