I was wondering if there is a tool that can identify which service/application is using network adapter.

Thing is, I am getting allot of network traffic in "idle" mode. All I know is that it is coming from my PC and is sent somewhere on the internet.
As "idle" mode, I mean enabled LAN and no applications running, at least to my knowledge.

My PC is connected to the internet via LAN trough the aDSL modem. (Router, I think)
Firewall is on. There are no suspicious programs allowed in the firewall settings and there are no obvious trojans/spyware active. Windows update is set to notify me of (not download) new updates. There are no 3rd party update services running. Each software that I'm using is set not to check for updates. At least, I think so.

Yet, the internet traffic is still there. I can see it as the LAN tray icon keeps blinking. I have a tool that connects to my ISP to check on the internet traffic used. That is how I know that the traffic is with internet and not LAN (there is another PC hooked to the aDSL modem).

So, a tool that identifies the application that is making the traffic would help me allot.

10 Years
Discussion Span
Last Post by DimaYasny

Yes I do, but the traffic occurs when none of them are active. And I keep them all from automatically starting with windows.

The closest I got to figuring out what is causing it was by shutting down processes in task manager. I got listed about 6 svchost.exe and one of them is doing it. As I understand svchost, it is a general service hosting program, part of Windows OS. I just ran TASKLIST /SVC in command prompt and I got this list of hosted services by svchost:

6to4, AudioSrv, BITS, Browser, CryptSvc, Dhcp, dmserver, EventSystem, HidServ, LanmanServer, LanmanWorkstation, Messenger, Netman, Nla, RasMan, RemoteAccess, Schedule, SENS, SharedAccess, ShellHWDetection, TapiSrv, Themes, TrkWks, W32Time, winmgmt, wscsvc, wuauserv, DcomLaunch, TermService, RpcSs, Dnscache, Alerter, SSDPSRV, WebClient, stisvc

I need something that will tell me which one of them is making the traffic. I hope one of you guys can point out the tool that does just that. Googleing around I mostly found tools that monitor traffic and not much else.


I've tried downloading ethereal as you suggested, but somehow ended up downloading wireshark. I think that is the same thing, only different name. Anyway I can see destination IP adresses for each packet. Thanks.


nmap is pretty good

It checks for open ports. Check its legal in your country though, in some places its considered a hacker tool


You could try installing Online Armor firewall which shows programs and their connection. More than just a firewall; has HIPS and Program Guard.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.