This is a summary of all the network-related events that have been captured. Fortunately, the dialog is resizable, so click and hold on the right border and drag it to the right to make the dialog wider to expose the “Path” column: Unfortunately, the default width of this dialog actually hides some interesting columns. On the Tools menu, click on Network Summary… Instead, Procmon also includes some summary analysis tools that make what we’ll do next fairly easy. This interface really is quite complex, because it assumes you know a little bit about how Windows works internally. Analyze Process Monitor resultsĪs I mentioned, Procmon includes a fairly powerful filtering interface which is on the Filter menu. Procmon discards its data when you exit, so there’s no problem at all running it multiple times experimenting with the timing or duration. In general, I start it when I know or suspect that a problem is happening, (like your unknown internet usage), and let Procmon collect until the problem has indeed happened and occurred long enough to have generated meaningful data.ĭepending on the problem you’re experiencing, this might take some experimentation. The simple rule of thumb is to collect data while the problem you’re experiencing is happening. That’s difficult to say just how much data should be collected by Process Monitor in order to be useful, because it really depends on the specific situation that you’re attempting to diagnose. When you’ve collected enough, type CTRL+E or click on the magnifying glass in the Procmon toolbar to stop data collection. Process Monitor actually includes some pre-set filters that prevent displaying events that aren’t typically helpful, such as all the events generated by procmon.exe itself. Note that it’s only showing a subset of the collected events. The numbers in the status bar at the bottom will continue to increase as Procmon counts the number of events being collected. In order for Procmon to monitor the things that it needs to, it must have full administrative access.Īs soon as Procmon begins to run, it starts collecting events: This should only happen once.Įach time you run Process Monitor, you’ll most likely get the User Account Control dialog: The first time you run it, you’ll need to agree to some license terms. Run Process Monitor by double-clicking on procmon.exe in whatever folder you placed it. Fortunately, it also has very powerful tools to make sense of it all. Second, Process Monitor allows us to examine and analyze the data that it’s collected in several different ways, using filters and summaries.Īs we’ll see, Process Monitor collects a lot of data.To do this we’ll run Procmon for “a while”, and then tell it to stop collecting. First, Process Monitor simply collects data, which it calls “events”.Place procmon.exe and procmon.chm (the help file) in a convenient folder. Save that to a folder of your choosing and then extract the. Process Monitor, or simply “Procmon”, downloads as a zip file. We’ll start by downloading and installing Process Monitor. I’ll walk you through how to set it up for this scenario. While it’s a little geeky, this extremely powerful tool can be used to diagnose many issues, and runs in all versions of Windows from XP to the most recent. I suspect it’ll be perfect for this problem. The technique I’ll describe uses a free tool called Process Monitor. With the amount of information now being stored and/or delivered over the internet, our connections are being stressed more than ever. Both of these problems are quite common, and it’s quite frustrating when they arise.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |