Prev: Want to set SBS 2008 as Master browser. Enable Network browsing
Next: remote desktop setup pppoe
From: Terry Pinnell on 22 Oct 2009 03:15
I'm cross-posting this widely as I'm unsure where the experts on this
sort of rather obscure question might be found.

I'm trying to discover the cause of intermittent high CPU activity by
explorer.exe. This seems to run at 2-6% when I'm not doing anything
significant. One tool I use to help me isolate this is Process Monitor
(ProcMon). Running it (filtered to show only explorer.exe processes,
there are of course many diff rent types of entry displayed in its
output after a few seconds. But one mixture that seems to crop up
frequently is as shown in this screenshot, with countless hundreds of
similar repetitions of these.

http://i154.photobucket.com/albums/s247/terrypin999/TCP-Activity.jpg

Can anyone tell me what these are please? Are they contributing
significantly to CPU usage and is there anything I can do to reduce
that?

I'd be happy to present any other information that might be helpful.

--
Terry, East Grinstead, UK
From: Jack [MVP-Networking] on 23 Oct 2009 17:41
Hi
As far as the TCP/IP stack is concerned, you can learn better about the
excessive traffic through it by using this Utility.
If there is No excessive traffic while idle, what ever you experience is
probably not directly related to the network.
http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx
Jack (MS, MVP-Networking).


"Terry Pinnell" <terrypinDELETE(a)THESEdial.pipex.com> wrote in message
news:9o00e5luv8vmssam3v65qb4prguvkpaomc(a)4ax.com...
> I'm cross-posting this widely as I'm unsure where the experts on this
> sort of rather obscure question might be found.
>
> I'm trying to discover the cause of intermittent high CPU activity by
> explorer.exe. This seems to run at 2-6% when I'm not doing anything
> significant. One tool I use to help me isolate this is Process Monitor
> (ProcMon). Running it (filtered to show only explorer.exe processes,
> there are of course many diff rent types of entry displayed in its
> output after a few seconds. But one mixture that seems to crop up
> frequently is as shown in this screenshot, with countless hundreds of
> similar repetitions of these.
>
> http://i154.photobucket.com/albums/s247/terrypin999/TCP-Activity.jpg
>
> Can anyone tell me what these are please? Are they contributing
> significantly to CPU usage and is there anything I can do to reduce
> that?
>
> I'd be happy to present any other information that might be helpful.
>
> --
> Terry, East Grinstead, UK

From: Terry Pinnell on 25 Oct 2009 13:07
"Jack [MVP-Networking]" <jack(a)discussiongroup.com> wrote:

>Hi
>As far as the TCP/IP stack is concerned, you can learn better about the
>excessive traffic through it by using this Utility.
>If there is No excessive traffic while idle, what ever you experience is
>probably not directly related to the network.
>http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx
>Jack (MS, MVP-Networking).

Thanks Jack, but I reckon that's way beyond my technical know-how
level! I've just run it while PC is virtually idle, but I don't have
much of a clue how to interpret its output.

The program's sparse Help just tells me:
"When you start TCPView it will enumerate all active TCP and UDP
endpoints, resolving all IP addresses to their domain name versions."
Means almost nothing to me I'm afraid.

My uninformed guess is that the output does *not* show excessive
activity. Does that look the case to you please?

(Firefox is running with about 40 tabs open, and my PPC is connected
so wcescomm and WCESMgr are running, but there's no significant
'internet activity' initiated by me.)

