How to monitor process network usage under windows

I am looking for a way to get the list of information as the Resource Monitor under windows did, such as: I want to know the address and the among of send and receive usage of an selected application.

At the beginning I am looking for a c++ win32 api or other open source library to do this, I can find something like GetProcessInformation but it does not include network information.

I saw some similar topics but they didn’t help.
Ref_001, It seems the network monitor api cannot do application specific monitor.
Ref_002, I am not sure if OpenTrace/ProcessTrace/StopTrace can get me the network usage or not and also I am not sure how to use it.
Ref_003, They are suggesting some tools but it is not what I want.

2 Answers 2

Windows supplies you with this information in two parts from different functions that you’ll need to put together to get the full story. Well, technically, it’s three functions: for the second part of the data, there are separate functions for IPv4 and IPv6 data.

The first function is GetExtendedTcpTable. To get all the information above, you’ll probably need to call this (at least) twice: once with the TCP_TABLE_OWNER_PID_CONNECTIONS flag, and once with the TCP_TABLE_OWNER_MODULE_CONNECTIONS flag to retrieve both the PID and the module name of the local executable.

The second pair gets you statistics about the data sent/received on a particular connection. Each connection is identified by a combination of local address/port and remote address port (same as used above). You retrieve the information with GetPerTcpConnectionEStats for IPv4 or GetPerTcp6ConnectionEStats for IPv6.

Either of these will retrieve a table, with each row in the table containing statistics for one connection. If you have (for example) multiple tabs open in your browser, could choose to show the data for each connection individually, or you could amalgamate them as you saw fit.

Logging individual application network usage in Windows 7 [closed]

Want to improve this question? Update the question so it’s on-topic for Super User.

Closed 5 years ago .

There are many answers here detailing programs that will monitor and log internet usage for a pc, but I need that usage to be logged and broken down, detailing which applications consumed that data.

I’ve noted there are several that give a real-time feed of each application’s data usage (NetLimiter, Win7 Resource Monitor), but I can’t find one that will log such data.

Anyone know of one? Need to track down which program is using up a friend’s bandwidth!

3 Answers 3

There are a variety of programs to suit this purpose.

Fiddler records all communications and even shows you to where/what, and which program was responsible.

NetBalancer shows you a graph of a processes bandwidth usage (i presume this is what you really want to see, rather than a raw text output). It also allows you to limit and block network activity on a per process basis.

If you can’t find anything you’re happy with application-wise, a heavyweight (but oh-so-satisfying-when-you-work-it-out) solution would be to do some network monitoring with Microsoft Network Monitor (v3.4 right now) which would then give you the ability to slice n dice things as you wanted?

Straight up though — it won’t give you precisely what you’re after (a per-application level log) but it will give you the ability to slice the data up to get at that information, if you’re feeling creative.

(It’s also kinda fun seeing where your data goes..)

Introducing: Microsoft Network Monitor 3.4

I’m just performing a capture now while typing out this answer, and to add some variety into the mix — checking for windows updates, and running IE to fetch some files — but as you can see from the screenie here: It can a bit overwhelming at first, I’ll admit, but mainly I’d draw your eye to the left hand side box which will show you all the processes it’s captured as generating network traffic. Opening up the application will then break it down into conversations, which you could further go into. It’s probably better to just have a quick play rather than me wasting a mountain of words explaining, but in short — it’s going to log every little bit of network traffic that it can — that’s what’s being displated in the middle pane.

Filtering it all back so you don’t go insane.

You can apply filters to the data you’ve captured in order to trim down what you’re looking at like say, knocking out certain IP addresses,protocols, or even particular processes (or even conversations if you wanted..).

The filter language is documented within the help, and it’s got some decent canned examples, but just so you can see without downloading the package some examples would be:

. and aggregating it to something a bit more readable (NMTopUsers)

Right. That allows you to filter back to a certain target group, but unless you’re feeling particularly masochistic and you enjoy reading frame headers, you want to get the NMTopUsers expert

This expert will process whatever data you throw at it, AFTER it’s been filtered (so to do this, you’d open up a capture file, apply your filters to isolate say firefox.exe, and then invoke the expert) and give you an output that looks a bit like this:

Graphs are also available if you’ve got the relevant package installed (I don’t on this machine) and the output will allow you to eyeball, by destination, where your traffic is going to (and coming from), along with the headline figures which will give you, in a roundabout way, what you’re looking for.

Someone may have developed an expert to do exactly what you’re after, but I’m not aware of one, sorry. I’d offer to build something but I’m kinda out of practice 😛

Anyhoo, using this, if you’re feeling like having a play, you could approach your ‘what the hell is chewing up my bandwidth’ problem with some basic logging of your interface using perfmon (which can help you isolate when things are happening or if it’s a sustained baseload problem) and in parallel (or after the event) set up a network monitor trace to capture the data you’re interested in (the more you can focus capture the better, since you’re going to end up with laaaaarge capture files if you do it for any length of time).

