Network analysis feature in Process Monitor

Process Monitor from Windows Sysinternals, part of Microsoft’s Server and Tools division, combines the best of familiar but now extinct tools. By extinct I mean deprecated or no longer supported. The warranty* expired.

image
Windows 8 PC running Process Monitor
image
Events with a highlight filter applied
image
Time of Day and Process Name columns
image
Right-click menu

The context-sensitive [right-click] menu allows you to highlight a specific number of rows (events displayed horizontally) with only a particular column match highlighted. The example above is right-clicking on the Operation column of a particular row.

image
PID, Operation, and Result are columns in photo

But how Process Monitor combines all is just the start. They also allow you to filter. My favorite part of the toolbar in Process Monitor is the

image

image
All five turned on except “profiling”, the default settings
To filter out just the network traffic, click on each highlighted box to deselect except this highlighted icon in the photo below:image
Show Network Activity icon

Then turn on the Autoscroll feature, off by default:

image
Autoscroll (Ctrl+A)

Allowing you to get a real-time,scrolling, network [event] trace like this:

image

Just remember to turn on the other three show buttons (file, registry, process). Don’t turn Profiling on, unless you want more data. Refer to the onboard [F1] Process Monitor help.

For more information on support lifecycle, and how to download Process Monitor, refer to the references section below:

References

URLs
*Microsoft Support lifecycle website
Windows Sysinternals

Cross-site scripting message in notification bar

Very common message. I’ve been seeing this for a while. Pops up at the bottom of the Internet Explorer window. In the notification bar.

image

image

The hyperlink (URL) that I had opened to trigger the above message is the following:

http://electronics.howstuffworks.com/gadgets/other-gadgets/10-gadgets-that-will-make-dads-day.htm

I’m pretty sure that http://www.howstuffworks.com or http://howstuffworks.com (without the www.) was added to the Trusted Sites zone but fairly certain that http://electronics.howstuffworks.com is not.

I tried adding the following URL to the Trusted Sites zone in Internet Explorer 10.

http://electronics.howstuffworks.com

imageTools, Internet Options, Security tab, Trusted Sites, Sites, Add button

In my case, the address http://electronics.howstuffworks.com is pre-populated (already there) in the Add this website to the zone box. So I just had to click the Add button and the Close button in the lower right of the Trusted Sites dialog box.

image

Then OK:

image

image
Result
Same message

Internet Explorer has modified this page to help prevent cross-site scripting.


If you’re in a corporate, locked down environment, the only thing you can do at this point is modify the Internet Explorer settings. But many organizations do control or govern their systems, including Windows and its native web browsing application, Internet Explorer. The best thing I can offer to any end-user (information worker) having this message is to simply click on the x on the right of the message bar at the bottom of Internet Explorer.

Search

Bing

internet explorer 9 messages at bottom

Answer

Internet Explorer 9 Notification bar: frequently asked questions

Can I ignore notifications?

Yes. The bar might be displayed until you navigate to a new webpage or click the Close button. For notifications involving security or privacy, Internet Explorer automatically takes the most secure action, and allows you to take less secure actions if you’re confident they won’t put your computer or information in danger.

Solution

image

Click the x to ignore the message and close the notification bar. The bar should [I think] also simply close itself if you do nothing, within like 5-10 seconds.

Forum

Microsoft Answers

How do I prevent Internet Explorer from modifying pages for cross-site scripting? Under the security tab for IE8 there is a new Scripting Section for XSS Filter, Disable it and the issue goes away.

 

I don’t ever touch this setting unless there’s some business justification or an RFP (request for proposal) outlining why it’s feasible to disable that setting. However, if you’re not at work and just in the context of a home computer, not used for business, then I’d suggest do it only if you understand what it does.

For more on the [Cross Site Scripting] XSS Filter, read the following articles:

More Information


MSDN Library

Event 1046 – Cross-Site Scripting Filter

Administrators


Windows Help

Cross-site scripting filter

Information workers, home, and end-users

High disk activity suspected in Music app playback skipping

image
Resource Monitor

The song I was just listening to started skipping and I don’t know exactly why. Just that the only thing in Resource Monitor that I could find is a spike like the ones above. Particularly the second highest spike in disk activity.

If it’s disk activity then it would be either:

  • Samsung hard drive
  • External Maxtor USB drive

I always suspect the external to be the bottleneck based on previous experiences with performance lags on Windows 8.

Prescription

Close all apps. If that doesn’t work, try logging off [Windows] by going to Start and clicking on your name on the upper right, then click Sign out:

Press the Start key on the keyboard, swipe from the right [if you’re on a tablet], or

image

Click Sign out to log off your user account. This will terminate the current user session and start you off with a clean slate in terms of what Windows loads from the user profile when you login. It saves a reboot and thus less wear and tear on moving parts like hard disks if you don’t have a solid state drive (SSD).

  • Close apps
  • Log off
  • Reboot
  • Shut down

If I really want to go the extra mile I’ll disconnect the drive and test. But it probably won’t get to that. The drive, I believe, is USB 2.0. Will need to verify that later.

Root Cause

image

Ran into the issue again today and noticed the song is still downloading. I’m not sure if the song yesterday was having the same problem.

image

Receive/Transmit appears fine for a 10MB Ethernet connection. The bottleneck is in the cross connect cable from the computer’s NIC to the DSL Actiontec modem

WWAHost.exe is the process I check under the Overview tab in Resource Monitor.

image

When I check that I’ll also get another process in the Network tab that I’ll check called BackgroundTransferHost.exe.

image

Don’t think it’s a network issue on my end since regular internet is working and the TCP Connections and Network counters appear normal (above). It’s either with the ISP and/or XBOX in the cloud.

The only thing I could see Windows developers do to remedy situations like this would be to better buffer the packets as they come down. But in this case it’s just easier to play another song and wait for the song to download. In this case, I waited until the download box disappeared. Then it played fine without skipping.

Solution

Wait for song to download. You can play another song in the meantime. Once the download box disappears go back to the song exhibiting the problem earlier and play.