Monitor internet activity of a process


  1. Posts : 1
    Windows 10
       #1

    Monitor internet activity of a process


    I know that in windows its possible to monitor which processes are connecting to the internet and which ip they are connecting to and which ports they are using.
    But is there a way to monitor the data a process downloads or uploads while connected to the internet?
    I saw some suspicious programs connected to the internet in Resource Center, so I wanted to know what they are downloading or uploading.
      My Computer


  2. Posts : 4,224
    Windows 10
       #2

    You can use the free protocol analyzer Wireshark to capture traffic in and out of a PC on which it's running, then use the TCP or UDP socket number(s) associated with the questionable processes to run protocol decodes to see what data is being transferred. Learning how to do this requires some investment of time and energy, though: it's covered in some detail in my college textbook Guide to TCP/IP (fourth edition) and also in Laura Chappell's excellent books on Wireshark as part of their Wireshark Certified Network Analyst (WCNA) credential. My book is hideously expensive (~$160!!) so if you want a copy and will pay shipping and handling, I can send you one at no charge.
    HTH,
    --Ed--
      My Computers


  3. Posts : 487
       #3

    As mentioned in the previous post, Wireshark is the most popular traffic capture software that people use and so is the best supported with training material, etc.. The biggest issue is now-a-days a large percentage of connections are over HTTPS, meaning they're encrypted. Therefore if the connections you want to capture traffic on are to port 443, they'll probably be encrypted and so you will need to use something like Fiddler with Wireshark to decrypt those connections on-the-fly.

    Microsoft also have their own version called Microsoft Message Analyser (which replaced Microsoft Network Monitor), and that will also decrypt some encrypted connections without messing around with fiddler and certs if you set it up to do so. However, neither will do much good if the data is encrypted separately by an application before sending it. Both have a pretty steep learning curve as they aren't aimed towards consumer use, but rather towards troubleshooting network issues. As I mentioned previously, Wireshark will have more training material available for beginners than Microsoft Message Analyser.

    You mentioned that Resource Monitor shows network connections. The data that's being transferred is usually being read/written to disk too, so another quick tip is to use the 'Disk' tab in Resource Monitor to see what locations are being written and read from as well. Process Monitor (not to be confused with Process Explorer) from Sysinternals will probably give even more details, but it's not something I've used much.

    Here's a real life example of Microsoft Message Analyser's native decryption in action (hence the 'Local' Source field). We've all heard that Windows 10 is spying on you and that even with Web Search/Cortana switched off, when you search locally from within the Start Menu it connects to Bing and still sends all your search queries to Bing.com right? Whilst it's true that SearchUI.exe connects to www[.]bing.com, it's not true that it still sends all your search queries to them, as anyone can verify for themselves if they really wanted to.

    Monitor internet activity of a process-untitled-1.png
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 19:15.
Find Us




Windows 10 Forums