Helping people with computers... one answer at a time.
Windows 7 has a useful utility for monitoring system activity. You can use it to find out a lot about what your computer is doing online.
When my laptop is turned on, it starts downloading from the Internet - BUT - nothing is supposed to be downloading! How do I figure out what's happening?
•
My normal response for this type of problem is to turn to Process Monitor, a free SysInternals utility from Microsoft. The problem is that it's a pretty geeky tool and it requires a little patience and understanding to get useful results.
Of late, I've found myself firing up a completely different utility included in Windows 7 that quickly displays a lot of information about what's going on. It actually can monitor several areas of your computer's activity, but I'll focus here on networking.
•
Perfmon
Perfmon, the system performance monitor, has been around for a long time. If you run "perfmon" (Windows Key + "R", enter "perfmon", click OK) you'll end up with something similar to this:
It's a fairly intimidating application unless you're well-versed in Windows technical details, so it's decidedly not what I'm recommending here.
However.
In the descriptive text in the upper pane, you'll see a link that says "Open Resource Monitor". Click that - it's the tool that we want.
Resource Monitor
Resource Monitor is really just a process monitor with a different interface. In fact, if instead of running "perfmon" you had run "perfmon /res" (without the quotes), you would have come directly to this interface.
Resource Monitor is probably somewhere between Task Manager and our old friend Process Explorer in complexity, with just a hint of Process Monitor thrown in. (Yes, all these similar sounding names can be quite confusing.)
As I said, I'm going to focus on networking here.
Click on the Network tab.
Here you'll find several panes of information about the network activity happening on your machine.
Let's review the most interesting.
Network Activity Graph
In the upper-right, you'll see this graph which shows the average network traffic total for the last 60 seconds.
What can be somewhat disconcerting about this particular graph is that the scale will change automatically based on traffic. You can see in the example above that the scale is 10Mbps, or 10 Megabits per second, with the graph peaks at around the 4Mbps range. If the traffic slows for long enough the scale will change to 100kbps, or even 10kbps, so that even at lower traffic rates, the spikes of traffic can be viewed. It'll also scale higher should network traffic exceed 10Mbps long enough. The important thing to realize is that you need to pay attention to the scale to understand how much data is being transferred.
Processes with Network Activity
This pane lists the processes that are actively doing some kind of network I/O. The column headers can be clicked to sort by their contents, and I find sorting by Total to be the most interesting. In the example above, we can see that chrome.exe - the Google Chrome browser - was performing the most networked I/O on the system when the snapshot was taken, followed by Dropbox, and Thunderbird and others.
Network Activity
I find this perhaps the most useful network pane. Listed here are the processes that have network activity and then remote endpoints to which they are connected. Not shown above, but off to the right are the same Send/Receive/Total bytes columns, so you can see which connection to which endpoint is generating the most traffic.
In the example above, the most active connection is to an IP address 67.201.31.35. A little research shows that this IP address belongs to "NETDNA", the content distribution network that I happen to use for Ask Leo! Indeed, I was downloading an Ask Leo! page with images to generate example traffic.
You can see additional connections to "cotendo.net", another content distribution network, "1e100.net" which turns out to be Google (I have Google sites open in my browser and the example page that I used to generate traffic includes Google services), and "lw3.pugetsoundsoftware.com" which is the server currently housing Ask Leo!
TCP connections
This pane lists all of the TCP network connections that have been established by applications running on your PC, whether or not they are actively transmitting or receiving data. This can be useful to examine what programs are connecting where out on the internet.
TCP Connections Graph
This graph shows the number of connections being made between your machine and others across the network over time. Like the Network Activity graph, it also auto-scales, so do watch the maximum number shown to get a sense for exactly what the graph is showing you.
Summary
Resource Monitor's network monitoring pane provides a very quick and informative window into the network activity happening on your machine. While I won't tell you what files are being downloaded (you'll still need Process Monitor for that), it will tell you what remote sites your computer might be connected to and which of the applications on your machine are responsible for network traffic. Those two bits of information alone can often resolve many of the questions that you might have about what's happening on your machine.
Article C5047 - January 20, 2012 « »
Leo A. Notenboom has been playing with computers since he
was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed.
After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers
to common computer and technical questions. More about Leo.
January 24, 2012 8:32 AM
Typing "Perform" at the run prompt did not work on mine. I had to go to the [control panel], Click on [Administrative Tools], then [Performance Monitor]. Not sure why the difference...
28-Jan-2012
January 24, 2012 9:26 AM
@ Dan, Please recheck spelling.
January 24, 2012 11:37 AM
There is an ever-expanding list of applications which automatically download updates or new versions, so it's no surprise to see network activity soon after startup.
January 25, 2012 4:43 AM
To Dan:
Leo said perfmon, not perform, Dan.
Wheee! :)
February 1, 2012 9:25 PM
Hi ,
I have question, i have a machine(win7) that running perfmon and i need to dislplay via LCD this live perfmon graph to others but the machine only should access able by me.
Please advice on this thanks
•
Comments on this entry are closed.
If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.
If you don't find your answer, head out to http://askleo.com/ask to ask your question.