Menu
How can I get a process send/receive bytes? the preferred way is doing it with C#.
I've searched this a lot and I didn't find any simple solution for this. Some solutions suggested to install the WinPCap on the machine and to work with this lib.
Like this guy asked: Need "Processes with Network Activity" functionality in managed code - Like resmon.exe does it I don't want the overhead of the lib.
Is there a simple solution for this? Actually I want the exactly data that the Resource Monitor of Windows gives under the "Processes with Network Activity" tab:
How does the Resource Monitor of Windows gets this information? Any example?
Also, tried to use the counter method which is mentioned over here: Missing network sent/received but with no success - as not every process is shown under this counter. And again I'm wondering how the Resource Monitor gets this information even without using this counter...
515
netstat --inet -ap will show you what processes are using the internet and what host/port each process is using. If you want IP addresses and not hostnames, use -n . ( --inet shows only internet sockets, -a shows both listening and connection sockets, -p shows process name/ID information).
Resource monitor uses ETW - thankfully, Microsoft have created a nice nuget .net wrapper to make it easier to use.
I wrote something like this recently to report back my process's network IO:
using System; using System.Diagnostics; using System.Threading.Tasks; using Microsoft.Diagnostics.Tracing.Parsers; using Microsoft.Diagnostics.Tracing.Session; namespace ProcessMonitoring { public sealed class NetworkPerformanceReporter : IDisposable { private DateTime m_EtwStartTime; private TraceEventSession m_EtwSession; private readonly Counters m_Counters = new Counters(); private class Counters { public long Received; public long Sent; } private NetworkPerformanceReporter() { } public static NetworkPerformanceReporter Create() { var networkPerformancePresenter = new NetworkPerformanceReporter(); networkPerformancePresenter.Initialise(); return networkPerformancePresenter; } private void Initialise() { // Note that the ETW class blocks processing messages, so should be run on a different thread if you want the application to remain responsive. Task.Run(() => StartEtwSession()); } private void StartEtwSession() { try { var processId = Process.GetCurrentProcess().Id; ResetCounters(); using (m_EtwSession = new TraceEventSession("MyKernelAndClrEventsSession")) { m_EtwSession.EnableKernelProvider(KernelTraceEventParser.Keywords.NetworkTCPIP); m_EtwSession.Source.Kernel.TcpIpRecv += data => { if (data.ProcessID == processId) { lock (m_Counters) { m_Counters.Received += data.size; } } }; m_EtwSession.Source.Kernel.TcpIpSend += data => { if (data.ProcessID == processId) { lock (m_Counters) { m_Counters.Sent += data.size; } } }; m_EtwSession.Source.Process(); } } catch { ResetCounters(); // Stop reporting figures // Probably should log the exception } } public NetworkPerformanceData GetNetworkPerformanceData() { var timeDifferenceInSeconds = (DateTime.Now - m_EtwStartTime).TotalSeconds; NetworkPerformanceData networkData; lock (m_Counters) { networkData = new NetworkPerformanceData { BytesReceived = Convert.ToInt64(m_Counters.Received / timeDifferenceInSeconds), BytesSent = Convert.ToInt64(m_Counters.Sent / timeDifferenceInSeconds) }; } // Reset the counters to get a fresh reading for next time this is called. ResetCounters(); return networkData; } private void ResetCounters() { lock (m_Counters) { m_Counters.Sent = 0; m_Counters.Received = 0; } m_EtwStartTime = DateTime.Now; } public void Dispose() { m_EtwSession?.Dispose(); } } public sealed class NetworkPerformanceData { public long BytesReceived { get; set; } public long BytesSent { get; set; } } } If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
