Mar 12, 2014 - To date there are only two ways to capture traffic in the monitor mode in Windows: to use hardware like AirPcap or to use the Microsoft Network.
//
When my laptop is turned on, it starts downloading from the Internet – BUT – nothing is supposed to be downloading! How do I figure out what’s happening?
My normal response for this type of problem is to turn to Process Monitor, a free SysInternals utility from Microsoft. The problem is that it’s a pretty geeky tool, and requires a little patience and understanding to get useful results.
Of late, I’ve found myself firing up a completely different utility included in Windows 7 and 8 to monitor network
In computing, a network is simply a collection of computers and digital devices continuously interconnected in such a way that they can exchange data.
(Click on the term for full definition.)
'>network activity. It’s a utility that quickly displays a lot of information about what’s going on. It actually can monitor several areas of your computer’s activity, but I’ll Focus
(Click on the term for full definition.)
Focus is the concept that, in a multi-window operating system (such as Microsoft Windows or Mac OS), user input can be directed to only one application window at a time.
An application (such as a keyboard or mouse) is said to have focus when it receives user input. This application is usually (although not always) in the foreground; its window is displayed on top of or in front of any other application windows.
The concept can apply within an application as well. A dialog box – perhaps a “File, Open” file selection box – may take the focus away from the main application window until the dialog is dismissed.
An application that takes focus from another application unexpectedly, or without interaction from the user, is sometimes said to “steal focus.” An example might be when a user is typing in one program, and suddenly sees that some or all of the input is being entered into some other application that at some point “stole focus”.
(Click on the term for full definition.)
'>focus here on networking.
An application (such as a keyboard or mouse) is said to have focus when it receives user input. This application is usually (although not always) in the foreground; its window is displayed on top of or in front of any other application windows.
The concept can apply within an application as well. A dialog box – perhaps a “File, Open” file selection box – may take the focus away from the main application window until the dialog is dismissed.
An application that takes focus from another application unexpectedly, or without interaction from the user, is sometimes said to “steal focus.” An example might be when a user is typing in one program, and suddenly sees that some or all of the input is being entered into some other application that at some point “stole focus”.
(Click on the term for full definition.)
Perfmon
Perfmon, the system performance monitor, has been around for a long time. If you run “perfmon” (Windows Key + “R”, enter “perfmon”, click OK) you’ll end up with something similar to this.
It’s a fairly intimidating application, unless you’re well-versed in Windows technical details, so it’s decidedly not what I’m recommending here.
However.
In the descriptive text in the upper pane, you’ll see a link that says “Open Resource Monitor”. Click that – it’s the tool that we want.
Resource Monitor
Resource Monitor is really just a process monitor with a different interface. In fact, if instead of running “perfmon”, you run “perfmon /res” (without the quotes), you come directly to this interface.
Resource Monitor is probably somewhere between Task Manager and our old friend Process Explorer in complexity, with just a hint of Process Monitor thrown in. (Yes, all these similar sounding names can be quite confusing.)
As I said, I’m going to focus on using Resource Monitor to monitor network activity.
Click on the network
In computing, a network is simply a collection of computers and digital devices continuously interconnected in such a way that they can exchange data.
(Click on the term for full definition.)
'>Network tab.
(Click on the term for full definition.)
Here you’ll find several panes of information about the network activity happening on your machine.
Let’s review the three most interesting.
Network Activity Graph
At the top of the right-hand column, you’ll see this graph, which shows the average network traffic total for the last 60 seconds.
Be forewarned that the scale will change automatically based on traffic. In the example above, the scale is 10mbps, or 10 megabits per second, and the graph peaks at around the 4mbps range. If the traffic slows for long enough, the scale will change to 100kbps, or even 10kbps, so that even at lower traffic rates, the spikes of traffic can be viewed. It’ll also scale higher should network traffic exceed 10mbps long enough. The important thing to realize is that you need to pay attention to the scale to understand how much data is being transferred.
Processes with Network Activity
This pane lists the processes that are actively doing some kind of network I/O [Input/Output]
I/O is an acronym for Input/Output.
I/O refers to the information being read (input) or the information being written (output) by a program or computer. Typically, I/O refers to disk or network reads and writes, but it can actually be applied to any transfer of information, regardless of how it’s performed.
(Click on the term for full definition.)
'>I/O (I/O [Input/Output]
I/O refers to the information being read (input) or the information being written (output) by a program or computer. Typically, I/O refers to disk or network reads and writes, but it can actually be applied to any transfer of information, regardless of how it’s performed.
(Click on the term for full definition.)
I/O is an acronym for Input/Output.
I/O refers to the information being read (input) or the information being written (output) by a program or computer. Typically, I/O refers to disk or network reads and writes, but it can actually be applied to any transfer of information, regardless of how it’s performed.
(Click on the term for full definition.)
'>input/output). The column headers can be clicked to sort by their contents, and I find sorting by Total to be the most interesting. In the example above, we can see that chrome.exe – the Google Chrome browser – was performing the most networked I/O on the system when the snapshot was taken, followed by Dropbox, and Thunderbird and others.
I/O refers to the information being read (input) or the information being written (output) by a program or computer. Typically, I/O refers to disk or network reads and writes, but it can actually be applied to any transfer of information, regardless of how it’s performed.
(Click on the term for full definition.)
Network Activity
I find this perhaps the most useful network pane. Listed here are the processes that have network activity, and remote endpoints to which they are connected. Not shown above (but off to the right) are the same Send/Receive/Total bytes columns, so you can see which connection is generating the most traffic.
