windows 7 - Is there any way to drill down and see what System process is producing network traffic on my LAN?

06
2014-04
  • Clay Nichols

    I've got an XP machine acting as a server and a Windows 7 PC connected via wired LAN. Gigabit Ethernet b/t them.

    Occassionally, usually after a long day, the connection to the server gets very slow. Today I pulled out the Resource Monitor and saw that the traffic (with only those two PCs on the network) was a steady 10 mb/s with nothing running between those two computers.

    Resource Monitor showed over 95% of that traffic was from System.

    Is there some way to drill down and see what System processes are generating that traffic?

    • Answers
  • YLearn

    This is a bit more advanced than the NetBalancer suggestion from Amith (which looks like a nice program, but I have never tried it). However this method uses only free tools or ones already native to Windows.

    You can download and use Wireshark to capture the network traffic going into and out of the computer. This will allow you to see they type of traffic that is being generated and the port numbers in use. For your purpose, after capturing data, it would probably be best to use choose the "Statistics" menu and open the "Conversations" report as this will sort the data into source/destination conversations.

    From a elevated command prompt (click on the "Start Button --> type "cmd" in the search box --> right-click on "cmd.exe" in the found programs --> click on "Run as Administrator"), you can then run the command netstat -b which will provide you a list of all the computer's network connections.

    Your output would look something like the below. The last connection is ESTABLISHED (currently open) from my computer using the local TCP port of 51888 going to stackoverflow on port "http" (the translated name for 80) and finally the binary that is associated with this connection is chrome.exe. If you don't want the IP address and ports to be translated, add a "-n" to the netstat command.

    enter image description here

    Find the entries that match the traffic you captured and this will tell you the program(s) using the connection.

  • Minato Namikaze

    You can use NetBalancer for this. It is a 30 day trial, but that should be enough to find out which process is using all the bandwidth and to take appropriate action:

    As you can see here, you can see how much bandwidth a process uses and even limit the bandwidth for each process.

  • Lieven Keersmaekers

    Pretty fresh from the press but looking very promising and definitely up to the task

    Microsoft Message Analyzer

    We are excited to announce the official release of Message Analyzer to the Microsoft Download Center. Sci-Fi movie references aside, this really is a new beginning for troubleshooting and analysis. Message Analyzer brings a set of new ideas, new techniques, and new paradigms in order to make analysis of protocols, log files, and system events a cohesive activity which allows correlation across all those types of traces.

    Operating guide

    Microsoft Message Analyzer is a new tool for capturing, displaying, and analyzing protocol messaging traffic and other system messages. Message Analyzer also enables you to import, aggregate, and analyze data from log and trace files. It is the successor to Microsoft Network Monitor 3.4 and a key component in the Protocol Engineering Framework (PEF) that was created by Microsoft for the improvement of protocol design, development, documentation, testing, and support. With Message Analyzer, you can choose to capture data live or load archived message collections from multiple data sources simultaneously.

    Message Analyzer enables you to display trace, log, and other message data in numerous data viewer formats, including a default tree grid view, interactive tool windows, and other selectable graphical views that employ grids, charts, and timeline visualizer components that provide high-level data summaries and other statistics. Message Analyzer also enables you to configure your own custom data viewer charts. In addition to being an effective tool for troubleshooting network issues, Message Analyzer enables you to test and verify protocol implementations.


    • Related Question

    windows 7 - What is the security risk of using WLAN and LAN network on a computer at the same time?
  • Chris Hand

    We have a few older HP laptops that when docked in a port replicator the WLAN connection is disabled and the LAN connection is enabled. We have since replaced these with Toshiba R700s which do not have this feature.

    Is there any security risk in running both a WLAN and wired LAN connection at the same time?

    Toshiba R700s are running Windows 7 Enterprise.


    • Related Answers
  • jcrawfordor

    There is no specific security risk to having two network interfaces enabled, beyond the fact that it is possible for the user to not notice which interface is in use (e.g. the laptop may have automatically connected to a wireless network while the user thought it was using the ethernet connection). You can avoid this problem entirely by simply turning the wireless power switch off when using an ethernet connection, or just looking at your network status occasionally.

  • KCotreau

    There is a theoretical risk, or you would not be asking. The reality is that if you have not disabled, or significantly changed, the Windows firewall you are pretty safe. In addition, you need to keep your computers patched (Windows Update and browser plugins up-to-date http://www.mozilla.com/en-US/plugincheck/ ...works for most browsers), and protected with anti-virus.

    Most attacks happen from the inside, because you have not properly maintained your computer, and you get a virus.

  • harrymc

    The only security risk is that wireless can be hacked from outside of your office.

    A (very) knowledgeable hacker can always get into a wireless network, bypassing all and any protections.

    If this is a problem, wireless routers should not be allowed where the office external walls are within their possible range, or should only be used with a VPN.

  • billybob

    The problem I see is when your wired and wireless networks are using different internet connections (separate routers or firewalls). For instance you may be connected to your corporate wired network at your office which also hosts a wireless network for guests on a separate internet connection. Most likely if this is the case then the security would be far lower on the wrls guest connection. Being connected to both of these networks at the same time would introduce a security risk to your corporate wired network because you have now effectively used your laptop as a bridge between the wired and wireless, meaning if someone gains access to your laptop via the wrls guest connection they would also have access to any resources you have access to on the wired. So my rule of thumb is to remember that you are connecting both networks together when you do this and therefore your network is only as secure as the weakest connection.