Monitor network traffic in XP
I have Win XP. I'm running Backblaze for online backup. When it's running, I have interference with other things on the network, so only run it at nite. In the morning after I pause backup, there's still something that's transmitting and continues to interfere. If I log out and log back in, all is well.
So I'm pretty sure Backblaze is the culprit, but I'd like to prove it. Is there some way to look at network traffic and relate it to a running process?
So I'm pretty sure Backblaze is the culprit, but I'd like to prove it. Is there some way to look at network traffic and relate it to a running process?
ZombieAutopsy
You could just use Task Manager. The Networking tab show the utilization on your local pc
If your looking for something specific to pinpoint the exact software, you could try www.spiceworks.com its free and gives you a lot of functionality.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Hi there.. :)
two nice tools..comes into my mind 1 is wireshark and another one is windows network monitor i think they r good enough to do urs job.
Cheers
two nice tools..comes into my mind 1 is wireshark and another one is windows network monitor i think they r good enough to do urs job.
Cheers
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
This is a guide in three steps.
1) Install wireshark and capture a traffic sample when the load is high. If it is obvious which session is loading the network, go to the next step.
Capture a fairly long sample (several minutes), then use the menu choice "statistics"->"conversatio
2) When you have determined the most intensive tcp-connection you start a command window in windows
and type "netstat -o"
There you have evidence which process-ID (PID) is using your bandwidth.
3) To figure out which application that has a PID you use the task manager.
Normally the PID don't show in the process list. But you can add that column in the menu "view"->"add column"
I don't have the english version so I don't know the exact name of the menu choice. But I think that you'll find it.
1) Install wireshark and capture a traffic sample when the load is high. If it is obvious which session is loading the network, go to the next step.
Capture a fairly long sample (several minutes), then use the menu choice "statistics"->"conversatio
2) When you have determined the most intensive tcp-connection you start a command window in windows
and type "netstat -o"
There you have evidence which process-ID (PID) is using your bandwidth.
3) To figure out which application that has a PID you use the task manager.
Normally the PID don't show in the process list. But you can add that column in the menu "view"->"add column"
I don't have the english version so I don't know the exact name of the menu choice. But I think that you'll find it.
ASKER
Win task manager: shows network usage but (a) does not show up/down traffic and (b) does not identify the culprit.
If spiceworks can answer my question, i can't see how. i looked at forum comments and everyone recommends other software. (the recommendations either a separate PC to monitor or are pretty complicated to install).
procomon does not seem to give internet info at all. if it does, i missed it.
i've used wireshark before and suppose i could use it here, but it's like using a 747 to fly across town. i want something simple.
so far, commview looks right. i'm using the trial version. it shows traffic, the direction, and the responsible process. will try it for a day or two ...
If spiceworks can answer my question, i can't see how. i looked at forum comments and everyone recommends other software. (the recommendations either a separate PC to monitor or are pretty complicated to install).
procomon does not seem to give internet info at all. if it does, i missed it.
i've used wireshark before and suppose i could use it here, but it's like using a 747 to fly across town. i want something simple.
so far, commview looks right. i'm using the trial version. it shows traffic, the direction, and the responsible process. will try it for a day or two ...
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You can install the Port Reporter tool (service). The Port Reporter tool runs as a service on computers that are running Windows Server 2003, Windows XP, and Windows 2000. The tool logs TCP and UDP port activity
http://support.microsoft.com/kb/837243
You can then use the PR-Parser tool to open and view the logs in a grid that you can filter and apply criteria.
http://support.microsoft.com/kb/884289
I find this tool helpful for recording the IP address of incoming RDP Remote Desktop attempts. There could be as many as 800 hacking attempts in 30 minutes once port-scanning "bots" that are constantly running on the internet and infected boxes discover open ports. It can also identify outgoing connections and the processes that opened them.
http://support.microsoft.com/kb/837243
You can then use the PR-Parser tool to open and view the logs in a grid that you can filter and apply criteria.
http://support.microsoft.com/kb/884289
I find this tool helpful for recording the IP address of incoming RDP Remote Desktop attempts. There could be as many as 800 hacking attempts in 30 minutes once port-scanning "bots" that are constantly running on the internet and infected boxes discover open ports. It can also identify outgoing connections and the processes that opened them.
ASKER
I've been waiting a few days to test the alternatives out. Oddly enough, once I started monitoring, the problem went away (that VOIP was disrupted even after I stopped BackBlaze). But now I know how to check.
So, how did the monitors stack up? Non-free CommView gives the easiest view since it consolidates the presentation by total network i/o per process per direction. Free ProcMon is harder to use since it just shows packets but it is possible to figure out what's going on. So I'll give equal points to each suggestion.
So, how did the monitors stack up? Non-free CommView gives the easiest view since it consolidates the presentation by total network i/o per process per direction. Free ProcMon is harder to use since it just shows packets but it is possible to figure out what's going on. So I'll give equal points to each suggestion.