0

I'm trying to chase down how many sockets are being opened per a specific processes per a specific UDP port over time. Is there a perfmon counter to track this in Windows 2008 -> 2012R2?

IE: Snmp agent appears to be spinning up a lot of requests to dest port 161 and not closing them after it's done. I want to see the rate of this happening, if it's a slow leak or a very quick exponential leak.

If not possible via perfmon - let me know if there's anything else I could try using

Philip
  • 101

1 Answers1

0

You should install wireshark on your server and use tshark to save the traffic in pcap files with a rotating rule.

For example : you will capture during 1 hour and create some pcap files with a size of 1 Mo

tshark -i <interface> -a duration:3600 -b filesize:1000

Moreover, you can use procmon os the SysInternalSuite and save the activity of your process snmp.

Sorcha
  • 1,325
  • 8
  • 11