Imagotype-NetworkDataPedia (1)_edited.pn

NetworkDataPedia © 2018-2020  |  Editorial Team   |   Privacy Policies  |  Contact Us          Website built by DYCMarketing 

Process Monitor: File Share Traffic

October 19, 2014

Continuing in our wander through the capabilities of procmon, this week we look at a Windows quirk that can cause confusion when analysing a trace.

 

 

I was investigating the intermittent slow loading of a PDF in a financial research management system.  I'd spent ages carefully planning and managing the capture of a network and process monitor trace, and at last I had an example of the problem.

 

I started to look through the procmon trace and ... hang on, where are the TCP entries?  I checked and rechecked the trace filters but I couldn't see what was wrong.

 

The explanation is quite simplewhen you know the answer. In this video we discover how to find SMB traffic in a procmon trace.

 

 

Here are links to the procmon and Wireshark traces, so that you can follow along with the video:

 

Why not also try matching the Wireshark trace entries to the procmon TCP entries using the information from the earlier blog?

 

Best regards...Paul

Share on Facebook
Share on Twitter
Please reload

Sponsored By:

Viavi

Display_LoveMyTool_170x400.png
Recent Posts

November 12, 2019

Please reload