How do i monitor network traffic on Windows from the command line

Question

How do i monitor network traffic on Windows from the command line; specifically the download/upload speeds and amount of data uploaded/downloaded ? Is there a script /batch for doing that ?

Answer 1

I'm updating the answer for a more complete an accurate one, using netsh command, and some string operations to avoid Windows 32bits integer overflow.

Remember you need to run netsh interface ip show subinterfaces and check what is the line of your network adapter. The following batch file uses the 4th string line, that's the 1st adapter listed.

It checks the speed every 10 seconds. If your upload or download speed is up to 100 MBytes per seconds, you need to repeat the loop more often (for example every 1 second).

It creates a .csv file too. Remove that last line if you don't need it.

The batch file:

@ECHO off
SETLOCAL ENABLEDELAYEDEXPANSION

set TAB=    
echo Timestamp%TAB%Down bytes%TAB%Up bytes%TAB%Down speed%TAB%Up speed

:looptask

:: Store console command result
SET count=1
::FOR /F "tokens=* USEBACKQ" %%F IN (`netstat -e`) DO (
FOR /F "tokens=* USEBACKQ" %%F IN (`netsh interface ip show subinterfaces`) DO (
  SET string!count!=%%F
  SET /a count=!count!+1
)

:: *** Change string number to the line with your interface data ***
set line=%string4%
:: For ME, bytes transfered line is string3 using netstat and string4 using netsh

:: Get rid of the whitespaces 
:loopreplace
if defined line (
  set "new=!line:  = !"
  if "!new!" neq "!line!" (
    set "line=!new!"
    goto :loopreplace
  )
)
if defined line if "!line:~0,1!" equ " " set "line=!line:~1!"
if defined line if "!line:~-1!" equ " " set "line=!line:~0,-1!"

:: Extracting bytes downloaded and uploaded
::FOR /F "tokens=2,3 delims= " %%A IN ("%line%") DO (
FOR /F "tokens=3,4 delims= " %%A IN ("%line%") DO (
  set dbytes=%%~A
  set ubytes=%%~B
)

:: Midnight epoch
for /F "usebackq tokens=1,2 delims==" %%i in (`wmic os get LocalDateTime /VALUE 2^>NUL`) do if '.%%i.'=='.LocalDateTime.' set ldt=%%j
set time=%ldt:~8,2%:%ldt:~10,2%:%ldt:~12,2%
FOR /F "tokens=* delims=0" %%A IN ("%ldt:~8,2%") DO SET /A hs=%%A+0
FOR /F "tokens=* delims=0" %%A IN ("%ldt:~10,2%") DO SET /A min=%%A+0
FOR /F "tokens=* delims=0" %%A IN ("%ldt:~12,2%") DO SET /A sec=%%A+0
set /a epoch=%hs%*3600+%min%*60+%sec%

:: Calc initial transfer
if not defined LOOPCOMPLETE (
    echo %time%%TAB%%dbytes%%TAB%%ubytes%%TAB%0.00 KB/s%TAB%0.00 KB/s
    goto :skip
)
:: Read .CSV file last line values
for /f %%i in ('find /v /c "" ^< bwlog.csv') do set /a lines=%%i
set /a lastLine=%lines% - 1
SET count=1
FOR /F "tokens=* USEBACKQ" %%F IN (`more /e +%lastLine% bwlog.csv`) DO (
  SET string!count!=%%F
  SET /a count=!count!+1
)
FOR /F "tokens=1,2,3 delims=," %%A IN ("%string1%") DO (
  set lasttime=%%~A
  set lastdown=%%~B
  set lastup=%%~C
)
if %epoch% == %lasttime% (  
    goto :skip
)

:: 2,147,483,647 is the maximum value of a integer you can use, so only keep  9 characters
set /a lastup=%lastup: =%
set /a ddif=%dbytes:~-9% - %lastdown:~-9%
set /a udif=%ubytes:~-9% - %lastup:~-9%

:: Calc bandwidth
set /a dspeed=(ddif)/(epoch-lasttime)/10
set ddec=%dspeed:~-2%
set /a dspeed=(ddif)/(epoch-lasttime)/1000
set /a uspeed=(udif)/(epoch-lasttime)/10
set udec=%uspeed:~-2%
set /a uspeed=(udif)/(epoch-lasttime)/1000
echo %time%%TAB%%dbytes%%TAB%%ubytes%%TAB%%dspeed%.%ddec% KB/s%TAB%%uspeed%.%udec% KB/s

:skip

:: Append the .CSV file 
echo %epoch%,%dbytes%,%ubytes% >> "bwlog.csv"

:: Do every 10 seconds
set LOOPCOMPLETE=1
timeout /t 10 /nobreak >nul
goto :looptask

ENDLOCAL

Keep in touch if you need a fix.

---

Previous solution using a batch file, with some limitations:

I wanted to give you an easier solution, then I used my previous answer to code a fresh windows batch script that iterates every 10 seconds. It monitors download and upload bandwidth/speed in console and logs ammount of bytes transferred in a .csv file.

@ECHO off
SETLOCAL ENABLEDELAYEDEXPANSION

set TAB=    
echo Timestamp%TAB%Down bytes%TAB%Up bytes%TAB%Down speed%TAB%Up speed

:: Store console command result
:looptask
SET count=1
FOR /F "tokens=* USEBACKQ" %%F IN (`netstat -e`) DO (
  SET string!count!=%%F
  SET /a count=!count!+1
)
:: Bytes transfered line is string3

:: Get rid of the whitespaces 
:loopreplace
if defined string3 (
  set "new=!string3:  = !"
  if "!new!" neq "!string3!" (
    set "string3=!new!"
    goto :loopreplace
  )
)
if defined string3 if "!string3:~0,1!" equ " " set "string3=!string3:~1!"
if defined string3 if "!string3:~-1!" equ " " set "string3=!string3:~0,-1!"

