Technology in terms you understand. Sign up for my weekly newsletter, "Confident Computing", for more solutions you can use to make your life easier. Click here.

How Do I Monitor Network Activity on My Windows Machine?

//
When my laptop is turned on, it starts downloading from the Internet – BUT – nothing is supposed to be downloading! How do I figure out what’s happening?

My normal response for this type of problem is to turn to Process Monitor, a free SysInternals utility from Microsoft. The problem is that it’s a pretty geeky tool, and requires a little patience and understanding to get useful results.

Of late, I’ve found myself firing up a completely different utility included in Windows 7 and 8 to monitor network activity. It’s a utility that quickly displays a lot of information about what’s going on. It actually can monitor several areas of your computer’s activity, but I’ll focus here on networking.

Become a Patron of Ask Leo! and go ad-free!

Perfmon

Perfmon, the system performance monitor, has been around for a long time. If you run “perfmon” (Windows Key + “R”, enter “perfmon”, click OK) you’ll end up with something similar to this.

Windows 7 Perfmon

It’s a fairly intimidating application, unless you’re well-versed in Windows technical details, so it’s decidedly not what I’m recommending here.

However.

In the descriptive text in the upper pane, you’ll see a link that says “Open Resource Monitor”. Click that – it’s the tool that we want.

Resource Monitor

Resource Monitor is really just a process monitor with a different interface. In fact, if instead of running “perfmon”, you run “perfmon /res” (without the quotes), you come directly to this interface.

Windows 7 Resource Monitor

Resource Monitor is probably somewhere between Task Manager and our old friend Process Explorer in complexity, with just a hint of Process Monitor thrown in. (Yes, all these similar sounding names can be quite confusing.)

As I said, I’m going to focus on using Resource Monitor to monitor network activity.

Click on the Network tab.

Windows 7 Resource Monitor: Network tab

Here you’ll find several panes of information about the network activity happening on your machine.

Let’s review the three most interesting.

Network Activity Graph

Network Activity Graph

At the top of the right-hand column, you’ll see this graph, which shows the average network traffic total for the last 60 seconds.

Be forewarned that the scale will change automatically based on traffic. In the example above, the scale is 10mbps, or 10 megabits per second, and the graph peaks at around the 4mbps range. If the traffic slows for long enough, the scale will change to 100kbps, or even 10kbps, so that even at lower traffic rates, the spikes of traffic can be viewed. It’ll also scale higher should network traffic exceed 10mbps long enough. The important thing to realize is that you need to pay attention to the scale to understand how much data is being transferred.

Processes with Network Activity

Processes with Network Activity

This pane lists the processes that are actively doing some kind of network I/O (input/output). The column headers can be clicked to sort by their contents, and I find sorting by Total to be the most interesting. In the example above, we can see that chrome.exe – the Google Chrome browser – was performing the most networked I/O on the system when the snapshot was taken, followed by Dropbox, and Thunderbird and others.

Network Activity

Network Activity List

I find this perhaps the most useful network pane. Listed here are the processes that have network activity, and remote endpoints to which they are connected. Not shown above (but off to the right) are the same Send/Receive/Total bytes columns, so you can see which connection is generating the most traffic.

In the example above, the most active connection is to an IP address: 67.201.31.35. A little research shows that this IP address belongs to “NETDNA”, the content distribution network that I use for Ask Leo! Indeed, I was downloading an Ask Leo! page with images to generate example traffic.

You can see additional connections to “cotendo.net”, another content distribution network, “1e100.net”, which turns out to be Google (I have Google sites open in my browser, and the example page that I used to generate traffic includes Google services), and “lw3.pugetsoundsoftware.com”, which is the server currently housing Ask Leo!

TCP connections

TCP Connections List

This pane lists all of the TCP network connections that have been established by applications running on your PC, whether or not they are actively transmitting or receiving data. This can be useful to examine what programs are connecting where out on the internet.

