Sysinternals
Advanced system utilities to manage, troubleshoot, and diagnose Windows and Linux systems and applications.
ProcMon.exe: Explanation of Path field when looking at Network Activity.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(32, 9%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJE%3C/text%3E%3C/svg%3E)
John Ed
76
Reputation points
I am attempting to correlate the data collected by ProMon.exe and Wireshark regarding network activity of a process. When looking at only the Network Activity the Path field has data, in part, such as:
TCP Send [My hostname]:49753 -> 2001:558:fc18:0:f816:3eff:fe4c:b8be:imaps
TCP Receive [My Hostname]:49753 -> 2001:558:fc18:0:f816:3eff:fe4c:b8be:imaps
For the TCP Receive event, shouldn't the IPv6 address be displayed first as the sender of the data? The event data for the UDP Send and UDP Receive seem to be displayed that way.
Sysinternals
Sign in to answer