How to know how much data(Bytes) Win10 Cliet receive on TCP Protocol.

JUN NAKA 61 Reputation points
2020-10-06T04:14:34.193+00:00

Good afternoon,

It is for the first time to ask questions on this web site.

Now I'm testing our System Behavior between Fat Windows Client and AWS EC2 Windows Server.
To Know and Estimate how much it is cost per Application, I have to check how much bytes the client receive per exe, per hour or at a certain interval time.

I'm searcing how to watch how much bytes the client receive, but I hasn't reachd best tools, way or solutions which doesn't require installing and any money cost.

How can I watch how much bytes the client receiving from AWS EC2 Server via TCP Protocol.


EC2 Server's OS: Windows Server 2016 Datacenter Ver,1607(OS Build 14393.3930)
Client's OS: Windows 10 LTSB Ver,1607(OS Build 14393.3930)

Any help is appreciated.

JUN NAKA in Kyoto, Japan

Windows 10
Windows 10
A Microsoft operating system that runs on personal computers and tablets.
10,230 questions
Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
11,750 questions
Windows 10 Network
Windows 10 Network
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Network: A group of devices that communicate either wirelessly or via a physical connection.
2,251 questions
{count} votes

Accepted answer
  1. TimCerling(ret) 1,156 Reputation points
    2020-10-08T14:25:26.46+00:00

    You can use the built-in perfmon utility to monitor network traffic. However, it does not track traffic by application. For that, as Candy states, you will need to obtain a third party product.

    See https://learn.microsoft.com/en-us/windows-server/networking/technologies/network-subsystem/net-sub-performance-counters for information on monitoring network traffic with perfmon.

    1 person found this answer helpful.
    0 comments No comments

2 additional answers

Sort by: Most helpful
  1. Candy Luo 12,646 Reputation points Microsoft Vendor
    2020-10-08T02:50:52.56+00:00

    Hi ,

    >>I'm searcing how to watch how much bytes the client receive, but I hasn't reachd best tools, way or solutions which doesn't require installing and any money cost.

    There is no build-in way could achieve you goal, you need to install some third-party tools like Wireshark to achieve your goal.

    Best Regards,

    Candy

    --------------------------------------------------------------

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

  2. Gary Nebbett 5,631 Reputation points
    2020-10-08T14:47:38.077+00:00

    Hello JUN NAKA,

    One option would be to use Event Tracing for Windows (ETW), in particular the Microsoft-Windows-TCPIP and Microsoft-Windows-Kernel-Process providers.

    The TcpConnectionSummary event contains the number of bytes sent/received and local/remote addresses:

    TCP: Connection 0xffffdd06051f5ba0 Summary: DataBytesOut 12829 DataBytesIn 8001 DataSegmentsOut 13 DataSegmentsIn 8 SegmentsOut 21 SegmentsIn 15 NonRecovDa
    0 NonRecovDaEpisodes 0 DupAcksIn 0 BytesRetrans 0 Timeouts 0 SpuriousRtoDetections 0 FastRetran 0 MaxSsthresh 2920 MaxSsCwnd 27230
    MaxCaCwnd 0 SndLimTransRwin 1 SndLimTimeRwin 0 SndLimBytesRwin 0 SndLimTransCwnd 0 SndLimTimeCwnd 0 SndLimBytesCwnd 0
    SndLimTransSnd 1 SndLimTimeSnd 0 SndLimBytesSnd 12833 ConnectionTimeMs 3568 Timestamps FALSE RttUs 247980 MinRtt 239835 MaxRtt 294658 SynRetrans 0 CongestionAlgorithm CUBIC
    State ClosedState Local 192.168.0.6:62492 Remote 52.114.32.6:443 CWnd 27230 SsThresh 4294967295 RcvWnd 66240 RcvBuf 66240 SndWnd 262656.

    The TcpTcbConnectComplete event, when correlated with the TCB value from the summary event (0xffffdd06051f5ba0) can identify the process ID and the ProcessStart event can be used to translate the process ID into an executable file name.

    Gary

    0 comments No comments