TCP Connections Graph

TCP Connections Graph

This graph shows the number of connections being made between your machine and others across the network, over time. Like the Network Activity graph, it also auto-scales, so do watch the maximum number shown to get a sense for exactly what the graph is showing you.

Summary

Resource Monitor’s network monitoring pane provides a very quick and informative window to monitor network activity happening on your machine. While it won’t tell you what files are being downloaded (you’ll still need Process Monitor for that – see the related links), it will tell you what remote sites your computer is connected to, and which of the applications on your machine are responsible for network traffic. Those two bits of information alone can often resolve many of the questions that you might have about what’s happening on your machine.

Podcast audio

Play

38 comments on “How Do I Monitor Network Activity on My Windows Machine?”

  1. Leo – Since I have had Win 7 I have been using this “Network Activity Indicator displays the old “two monitors’ icon in Windows 7 that flashed blue to show network activity on the System Tray”
    http://www.itsamples.com/network-activity-indicator.html
    it stays visible as in the old scheme and one can tell immediately if there is download activity. Don’t know why MS dropped it. It’s freeware and available from a number of download places on the internet. I believe the above link is the original author’s.

  2. Typing “Perform” at the run prompt did not work on mine. I had to go to the [control panel], Click on [Administrative Tools], then [Performance Monitor]. Not sure why the difference…

    It’s not “perform” – it’s “perfmon” – short for PERFormance MONitor.

    Leo
    28-Jan-2012

  3. There is an ever-expanding list of applications which automatically download updates or new versions, so it’s no surprise to see network activity soon after startup.

  4. Hi ,

    I have question, i have a machine(win7) that running perfmon and i need to dislplay via LCD this live perfmon graph to others but the machine only should access able by me.

    Please advice on this thanks

  5. I typically right-click the bottom line and go to Task Manager. from Task Manager, go to the “Performance” tab. You will see a box near the bottom that says “Resource Monitor”.

  6. Leo:
    Appreciate your advice and tips.
    Just curious, I expected to see something about Task Manager. It provides information on what programs are running, memory, and current activity.
    Thanks, George

  7. To go directly to Resource Monitor, just type “resmon” in the run box instead of “perfmon.”

    Thanks Leo, for pointing out some features of ResMon I hadn’t noticed before.

  8. I find that KB2670838 interferes with Resource Monitor. When I remove it, Resource Monitor works fine.
    It also works in Safe Mode.
    A web search for KB2670838 is instructive.

  9. Hi leo,
    The problem faced by novices like me is that we are unable to identify the suspecious actvity (ies) among the legitimates. You have only delt with the legitimate ones that has not helped us much. Even after reading this article, I’m still clueless while looking at the Process Monitor.

    So, please explain me how to identify the potential culprits in the Process Monitor.

    • There’s no blanket rule. The closest I can suggest is to look at the processes that are using bandwidth, and try to research the ones you don’t recognize.

  10. How do I monitor my network activity on window machine by Leo is very useful to me.Leo computer expert and computer officer have explained it in few easy to understand steps with pictorial explanation.Many thanks to Leo for nice explanation about monitoring of network activity. Mr jayesh N.Gandhi Ahmedbad.India

  11. Hi Leo, thanks for the podcast and the explanation on using this tool. I find it very useful for my day to day work as a Systems Engineer when troubleshooting complaints.

  12. Although good advice, I do know this, but I feel what people are really after is a lightweight “sentry” in the taskbar that provides a little information about realtime activity. What would be nice would be a notice on hover pop-up what application the requests and traffic are coming from. Why oh why in 2015 Microsoft dont have a tool to do that is not surprising when you see the mess that windows 8 is though. Microsoft with all thier money have absolutely dropped the ball and soon I feel will lose thier dominance because thier products are feeling heavy old and missing the mark.

  13. without using internet something was eating my data usage so i choose resource monitor and select network tab and deleted all files after that i unable to connect to internet……. now what can i doooo please… anyone help me plzzzzz…

    What can i do to connect Internet???

  14. After deleting all files from network tab from resource monitoring i cant use internet..Unable to connect network whatt can i do..plzz reply me..

