Hi, I am looking into how programs like tcpview manage to know how many bytes are sent and received by an individual process. I notice that the task manager in windows 10 also has this information in the form of Mb/s for individual application.

In my initial search I seen comments like "(x)app must/probably use ETW (event tracing for windows)" but they never explain how.

I'm not fussy whether a solution might be in C/++ or C#.

I'm hoping someone can point me in the right direction.

Thanks for reading.

Recommended Answers

All 3 Replies

Thanks, I'll have another read of that, from what I gathered when I read it before, it gives overall network interface details, and cannot determine from it where the data is coming from or going to.

So from it I could get the same information as windows 7 task manager on network tab.

I found some code on msdn to get me started, or at least see what it's doing to get a general idea. I won't post it here as it's quite long, but I can link to it.


Problem is, the code right off msdn fails at the first hurdle which is located about 50 or so lines down and can be identified as

wprintf(L"OpenTrace failed with %lu\n", GetLastError())

GetLastError() is 161 (invalid path name) my path is fine, in an accessible place and the code is running as adminstrator.

I could only really find one reference to the problem here https://social.msdn.microsoft.com/Forums/en-US/a1cc98d7-96d3-4887-875c-ab6c46873d32/opentrace-problem?forum=etw which unfortunately went unanswered.

To be honest I would expect example code on msdn to at least run.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, learning, and sharing knowledge.