:: Extracting bytes downloaded and uploaded
set line=%string3:~6%
FOR /F "tokens=1,2 delims= " %%A IN ("%line%") DO (
  set dbytes=%%~A
  set ubytes=%%~B
)

:: Midnight epoch
for /F "usebackq tokens=1,2 delims==" %%i in (`wmic os get LocalDateTime /VALUE 2^>NUL`) do if '.%%i.'=='.LocalDateTime.' set ldt=%%j
set time=%ldt:~8,2%:%ldt:~10,2%:%ldt:~12,2%
FOR /F "tokens=* delims=0" %%A IN ("%ldt:~8,2%") DO SET /A hs=%%A+0
FOR /F "tokens=* delims=0" %%A IN ("%ldt:~10,2%") DO SET /A min=%%A+0
FOR /F "tokens=* delims=0" %%A IN ("%ldt:~12,2%") DO SET /A sec=%%A+0
set /a epoch=%hs%*3600+%min%*60+%sec%

:: Calc speeds
if not defined LOOPCOMPLETE (
    echo %time%%TAB%%dbytes%%TAB%%ubytes%%TAB%0.00 KB/s%TAB%0.00 KB/s
    goto :skip
)
:: Read .CSV file last line values
for /f %%i in ('find /v /c "" ^< bwlog.csv') do set /a lines=%%i
set /a lastLine=%lines% - 1
SET count=1
FOR /F "tokens=* USEBACKQ" %%F IN (`more /e +%lastLine% bwlog.csv`) DO (
  SET string!count!=%%F
  SET /a count=!count!+1
)
FOR /F "tokens=1,2,3 delims=," %%A IN ("%string1%") DO (
  set lasttime=%%~A
  set lastdown=%%~B
  set lastup=%%~C
)
if %epoch% == %lasttime% (  
    goto :skip
)
set /a dspeed=(dbytes-lastdown)/(epoch-lasttime)/10
set ddec=%dspeed:~-2%
set /a dspeed=(dbytes-lastdown)/(epoch-lasttime)/1000
set /a uspeed=(ubytes-lastup)/(epoch-lasttime)/10
set udec=%dspeed:~-2%
set /a uspeed=(ubytes-lastup)/(epoch-lasttime)/1000
echo %time%%TAB%%dbytes%%TAB%%ubytes%%TAB%%dspeed%.%ddec% KB/s%TAB%%uspeed%.%udec% KB/s
:skip

:: Append the .CSV file 
echo %epoch%,%dbytes%,%ubytes% >> "bwlog.csv"

:: Do every 10 seconds
set LOOPCOMPLETE=1
timeout /t 10 /nobreak >nul
goto :looptask

ENDLOCAL

PS: Windows limitations are the counter resets every 4GBytes transferred and at midnight.

---

Old solution using task scheduller and XAMPP:

I had to monitor and log the amount of data downloaded as your case, and found it faster to run a script with the Windows task scheduller than looking for a free software that dump the usual graphics info into a file. Perhaps my homemade script works for you.

I started a local Apache/PHP server using XAMPP for Windows and run this script from command line. For example:

"C:\xampp\php\php.exe -f C:\xampp\htdocs\bwlog.php"

The bwlog.php script uses @phep answer suggested windows command netstat -e. You can create the script file with the notepad, and the code is:

<?php
//Task to schedule "C:\xampp\php\php.exe -f C:\xampp\htdocs\bwlog.php"
//Store console command result
$netstat=shell_exec("netstat -e");
//Start of the bytes transfered line
$line=substr($netstat,strpos($netstat,"Bytes"));    
//End of the line
$line=substr($line,0,strpos($line,"\n"));   
//Get rid of the whitespaces 
$bytes=preg_replace('/\s+/', ' ',$line);    
//Extracting only bytes downloaded
$bytes=substr($bytes,$start=strpos($bytes,' ')+1,strrpos($bytes,' ')-$start);
//Append the .CSV file  
file_put_contents('C:\xampp\htdocs\bwlog.csv',PHP_EOL.time().', '.$bytes,FILE_APPEND);
?>

Then I processed the the .csv in a spreadsheet software to calc the download speed (bandwidth) using the difference between 2 bytes values over the difference between the 2 matching time values (bytes/seconds).

Feel free to ask a fix to log the uploaded bytes. Wish it be useful.

Answer 2

While tshark is really powerful if you want to have fine grained statistics (according to hosts, protocols, ...), it has the main drawback to gather statistics during the time period it is running. As such, it is only good at reporting "instant" statistics but not to report poll traffic at regular points in time to have a view of how your network traffic changes along the day, week, ...

Moreover, as tshark makes packets capturing, there is some overhead.

So, according to your needs, you might be interested in the MS Windows net or netstat commands (netstat has option to report statistics by protocol). 'net statistics [Server|workstation]' or 'netstat [-e|-s]' are, as far as network traffic statistics are concerned, the MS Windows equivalents of Linux 'ifconfig' (or 'cat /proc/net/dev' if you prefer).

Note that, as ifconfig do, net or netstat only report amount of data since the interface has been brought up.

In order to obtain traffic rates, you've got to timestamp your calls to those commands and do the computation yourself.

AFAIK, both commands are shipped with all recent MS Windows versions.