Process Monitor (procmon) does not show some UDP / TCP network activity events, shown in Network Monitor

Question

I observe sometimes a difference between Process Monitor and Network Monitor. Process Monitor does not show some UDP / TCP network events.

Here is an example:

net use * \\test12345.domain.local\test

shows in Netmon as:

Enter image description here

shows in Process Monitor:

Enter image description here

Why is the NetBIOS nameservice (:137) communication is missing in Process Monitor?

(I've tested it on several virtual and physical Windows PCs, like Windows Server 2008 R2, Windows 7, and Windows Server 2008.)

score 3 · Accepted Answer · answered Dec 23 '14 at 23:02

3

System is deactivated by the default filter (exclude system events). Delete the filter and these events will show up.

answered Dec 23 '14 at 23:02

Justin Dearing

score 1 · Answer 2 · edited Dec 09 '18 at 07:15

1

Shot in the dark: Use psexec to run Process Monitor as localsystem.

edited Dec 09 '18 at 07:15

Peter Mortensen

answered Dec 23 '14 at 22:47

Justin Dearing

2 Answers2