Programmatically getting per-process network statistics on Windows?

views:

1230

answers:

+6 Q:

Programmatically getting per-process network statistics on Windows?

I'd like to find out which processes are using my network. This is quite easy in Linux, but I'm stumped as to how to do this in Windows.

Essentially, I'd like, for each process, to know how many bytes it has read/written to the network over a time period. If I could know IP addresses/port numbers, etc., that would be awesome.

Any pointers? Windows Vista/Windows 2008 seem to be able to do this in Resource Monitor. How do they do it? What's the overhead?

I want to do this in my own code, so utilities (TCPView, PerfMon) aren't useful to me. I'd also like to have separate disk and network I/O counters, so the default performance counters aren't enough.

Windows XP, 2003, Vista, 2008 and 7 preferred. Win32 or COM OK.

You'd be amazed at the stuff you can get out of Perfmon.

Bring it up, right click in the graph area, and select "Add Counters...". Surf around and see if anything does what you want.

From my reading of what you are asking, I'd select "Process" as my performance object, and start selecting likely looking culprits from the list of processes, with perhaps "IO Data Bytes/sec" counters being watched. If you mess around in there you may find something more useful to you to look at though.

Edit: I'm noticing that it says "Programatically" (did it say that yesterday?)

Well, you can actually get pretty much all the information Perfmon gets from the registry with the key HKEY_PERFORMANCE_DATA. I think that's what Perfmon enumerates and uses, so you should be able to poke around with perfmon to see what's there and works for you, then write code to read it out in realtime in your own program.

One of the really nice things about this method, is that it even works remotely, if you have the right privs.

T.E.D. 2009-03-10 14:31:05

-1: IO bytes in perfom rolls up disk and network IO together.

Patrick Cuff 2009-03-10 15:28:59

That is true. However, if you aren't running anything that has any reason to do a lot of disk I/O, it should do fairly well for you.

T.E.D. 2009-03-11 13:56:16

+1 A:

You will need to use the IPHelper API.

Here is a good article detailing its use from .NET: http://www.codeproject.com/KB/IP/iphlpapi.aspx

Enjoy.

Boo 2009-03-10 18:27:29

That doesn't appear to contain per-process statistics.

Roger Lipscombe 2009-03-11 10:23:22

No, but it does link a process to a network connection. It's one peice of the puzzle.

Boo 2009-03-11 23:10:28

Some details would be appreciated.

Roger Lipscombe 2009-03-30 08:10:25

+2 A:

I wrote a solution to this.

A TDI filter driver to collect the stats, a service which communicates with the driver and gets the stats once per second. Since the filter is at the TDI layer, I know which sockets belong to which applications. The service is a server for this data, offering it via shared memory to arbitrary third party clients via an API I wrote. I wrote a GUI and a command line client.

You can also bandwidth shape sends (per interface and/or application and/or socket) and watch data passing over a socket in real time, in a window.

Blank Xavier 2009-03-27 19:20:12

where's your solution ????

Mustafa A. Jabbar 2009-10-22 08:51:02

I know! I too wondered why I got "accepted solution".

Blank Xavier 2009-10-22 15:49:32

I'll take your word that you looked at this problem and decided that "write a custom TDI filter driver" was the best solution. I assumed that if you have some code you could have published, you would have done, and I'm not one of those people that says "show m3 the c0deZ!". Pointing me in the right direction is plenty, thanks.

Roger Lipscombe 2009-11-16 16:32:56

ansaurus

tags:

views:

answers:

Programmatically getting per-process network statistics on Windows?

related questions