If you’re on a slow or capped connection, keeping an eye on the downloads which might be happening at the background is essential. This post explains how to find which programs are currently accessing the internet or transferring data to and from a remote server, and at what speed. The much useful built-in tool, and probably not so prominent among end-users, Resource Monitor shows you the information you need.
Using Resource Monitor to Find Network/Internet Activity
Open Task Manager and click the Performance tab.
The real-time data transfer speeds are shown there, but we need to drill down the information further. So, click Open Resource Monitor link below, which launches resmon.exe. Here is how the Resource Monitor interface looks like:
Processes with Network Activity
The first section, "Processes with Network Activity" shows the Process name, Process ID, Send, Receive and Total (Bytes/sec) information. The Receive (B/sec) column shows you at what speed a process is downloading something.
To filter the results by process, click the check box for that process.
Except Svchost.exe, no other programs are accessing the internet right now. To get more information about a particular instance of svchost.exe (which can host multiple services), run the command tasklist /svc from Command Prompt. Or use Task Manager to view the Services Running each instance of Svchost.exe . Match the Process ID you see in the output and check the services running in that particular instance of Svchost. Most likely, it would be Windows Update (wuauserv) or Background Intelligent Transfer Service (BITS).
Quick Tip: To know what exactly is being downloaded, click the Disk tab and inspect the entries under Disk Activity. Alternately, you may use Process Monitor.
The next section shows additional information such as the Remote Address for every process that have established a remote connection. If the IP addresses are not resolved to domain name, you may do a IP lookup on the web to find out which company owns that IP address.
If a strange program is connecting to the internet, disconnect from the internet immediately, backup your stuff and run a thorough malware checkup.
Note: Just to clarify.. Greenshot.exe didn’t appear when I took the first screenshot; the process initiated a outgoing connection only later.
The third section shows the Local Address, Local Port, Remote Access, Remote Port, Packet Loss and Latency, by default. The Send/Receive bytes are not shown by default, as the above two sections display that information already. But if you need, you can these add additional columns by right-clicking the column header, click Select Columns and enable the Send, Receive and Total.
This is similar to the output you get when running "netstat -ao" from Command Prompt.
The last section shows the listening Ports by each process, waiting for an incoming connection.
To copy the information from any of these sections, select all entries and press CTRL + C. The listing is copied to the clipboard in tab separated format.
Windows Firewall with its default configuration, you have no control of outgoing connections to a remote server and background downloads, unless you configure appropriate outbound rules using Windows Firewall (with advanced security) snap-in. It once happened in my case after I installed Google Drive in my computer to verify a setting for someone, 3 GB+ data was consumed in an hour without me doing anything.
Later, I found what exactly consumed my bandwidth. It turned out that I had a copy of Windows 10 ISO in my Google Drive stored few months ago, and the Google Drive software downloaded (sync) it to my system automatically.
If your think some program is currently eating away your bandwidth disproportionately, use Resource Monitor to find it out.
That’s it! As a side note, Task Manager shows the bandwidth consumption on a per-app basis (only modern apps), in the App history tab. If it shows Photos app as the biggest consumer of bandwidth, then probably have enabled OneDrive option in Photos app settings.
That’s as much as the built-in tools can do, and it’s more than sufficient for end-users. If you need to do a much deeper analysis, take a look at WireShark.
Are you getting the "Folder/file in use" message when trying to delete a file or folder? Resource Monitor can find out which program is using a file currently. Check out How to Use Resource Monitor to Find Which Process Has Locked a Given File in Windows.