Once you’ve got all of that, you can run NMTopUsers and drill down to see which are your particularly hungry apps, and also, where it’s all going in some fashion, and heck, if it’s HTTP or something else..

Get Specific Process network usage

It looks like a ton of people have asked this questions (on other forums as well) and yet didn’t find an answer..

I’m trying to find a way, in Powershell, to get the bytes sent/received by a specific process. The idea is to collect this data to analyze the total traffic used so far. This is possible with Process Hacker and Process Explorer. With Resource Monitor instead I can see just the live utilization (whilst Process Explorer/Hacker will also show the total Received and Sent).

The help desk software for IT. Free.

Track users’ IT needs, easily, and with only the features you need.

6 Replies

I am not aware of any per-process network usage statistics. I’ve used every version starting with 2.0 and NT 3.1 and have never seen such a performance counter.

Yeah I’m really having troubles finding a solution here. I just don’t understand where Resource Monitor gets its info from?

If you don’t mind it being a bit ‘hacky’ (i.e. a rough estimate as opposed to a 100% accurate measurement) you could use the following script. Bear in mind that this is not really an ideal measurement, as it can only track by Process ID not the name. Also the only data I could see available was total IO so it includes disk measurements too, not just specifically for network usage:

Thanks for this! I believe these are the same counters I’d find in performon which are the shared ones indeed. The whole purpose behind this is to get accurate readings from the process’ network usage: consider that right now I’ve got Process Hacker running to track it down, hoping the process doesn’t restart (or i’d lose the info I got so far).

As per my above message, where the heck does «Resource Monitor» grab these readings? 😀

Yeah unfortunately there doesn’t appear to be any built-in per-process network usage counters. I’ve briefly looked at things like this before but the short answer is there isn’t a super easy way to programatically get hold of data that specific.

Resource Monitor uses something called ETW (a tracing facility) to get it’s information and you can in fact trace these events with Powershell, but it’s a hell of a lot of work. If you’re still determined I’ll shoot you some links below, but can’t really offer any other advice as this level of dev goes way beyond what I’m capable of/understand:

Thank you, but that’ll also grab Disk IO. So a process working with both disk and network will show values far from accurate.

I’m afraid that’s the only solution I actually have left (which I already tried to find an answer for and which I really wanted to avoid).

This is for a personal project, but I cannot believe nobody ever posted an example on how to get around this. Thanks for your posts so far.

Network Usage — ловим потребителей трафика

Часто от людей, которые недавно познакомились с мобильной ОС Android можно услышать две жалобы: прожорлива система по отношению к аккумулятору и много потребляет трафика. Люди опытные знают, что вторая проблема отчасти порождает первую. А ведь с о.

Часто от людей, которые недавно познакомились с мобильной ОС Android можно услышать две жалобы: прожорлива система по отношению к аккумулятору и много потребляет трафика.

Люди опытные знают, что вторая проблема отчасти порождает первую. А ведь с обоими проблемами можно вполне успешно бороться. Главное иметь под рукой необходимые инструменты. Например, утилиту Network Usage.

Network Usage — очень полезное приложение, которое поможет отследить те процессы, которые периодически вылезают в сеть, возможно, не сообщая вам об этом. А вы уже в свою очередь сможете оптимизировать траты за интернет и даже снизить энергопотребление, потому что постоянные активные сессии gprs/3g активно кушают аккумулятор.

А кроме того в Network Usage можно включить режим при котором видно сколько какой из рвущихся во всемирную паутину процессов затратил процессорного времени. Это, конечно, тоже влияет на расход энергии телефоном.

Как видно приложение Network Usage очень простое, но в умелых руках, да и в сочетании, например, с Autostarts поистине способно творить чудеса.

Если вам интересны новости мира ИТ также сильно, как нам, подписывайтесь на наш Telegram-канал. Там все материалы появляются максимально оперативно. Или, может быть, вам удобнее «Вконтакте» или Twitter? Мы есть также в Facebook.

Process network usage windows

System Requirements

Versions History

• Version 1.42:
  • Added ‘Start As Hidden’ option. When this option and ‘Put Icon On Tray’ option are turned on, the main window of AppNetworkCounter will be invisible on start.
  • Updated to work properly in high DPI mode
• Version 1.41:
  • Added ‘Process Services’ column, which displays the services of the process (Only when the ‘Group By’ option is ‘Process ID’).
• Version 1.40:
  • Added ‘Show Total Line’ option. When it’s turned on, a ‘Total’ item is added, showing the total TCP/UDP bytes and packets of all applications together.
• Version 1.35:
  • Added thousands separator to all byte counter units.
  • You can set any variable appears saved in the .cfg file from command-line. For example, this command set the speed unit to kB/Sec :
    AppNetworkCounter.exe /SpeedUnit 1
  • Added ‘Align Numeric Columns To Right’ option (It’s turned on by default).
• Version 1.30:
  • Added ‘Group By’ option — Application Name (The default) or Process ID. If you choose the ‘Process ID’ option — every process ID of the same application is displayed as a separated item.
• Version 1.25:
  • Added new columns ‘First Activity Time’ and ‘Last Activity Time’.
  • Added ‘Hide Inactive Items’ option.
• Version 1.20:
  • Added ‘Maximum Receive Speed’ and ‘Maximum Send Speed’ columns.
• Version 1.15:
  • Added ‘Put Icon On Tray’ option.
• Version 1.12:
  • Added ‘Save File Encoding’ option.
• Version 1.11:
  • Added ‘Sort On Every Update’ option.
• Version 1.10:
  • Added command-line options to save the report of AppNetworkCounter into a file without displaying any user interface.
• Version 1.06:
  • Added ‘Save All Items’ option (Shift+Ctrl+S).
• Version 1.05:
  • Added option to choose another font (name and size) to display in the main window.
• Version 1.00 — First release.

