question

SteveValliere-8275 avatar image
0 Votes"
SteveValliere-8275 asked ·

TCPView only counting 1/2 the traffic?

I have two programs in the same computer using TCP to exchange data. My TCPView is v3.05, downloaded and installed today on my Win 10 Pro system.

The server side is listening on port 16406 and the client connected from port 53629 (this time) and I can see both connections in TCPView just fine.

When I suspend one program in the VS2019 debugger, TCPView shows the OTHER program as still sending data (keep alives) and the program suspended at a debugger breakpoint as receiving exactly the same amount of data. All good so far.

But when I resume the suspended program, TCPView is now showing the debugged program as both sending and receiving data, as expected. HOWEVER... TCPView is showing that the other program is neither sending nor receiving ANY data! This is incorrect as I can see the data being displayed in the program's window.

How can this be?

windows-10-network
10 |1000 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

SunnyQi-MSFT avatar image
0 Votes"
SunnyQi-MSFT answered ·

Hi,

Thanks for posting in Q&A platform.

First, I would suggest you could run the following command in Command Prompt to see if the connection has been established between server and client:

netstat -a

If the TCPView cannot capture the traffic between server and client after resume the suspended program, I would suggest you could use Network Monitor to capture corresponded traffic to see if the issue is more related to program itself or related to TCPView tool. And normally, in order to monitor and collect network trace, we prefer to use this tool.

For more details regarding of how to download and use the Network Monitor tool, please refer to the following link.

Collect data using Network Monitor


Best Regards,
Sunny

If the Answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

· 4 ·
10 |1000 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

SteveValliere-8275 avatar image SteveValliere-8275 ·

I started with netstat during my first few debugging sessions, but since the output with -b is formatted so horribly, I switched to TCPView because it is clear, shows the same (and more) information and is dynamic. If MSFT doesn't think it is reliable, that should REALLY be mentioned in the program's write-up, don't you think?

I went to the network monitor page (dated 12/06/2018) and a note there immediately tells me network monitor has been retired and redirects me to the Microsoft Message Analyzer (dated 10/26/2016). The MMA page informed me that all downloads for the MMA tool had been removed in 2019 and no replacement is in development.

Someone should REALLY review these pages before suggesting customers try to follow this kind of convoluted logic: A page from 2018 says, "I'm retired, use this other thing from 2016 that, oh by the way, has also been retired and all access to its code has been removed. Have a nice day."

More in a second post...

0 Votes 0 ·
SteveValliere-8275 avatar image SteveValliere-8275 SteveValliere-8275 ·

All that said, I was able to download, install and run (as Administrator) Network Monitor, only to discover that it appears to be incapable of capturing the very traffic I described! Please review the FIRST LINE of my original post: "I have two programs in the same computer..." and then tell me if there is a special option that allows Network Monitor to capture internal/loopback traffic within a single computer.

My programs (A & B) are using an IP address that is assigned to a physical ethernet port, but it appears that since both are running in the same physical computer, Network Monitor (along with WireShark) cannot capture this data.

(one more to follow...)

0 Votes 0 ·
SteveValliere-8275 avatar image SteveValliere-8275 SteveValliere-8275 ·

Also, I ran a second test after my OP and noticed that when A is actively requesting data from B, TCPView shows the traffic from both ends. When A stops transmitting, TCPView shows both the SEND AND RECEIVE counts for B continuing to increase! But B only responds to queries from A!

I have set breakpoints in B, along with OutputDebugString() calls to tell me every time the program performs actions using the TCP socket handle to A and they DO NOT APPEAR when TCPView is showing B's send/recv counts increasing when A's are not.

So, unless the socket library is doing something with my connection, somehow "talking to itself," without my knowledge, TCPView seems to have an issue.

Then again, perhaps TCPView shouldn't be able to show any counts, since this connection is entirely internal to the computer. If so, then TCPView seems to have an issue.

Thanks for your interest!

0 Votes 0 ·
Show more comments