Process Monitor

https://en.wikipedia.org/wiki/Process_Monitor

Process Monitor is a free tool from Windows Sysinternals, part of the Microsoft TechNet website.

The tool monitors and displays in real-time all file system activity on a Microsoft Windows operating system.

It combines two older tools, FileMon and RegMon and is used in system administration, computer forensics, and application debugging.

 

Process Monitor monitors and records all actions attempted against the Microsoft Windows Registry.

Process Monitor can be used to detect failed attempts to read and write registry keys.

It also allows for filtering on specific keys, processes, process IDs, and values.

In addition it shows how applications use files and DLLs, detects some critical errors in system files and more.

 

https://docs.microsoft.com/en-us/sysinternals/downloads/procmon

根据pid过滤进程

 

Tools查看网络状态，NetworkSummary

双击其中某一行，可以查看，这一行所对应的所有记录

 

 

同时Resource Monitor也可以查看某个exe的tcp连接

 

按钮说明

保存按钮右边，是capture的功能。然后是AutoScroll和Clear