  15. Just thought I’d mention that this was really helpful. I knew there was a way to do it, but I couldn’t remember how. For me, it was helpful to see that a file was, in fact, uploading (on an extremely slow DSL connection in China where the internet is anything but reliable…), despite the fact that the progress bar for the upload in Dreamweaver wasn’t working for some reason.

    Thanks.

  16. Before I waste any more time searching for network activity on my win10-pro, does it exist? Does your solution work on win10?

  17. In LINUX (RedHat, Ubuntu, Debian, Zorin, LinuxMint etc), “etherape” is a totally free of charge graphical network monitoring tool. As it is on LINUX, the program is very easy to install and use. But the best thing is, it gives very informative graphical display that is easy to understand.

  18. great tool, thank you! unfortunately i’m looking for some info as far as TOTAL network traffic, over time. for example, this resource monitor gives network traffic in Bytes per second, so I can see that streaming Groove Salad in Winamp is taking up 32k B/sec…but is there a method [other than calculating it myself] or some software I could use to find out how much bandwidth has been used by Winamp since I started streaming 2 hours ago? Or to find out how much total bandwidth my last game of League of Legends took, for examples? Thanks!

  19. Thank you! This was perfect. My internet slowed down to a crawl all of the sudden last week. When the service guy came from our internet provider he couldn’t find any issue with the lines. We tried everything to fix the issue, turning off all other devices except the main desktop, rebooting the modem, checking for IP address conflicts, nothing worked. Then I realized I needed to Ask Leo. Running the performance monitor showed that my back-up system on the main computer was the culprit. Last week I marked several files full of pictures for back up so it’s trying to do an 25G back up over 1.5mps bandwidth internet connection. No can do.

  20. A little late to the party but one of the top graphics illustrates the TCP Connections. One technique I employ is to jot down IP addresses found in the Remote Address field and then use an IP address lookup service to see who might own these servers. Sometimes, interesting results turn-up.

  21. I’ve been using Process Explorer for many years, but it doesn’t show some very useful detail that Resource Monitor does under Windows 10 x64 Home. For example looking at svchost activity no longer is a guessing game with the detail Resource Monitor provides. I pinned Resource Monitor to my taskbar and will use it as required in the future.

  22. I have been so puzzled by what I see in the Task Manager Networking graph. This article is enormously helpful! Thank you so much.

  23. Hi,

    Is there a way to dump/log the per application data usage. Let’s say, I want to see the trend of Input/Output Bytes/sec for skype application. It will be visible on real time basis, but how can we record it for historical data ?

  24. I ran resource monitor and found that it was showing network activity even when my network cable was disconnected from the internal network router. The computer I was monitoring has it’s cable to the router unplugged. Resource monitor was still showing Send AND Receive packets?????
    This computer has NO Wireless enabled. What is that????

  25. How do I find the ports when the activity does not show up in resource monitor? It does show up in process explorer under “network other” but there is no port information and absolutely no one has an explanation of what “network other” is. Firewall locked down, or off I have the same activity, usually it either SYSTEM or one of the hundred plus svchosts, now I’m seeing a lot more of this activity that I’ve grown so accustomed to and have been so frustrated by…

    I have had people suggest it is “bounceback” but I have the firewall logging everything, it is simply out going. I have a lot of events in powershell all of which say the task catagory are “execute remote command” and it is a brandnew format and install of windows 10 pro, configured NOT to allow remote connections, all remote services are disabled, yet they are found running in task manager anyway. I find the hidden .pbk in appdata modifed quite often… I guess this something to with microsoft because I took ownership of everything pbk in the registry my I was no longer able to connect to windows update.

  26. About ad blockers:
    I appreciate that you want to use advertising to support your site, and I support that. But I can’t allow aggressive, 3rd-party links because they produce too many lock-ups. Serve only static advertising, served only by you. Then, ask advertisers to supply a counter, possibly encrypted, that only they can read. Work to stop those who would turn the Internet into interactive television.

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Typically that's off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.