Start Using AppNetworkCounter

Immediately after running it, the main window displays every application that currently send or receive data on your network. Be aware that the network counters in this tool are not per process but per application, so if you have multiple processes for the same application , AppNetworkCounter merges them into one line. Also, if you close an application and then run it again, AppNetworkCounter will continue the update the network counters of the same application entry.

At any time, you can clear the entire list and start with empty window by pressing Ctrl+X (Clear All). You can also reset the network counters of selected items by pressing Ctrl+R (Reset Selected Counters).

Columns Description

• Application Name : The .exe filename of the application.
• Application Path : The full path of the application.
• Received Bytes : Number of bytes that the specified application received.
• Sent Bytes : Number of bytes that the specified application sent.
• Receive Speed : Calculated receive speed of the specified program. You can use this field to monitor the current download bandwidth used by every application on your system.
• Send Speed : Calculated send speed of the specified program. You can use this field to monitor the current upload bandwidth used by every application on your system.
• Maximum Receive Speed : The maximum value of the ‘Receive Speed’ column.
• Maximum Send Speed : The maximum value of the ‘Send Speed’ column.
• Received Packets : Number of packets that the specified application received.
• Sent Packets : Number of packets that the specified application sent.
• IPv4 Received Bytes : Number of IPv4 bytes that the specified application received.
• IPv4 Sent Bytes : Number of IPv4 bytes that the specified application sent.
• IPv6 Received Bytes : Number of IPv6 bytes that the specified application received.
• IPv6 Sent Bytes : Number of IPv6 bytes that the specified application sent.
• Product Name : product name, taken from the version resource of the .exe file.
• Product Version : product version, taken from the version resource of the .exe file.
• File Description : file description, taken from the version resource of the .exe file.
• Company Name : company name, taken from the version resource of the .exe file.
• First Activity Time : The first time that network activity was detected for the specified application.
• Last Activity Time : The last time that network activity was detected for the specified application.

Other Options

• Speed Unit : Specifies the speed unit for the speed columns (‘Receive Speed’, ‘Send Speed’, ‘Maximum Receive Speed’, ‘Maximum Send Speed’): kB/Sec , KiB/Sec , MB/Sec , MiB/Sec, Mbps
• Bytes Counter Unit : Specifies the unit for all counter columns: Bytes, kB, KiB, MB, MiB
• Exclude Activity of Localhost Addresses : If this option is turned on, AppNetworkCounter won’t count the local host activity (127.0.0.1 or ::1 ).
• Hide Inactive Items : If this option is turned on, AppNetworkCounter hides any item that is not active for more than xx seconds. The default timeout value is 10 seconds, you can change the default timeout value by setting the ‘InactiveTime’ value of the .cfg file.

Command-Line Options

/CaptureTime	Specifies the capture time in milliseconds for the save command-line options (/stext, /stab, /scomma, and so on. ) The default is 10000 milliseconds (10 seconds).
/cfg	Start AppNetworkCounter with the specified configuration file. For example: AppNetworkCounter.exe /cfg «c:\config\anc.cfg» AppNetworkCounter.exe /cfg «%AppData%\AppNetworkCounter.cfg»
/stext	Save the report of AppNetworkCounter into a simple text file.
/stab	Save the report of AppNetworkCounter into a tab-delimited text file.
/scomma	Save the report of AppNetworkCounter into a comma-delimited text file (csv).
/shtml	Save the report of AppNetworkCounter into HTML file (Horizontal).
/sverhtml	Save the report of AppNetworkCounter into HTML file (Vertical).
/sxml	Save the report of AppNetworkCounter into XML file.
/sjson	Save the report of AppNetworkCounter into JSON file.
/sort	This command-line option can be used with other save options for sorting by the desired column. The parameter can specify the column index (0 for the first column, 1 for the second column, and so on) or the name of the column, like «Application Name» and «Application Path». You can specify the ‘

‘ prefix character (e.g: «

Received Bytes») if you want to sort in descending order. You can put multiple /sort in the command-line if you want to sort by multiple columns.