Copyright © 2000 Mark Russinovich | |
Last Updated May
23, 2000 v1.0 |
|
Introduction | TDImon is an application
that lets you monitor TCP and UDP activity on your local system. It is the most
powerful tool available for tracking down network-related configuration
problems and analyzing application network usage. TDImon gets its name from the fact that it monitors activity at the Transport Driver Interface (TDI) level of networking operations in the operating system kernel. This is the interface to protocol stacks such as TCP and UDP. Thus, the I/O activity shown by TDImon corresponds to TDI-formatted commands. Most TDI commands have direct correspondence with WinSock (the Windows socket API) functions, and thus are easy to interpret. For documentation on TDI and the commands shown in TDImon, please see the Windows 2000 DDK, available for free download from Microsoft's web site. TDImon works on NT 4.0, Windows 2000 (Win2K), Windows 95 and Windows 98. |
Sample Screen Shot | This is a screenshot of TDImon watching an Internet browser session. |
Installation and Use |
On Windows NT and Windows 2000, simply execute the TDImon program file (tdimon.exe) and TDImon will immediately start capturing TCP/IP activity. Note that if you run TDImon on Windows NT/2000 TDImon.exe must be located on a non-network drive and you must have administrative privilege. On Windows NT and Windows 2000 TDImon will only show remote addressed for endpoints opened after it has started. However, if you purchase and install TCPView Pro from Winternals Software, the TDImon driver, which is shared between TCPView Pro and TDImon, is installed at boot time so that you see all remote addresses. On Windows 95 and Windows 98 TDImon must install its driver and requires a reboot to activate. To uninstall the TDImon driver, use the File|Uninstall menu entry. As events are printed to the output, they are tagged with a sequence number. If your system generates TCP/IP activity faster than TDImon is capable of collecting and displaying, gaps in the sequence numbers may result. All TDI operations are asynchronous in nature, and if an operation finishes after other operations are initiated, the sequence number of the completion is shown in the Result column in the form "Status Code-Completion Sequence #". For example, if an operation begins at sequence number 1, and another operation (tagged with sequence 2) initiates and completes before the first operation's completion, the first operation will show "SUCCESS-3" in its Result column. Menus, hot-keys, or toolbar buttons can be used to clear the window, save the monitored data to a file, search output, and change the window font. Each time you exit TDImon it remembers the position of the window, the widths of the output columns, the font selection, configured filters, and the time-stamp mode. Note: Filtering and highlighting are enable only if you have the full (retail) version of TCPView Pro installed on your system. See below for information on ordering TCPView Pro. |
If you want a more user-friendly view of TCP and UDP activity, including automatic DNS name resolution, a static view showing existing endpoints, and more, please see TCPView Pro, available through Winternals Software. | |
Related Utilities | Here are some other monitoring
tools available at Systems Internals:
|
In order to help us
track its use, please download through the link that represents the operating
system on |
|