| By Ryan Russell |
The new release of my favorite Windows tool makes it even easier to troubleshoot your PC.
Version 2 of Mark Russinovich’s free Process Monitor utility adds network monitoring to its arsenal of system-analysis tools.
Monitor processes and their network activity
Mark Russinovich, the (previously) Sysinternals guy who now works for Microsoft, has released version 2 of one of my all-time favorite Windows freebies, Process Monitor. I wrote a series of columns about this program earlier this year.
The utility supports Windows 2000 SP4 through Vista (but doesn’t list Windows Server 2008, which may have been omitted from the documentation as an oversight). Most importantly, the program now monitors network traffic. My previous columns on Process Monitor listed packet capture as a separate tool. There has been a very useful enhancement in that area in version 2, though it’s not quite a full replacement for a dedicated packet-capture utility yet.
Keeping an eye on your network traffic
After you download and run the new version of Process Monitor, you see the new Show Network Activity option. In the button bar below the menu on the right, there are five Show buttons. If you leave Network Activity on and turn off the other four options, the new feature stands out quickly. You’ll see a send or receive option, as well as the hostnames or IP addresses or port numbers of the Path. (You’re given the option to resolve names.) Under Detail, you see the amount of transferred data.
In terms of having all of your event information in one place, having this network data at hand is huge. You can now use Process Monitor to get a fairly clean log of what each process does to your Registry, file system, and network. So whether you’re watching for suspicious network activity or troubleshooting a balky PC, one utility’s got you covered.
Unfortunately, Process Monitor is not completely wartless. If you’re a packet snob like me, you’ll miss not having the exact packet data and a good decode of it. However, just knowing the IP addresses and ports is sufficient about 80% of the time. Having this information available will save me from opening the Wireshark utility, which I described in my Mar. 20 column.