In the example above, the most active connection is to an IP address [Internet Protocol Address]
An IP address, short for Internet Protocol Address, is a number used to identify a device connected to a TCP/IP network like the internet. In IP version 4 (IPv4), an address is a 32-bit number typically displayed as four decimal numbers ranging from 0 to 255, separated by periods.
(Click on the term for full definition.)
'>IP address: 67.201.31.35. A little research shows that this IP address belongs to “NETDNA”, the content distribution network that I use for Ask Leo! Indeed, I was downloading an Ask Leo! page with images to generate example traffic.
(Click on the term for full definition.)
You can see additional connections to “cotendo.net”, another content distribution network, “1e100.net”, which turns out to be Google (I have Google sites open in my browser, and the example page that I used to generate traffic includes Google services), and “lw3.pugetsoundsoftware.com”, which is the server currently housing Ask Leo!
TCP connections
This pane lists all of the TCP network connections that have been established by applications running on your PC, whether or not they are actively transmitting or receiving data. This can be useful to examine what programs are connecting where out on the internet.
TCP Connections Graph
This graph shows the number of connections being made between your machine and others across the network, over time. Like the Network Activity graph, it also auto-scales, so do watch the maximum number shown to get a sense for exactly what the graph is showing you.
Summary
Resource Monitor’s network monitoring pane provides a very quick and informative window to monitor network activity happening on your machine. While it won’t tell you what files are being downloaded (you’ll still need Process Monitor for that – see the related links), it will tell you what remote sites your computer is connected to, and which of the applications on your machine are responsible for network traffic. Those two bits of information alone can often resolve many of the questions that you might have about what’s happening on your machine.
Podcast audio
Download (right-click, Save-As) (Duration: 6:30 — 6.0MB)
Subscribe: Apple Podcasts | Android | RSS
![Network Network](/uploads/1/2/4/8/124872434/130681169.png)
Mobile and broadband data caps alike have made people very conscientious of their data usage. Windows 10 includes a built-in network usage monitor that, unlike its predecessor, is actually a pretty useful way to keep an eye on your bandwidth consumption. Read on as we show you how.
What Does (And Doesn’t) The Windows 10 Network Usage Monitor Do?
In Windows 8 Microsoft introduced new ways to monitor your network usage, albeit the initial incarnation of the built-in feature was shortsightedly limited to just Windows Store apps (such that if you used Skype from the Windows Store it would count that data but if you used Skype for Desktop, aka “normal” Skype then it would not).
RELATED:How to Monitor Your Internet Bandwidth Usage and Avoid Exceeding Data Caps
The network usage and bandwidth monitoring in Windows 10 significantly improves upon the Windows 8 system by including data for all apps, not just Windows Store supplied applications. As such it’s an excellent way to easily check which apps are using the most (or least) data over the previous 30 day window.
As handy and improved as the Windows 10 network usage apps are there’s an important thing to note: they only monitor, as you would expect, the data consumption for the computer you access them on. If you need more advanced network-wide monitoring to keep tabs on all the computers and devices on your network (and not just a single PC) we suggest checking out our article: How to Monitor Your Internet Bandwidth Usage and Avoid Exceeding Data Caps.
If all you need is a quick check to see what is using the most bandwidth over the last 30 day period, however, the built-in tools are fast, easy, and always on.
How To Check Network Usage In Windows 10
There are two ways to natively check the network usage in Windows 10, but we strongly prefer one method over the other. None the less we’ll highlight both methods and explain why one offers a clear benefit.
The first method is a holdover from the Task Manager update in Windows 8. To view network usage via the Task Manager access the Task Manager via keyboard shortcut (CTRL+SHIFT+ESC) or type “task manager” in the Start Menu search box.
In the Task Manager select the “App history” tab. There you’ll find two columns related to data consumption: “Network” and “Metered network”. (Metered network was a feature introduced in Windows 8.1 to help manage data use on capped/paid data connections, you can read more about it here.)
While it’s great this information is right at hand in the Task Manager, you’ll notice something in our screenshot above. All the visible apps are either core Windows apps are Windows Store apps. Maddeningly, the Task Manager still does not display data usage for regular old traditional Windows applications.
In fact if we sort the apps in the Task Manager by name and then compare the list to the other place you can check network usage, in the network settings menu, you’ll see that Chrome appears on the “Network Usage” list and not the list in Task Manager. Why they couldn’t use the same data they clearly have in both panels is a mystery.
As such if you want to get a better picture of the data use on your computer you rely on the information in the network settings section. Navigate to Settings -> Network & Internet. Select the top item on the left hand navigation pane “Data usage”.
Here you’ll see a general overview of the last 30 days. The circular graph will show you data used over different connections (in the case of our screenshot we’ve just used Ethernet but on a laptop you’ve used on both wired and Wi-Fi networks you’ll see a mix of sources).
You can dig deeper and get a more granular overview by clicking on the small link under the the graph labeled “Usage details”.
Here we find the missing data on apps from outside the Windows Store (which is most of the apps most people are using). Chrome, missing from the Task Manager list altogether, shows up right at the top as expected.
Have a pressing Windows 10 question? Shoot us an email at [email protected] and we’ll do our best to answer it.
READ NEXT
- › How to Use the vmstat Command on Linux
- › How to Scan (or Rescan) For Channels on Your TV
- › Why Video Doorbells Are the Best Smarthome Gadget
- › How to Report Phishing and Malicious Websites in Google Chrome
- › How to Search All Your PC’s Files in Windows 10’s Start Menu