Network analysis feature in Process Monitor

Process Monitor from Windows Sysinternals, part of Microsoft’s Server and Tools division, combines the best of familiar but now extinct tools. By extinct I mean deprecated or no longer supported. The warranty* expired.

Windows 8 PC running Process Monitor
Events with a highlight filter applied
Time of Day and Process Name columns
Right-click menu

The context-sensitive [right-click] menu allows you to highlight a specific number of rows (events displayed horizontally) with only a particular column match highlighted. The example above is right-clicking on the Operation column of a particular row.

PID, Operation, and Result are columns in photo

But how Process Monitor combines all is just the start. They also allow you to filter. My favorite part of the toolbar in Process Monitor is the


All five turned on except “profiling”, the default settings
To filter out just the network traffic, click on each highlighted box to deselect except this highlighted icon in the photo below:image
Show Network Activity icon

Then turn on the Autoscroll feature, off by default:

Autoscroll (Ctrl+A)

Allowing you to get a real-time,scrolling, network [event] trace like this:


Just remember to turn on the other three show buttons (file, registry, process). Don’t turn Profiling on, unless you want more data. Refer to the onboard [F1] Process Monitor help.

For more information on support lifecycle, and how to download Process Monitor, refer to the references section below:


*Microsoft Support lifecycle website
Windows Sysinternals