I’d like to find out which processes are using my network. This is quite easy in Linux, but I’m stumped as to how to do this in Windows.
Essentially, I’d like, for each process, to know how many bytes it has read/written to the network over a time period. If I could know IP addresses/port numbers, etc., that would be awesome.
Any pointers? Windows Vista/Windows 2008 seem to be able to do this in Resource Monitor. How do they do it? What’s the overhead?
I want to do this in my own code, so utilities (TCPView, PerfMon) aren’t useful to me. I’d also like to have separate disk and network I/O counters, so the default performance counters aren’t enough.
Windows XP, 2003, Vista, 2008 and 7 preferred. Win32 or COM OK.
I wrote a solution to this.
A TDI filter driver to collect the stats, a service which communicates with the driver and gets the stats once per second. Since the filter is at the TDI layer, I know which sockets belong to which applications. The service is a server for this data, offering it via shared memory to arbitrary third party clients via an API I wrote. I wrote a GUI and a command line client.
You can also bandwidth shape sends (per interface and/or application and/or socket) and watch data passing over a socket in real time, in a window.