Home Library Learn Samples Downloads Support Community Forums
Microsoft Developer Network >
XPerf Network trace report?

Unanswered XPerf Network trace report?

  • Friday, October 12, 2012 5:06 PM
     
     
    Sign In to Vote
    0
    Is there a way to get a network trace report just like we get cpudisk or hardfault reports? I need to associate the network data with the process ids like the other reports do without having to manually parse the csv file.
     

All Replies

  • Wednesday, November 07, 2012 4:42 PM
     
     
    Sign In to Vote
    0
    There is a +Network provider group. Have you tried that? 

    Mark Morowczynski |PFE-Platforms |http://blogs.technet.com/b/askpfeplat |http://blogs.technet.com/b/markmoro

     
  • Wednesday, November 07, 2012 5:21 PM
     
     
    Sign In to Vote
    0
    Yes I've tried that but that doesn't give me a report. I need to easily be able to see network traffic on a per process level. Just like how the Hard faults and disk usage shows disk usage on a per process level.
     
  • Wednesday, November 07, 2012 5:32 PM
     
     
    Sign In to Vote
    0
    I don't think there is a current way to do that how you want. Have you tried to open the .ETL trace in Network Monitor. That I think has some info but you probably will have to figure it out manually. Are you trying to troubleshoot something or just want to know general network traffic just for fun?

    Mark Morowczynski |PFE-Platforms |http://blogs.technet.com/b/askpfeplat |http://blogs.technet.com/b/markmoro

     
  • Wednesday, May 08, 2013 8:31 PM
     
     
    Sign In to Vote
    0

    Nope this isn't for fun. I'm trying to monitor PC activity and this is one of the components that could potentially identify rogue processes related to network traffic.

    I'm just manually parsing the CSV file for now. But one other thing I just noticed is the following.

    1. If I run xcopy fileA.iso to \\remoteserver\folder

    2. The network activity is showing under the svchost.exe -k LocalService process, where it should in reality show under the System Process, whose ID is 4

    TcpSend,   13952677,        "svchost" (3848),           112,  010.004.038.231,              445, 010.006.140.044,            1200
    TcpRecv,   13952679,        "svchost" (3848),           104,  010.004.038.231,              445, 010.006.140.044,            1200

    3. This looks like a bug with XPerf, as it is not correlating network activity to the correct process. I even tried killing the svchost process above and even though I kill the process 3848 above, a newly started xperf trace STILL shows it associated to it even though it's been killed. The process name shows up as Unknown now though.

    TcpSend,   13952677,        "Unknown" (3848),           112,  010.004.038.231,              445, 010.006.140.044,            1200
    TcpRecv,   13952679,        "Unknown" (3848),           104,  010.004.038.231,              445, 010.006.140.044,            1200


    Any ideas or workarounds to get this fixed? This issue happens on Windows XP SP3. The network activity shows fine on Windows 7 (i.e. under System process instead of svchost process)
    • Edited by Mikey123456 Wednesday, May 08, 2013 8:47 PM
    •  
     
  • Wednesday, May 08, 2013 10:39 PM
     
     
    Sign In to Vote
    0

    Looks like this is a generic Windows Trace Log bug. Even if I create a new Trace under the perfmon "Trace Logs" section, the incorrect process id still shows up. I filtered to only trace "Network TCP/IP".

    Do you guys know if there is a fix for incorrect processid association for tcp/ip traces?

     
© 2013 Microsoft. All rights reserved.