Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


monitor bandwidth usage for specific workstation in domain

Posted on 2014-02-19
Medium Priority
Last Modified: 2014-02-20

I would like to know what tools/ways I have to monitor a specific workstation in our domain environment for bandwidth usage, I can see in our FW that the bandwidth usage coming from this workstation is high and I would like to know which application running on his workstation is responsible for this.  I can see the list of applications remotely using tasklist from CMD but that does not provide me with the bandwidth towards the WAN.

This has to be done under the radar.
the OS: win7

Question by:iNc0g
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 13

Expert Comment

by:Alex Green
ID: 39869717
There is a solar winds netflow traffic analyzer, it's a 30 day free trial and pretty decent
LVL 37

Accepted Solution

bbao earned 2000 total points
ID: 39869910
try TCPView, "a Windows program that will show you detailed listings of all TCP and UDP endpoints on your system, including the local and remote addresses and state of TCP connections."

it may give you the traffic data per process, as shown below.

TCPView v3.05
FYI - TCPView v3.05

Author Comment

ID: 39870260
Regarding TCPView - I need a way to monitor an end-user workstation without his knowledge so I can really detect whether he's "abusing" the bandwidth, can this app run remotely? it doesn't seem so.
Introducing the WatchGuard 420 Access Point

WatchGuard's newest access point includes an 802.11ac Wave 2 chipset, providing the fastest speeds for VoIP, video and music streaming, and large data file transfers. Additionally, enjoy the benefits of strong security as the 3rd radio delivers dedicated WIPS protection!

LVL 37

Expert Comment

ID: 39870424
YES, you can. you need to use the console version of TCPView (tcpvcon.exe) and PsExec together.

FYI - PsExec v2.0

Author Comment

ID: 39870500
I see, so you mean copying the tcpvcon.exe to the remote workstation and open it using psexec, correct ?
LVL 37

Expert Comment

ID: 39870617

don't forget to check PSEXEC's help for correct command line parameters to be used for calling TCPVCON.EXE.

Expert Comment

ID: 39872299
To monitor without his acknowledge, you need to check another passive network monitoring programs.
A passive network monitoring program can parse and monitor network packets from a mirroring port of your switch.

Programs you can try:
1. WFilter Free

2. Wireshark
LVL 37

Expert Comment

ID: 39872755
> To monitor without his acknowledge, you need to check another passive network monitoring programs. A passive network monitoring program can parse and monitor network packets from a mirroring port of your switch.

that way can't provide per application / process traffic statistics, only per protocol or port traffic can be counted. it also needs additional hardware including network switch and computer (physical or virtual machine).

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Getting to know the threat landscape in which DDoS has evolved, and making the right choice to get ourselves geared up to defend against  DDoS attacks effectively. Get the necessary preparation works done and focus on Doing the First Things Right.
An article on effective troubleshooting
Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Suggested Courses

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question