There's add-ons that Netmon (Network Monitor) calls "experts" that should give you something close to what you're looking for.įiddler (HTTP debugging) is my favorite tool for HTTP traffic. Network Monitor (protocol analyzer) for tracing everything from layer 2-7 in OSI Model.
Event tracing for Windows (ETW) is what it's Should have some kind of profiling or time-lapse graphing (chart) of counters, basic ones at least. Process Monitor has advanced tools/reporting under (I think) the Tools menu. Process Explorer can drill down to service host processes. Hey Stewart, did you ever find a solution for this? I am looking to capture this type of data as well and the counters don't appear to be accessible through perfmon. The data is all there: 'Image' being svchost.exe (termsvcs), PID 4016, Address "Thin Device Name" and B/Sec Usage. More specifially, what I am trying to do is get some indication of which terminal server session is using what bandwidth at what time. What I would like to be able to do is access these counters from within PerfMon, so that I can record the network activity of each instance This is all well and good, however it only shows live data, so I have to watch it to perform any kind of diagnosis. It has columns such as: Image, PID, Address, Send (B/Sec), Receive (B/Sec) and Total B/Sec. Out which process, or instance of process (address) is using what bandwidth. You just select the network tab, drill down into "Network Activity" and then sort by the appropriate column to find Tests the accessibility of WMI (Windows Management Instrumentation) counters in a quick and easy manner.In Server 2008 there is a helpful little tool called Resource Monitor, which allows me to see the network usage of each process. A useful freeware tool to test WMI connections. Knowledge Base: General introduction to WMI and PRTG
Using SNMP you can easily monitor 10 times as many nodes as with WMI (on the same hardware). Consider switching to SNMP-based monitoring for large networks.(You still get far better WMI monitoring performance with a remote probe on a virtual machine running Windows XP or Windows 2003 than on any bare metal system running Windows Vista/Windows 2008 R1.) If you cannot run PRTG on Windows XP/Windows 2003 consider setting up a remote probe with XP for the WMI monitoring.If possible use Windows 2003 R2 Server for WMI based network monitoring (followed by XP and Windows 7/2008 R2).Do not use Windows Vista or Windows 2008 R1 as monitoring stations for WMI-based network monitoring.If you want to use WMI for network monitoring of more than 20 or 30 systems, please consider the following rules: System performance (CPU, memory etc.) of virtualization does not strongly affect WMI monitoring performance.The more Windows Vista/Windows 2008/Windows 7 client systems you have in your network the more WMI monitoring performance will be affected.On Windows Vista/Windows 2008 R1 you can run about 300 WMI sensors with one minute interval.Actual performance can be significantly less depending on network topology and WMI health of the target systems - we have seen configurations that could not go beyond 500 sensors (and even less).
WMI is based on COM and DCOM and is integrated in Windows 2000, XP, 2003, Vista, 2008, and Windows 7 (add-ons are available for Windows 9x and NT4). Access can be local or remote via a network connection. WMI allows accessing data of many Windows configuration parameters, as well as current system status values.
Windows Management Instrumentation (WMI) is Microsoft's base technology for monitoring and managing Windows based systems.