--------------------

[System Process]:0 TCP terry-intel:3143 xml.weather.com:http
TIME_WAIT
[System Process]:0 TCP terry-intel:3144 x.imwx.com:http TIME_WAIT
[System Process]:0 TCP terry-intel:3145 xml.weather.com:http
TIME_WAIT
[System Process]:0 TCP terry-intel:3146 x.imwx.com:http TIME_WAIT
agent.exe:1872 TCP terry-intel:3100 individual.net:nntp
ESTABLISHED
agent.exe:1872 TCP terry-intel:3101 individual.net:nntp
ESTABLISHED
agent.exe:1872 TCP terry-intel:3102 individual.net:nntp
ESTABLISHED
agent.exe:1872 TCP terry-intel:3104 individual.net:nntp
ESTABLISHED
alg.exe:2212 TCP TERRY-INTEL:1036 TERRY-INTEL:0 LISTENING
firefox.exe:6056 TCP TERRY-INTEL:1910 localhost:1911
ESTABLISHED
firefox.exe:6056 TCP TERRY-INTEL:1911 localhost:1910
ESTABLISHED
firefox.exe:6056 TCP TERRY-INTEL:1912 localhost:1913
ESTABLISHED
firefox.exe:6056 TCP TERRY-INTEL:1913 localhost:1912
ESTABLISHED
jqs.exe:428 TCP TERRY-INTEL:5152 TERRY-INTEL:0 LISTENING
jqs.exe:428 TCP TERRY-INTEL:5152 localhost:1914 CLOSE_WAIT
lsass.exe:792 UDP TERRY-INTEL:isakmp *:*
lsass.exe:792 UDP TERRY-INTEL:4500 *:*
MailWasher.exe:3996 UDP TERRY-INTEL:1042 *:*
rapimgr.exe:1908 TCP TERRY-INTEL:990 TERRY-INTEL:0 LISTENING
rapimgr.exe:1908 TCP TERRY-INTEL:990 localhost:3067
ESTABLISHED
rapimgr.exe:1908 TCP TERRY-INTEL:990 localhost:3065
ESTABLISHED
rapimgr.exe:1908 TCP TERRY-INTEL:990 localhost:3070
ESTABLISHED
rapimgr.exe:1908 TCP TERRY-INTEL:990 localhost:3069
ESTABLISHED
SAgent2.exe:264 UDP terry-intel:2051 *:*
svchost.exe:1080 TCP TERRY-INTEL:epmap TERRY-INTEL:0 LISTENING
svchost.exe:1228 UDP TERRY-INTEL:ntp *:*
svchost.exe:1228 UDP terry-intel:ntp *:*
svchost.exe:1384 UDP TERRY-INTEL:1900 *:*
svchost.exe:1384 UDP terry-intel:1900 *:*
System:4 TCP TERRY-INTEL:microsoft-ds TERRY-INTEL:0 LISTENING
System:4 TCP terry-intel:netbios-ssn TERRY-INTEL:0 LISTENING
System:4 UDP TERRY-INTEL:microsoft-ds *:*
System:4 UDP terry-intel:netbios-dgm *:*
System:4 UDP terry-intel:netbios-ns *:*
wcescomm.exe:1196 TCP TERRY-INTEL:1026 TERRY-INTEL:0 LISTENING
wcescomm.exe:1196 TCP TERRY-INTEL:5679 TERRY-INTEL:0 LISTENING
wcescomm.exe:1196 TCP TERRY-INTEL:7438 TERRY-INTEL:0 LISTENING
wcescomm.exe:1196 TCP TERRY-INTEL:3065 localhost:990 ESTABLISHED
wcescomm.exe:1196 TCP TERRY-INTEL:3066 localhost:7438
ESTABLISHED
wcescomm.exe:1196 TCP TERRY-INTEL:3067 localhost:990 ESTABLISHED
wcescomm.exe:1196 TCP TERRY-INTEL:3069 localhost:990 ESTABLISHED
wcescomm.exe:1196 TCP TERRY-INTEL:3070 localhost:990 ESTABLISHED
wcescomm.exe:1196 TCP TERRY-INTEL:3071 localhost:999 ESTABLISHED
wcescomm.exe:1196 TCP TERRY-INTEL:3072 localhost:5678
ESTABLISHED
wcescomm.exe:1196 TCP TERRY-INTEL:3073 localhost:5678
ESTABLISHED
wcescomm.exe:1196 TCP TERRY-INTEL:7438 localhost:3066
ESTABLISHED
WCESMgr.exe:4820 TCP TERRY-INTEL:26675 TERRY-INTEL:0 LISTENING
WCESMgr.exe:4820 TCP TERRY-INTEL:999 TERRY-INTEL:0 LISTENING
WCESMgr.exe:4820 TCP TERRY-INTEL:999 localhost:3071
ESTABLISHED
WCESMgr.exe:4820 TCP TERRY-INTEL:5678 localhost:3072
ESTABLISHED
WCESMgr.exe:4820 TCP TERRY-INTEL:5678 localhost:3073
ESTABLISHED

--
Terry, East Grinstead, UK
 | 
Pages: 1
Prev: Want to set SBS 2008 as Master browser. Enable Network browsing
Next: remote desktop setup pppoe