Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TCPView


  • Please log in to reply
4 replies to this topic

#1 brainlock

brainlock

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:03 AM

Posted 29 June 2010 - 03:19 AM

Hi there, I read here often but haven't posted before. I have been using TCPView to get a feel for the connections my computer makes but I don't understand a couple of things that are going on with it, can someone here give me the quick scoop? (I tried sysinternals but find that site *really* hard to understand.)

My question is, what are "system processes"? I notice I often have system processes connecting to various places, such as lately, paypal. I rarely ever use paypal and don't know why my computer would be connecting to it? is it perhaps something to do with a site I am on at the time? (but, if so, why is it "system process" and not "firefox" that is connecting?) or maybe paypal shares a server with something else? I don't think my computer is infected but I'm just curious what is going on and trying to learn. (I have Avira and Malwarebytes and scan often.) I tried ending one of these connections once and it shut down my computer.

TCPView tutorials are hard to come by and I'd like to understand more what it is telling me!
Thx!

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,750 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:03 AM

Posted 30 June 2010 - 08:44 AM

"[System Process]:0" is the "System Idle Process". The SYSTEM process is displayed in TCPView as SYSTEM:4.

Sysinternals Forum > Post #2: TCPView System Process

System Idle process is used for measuring how much idle time the CPU is having at any particular time (100% minus the sum of all tasks CPU usage). It accounts for processor time when the system is not processing other threads and will display how much CPU resources, as a percentage are 'idle' and available for use. One instance of this process operates per CPU, and runs to occupy the processor when other threads are not running. System Idle process also issues HLT commands which put unused parts of the CPU into a suspend mode, thereby cooling the processor. Normally this process should take up at least 90%+ of processor time on average (this is the value in the CPU column). In non-technical terms, this figure represents how much CPU time has not been requested by anything else on your system.

System is a process in NT "kernel mode" that contains most of the system threads and handles various basic system functions. When Windows loads, the Windows kernel starts and runs in kernel mode to set up paging and virtual memory. It then creates some system processes and allows them to run in "user mode" but restricts their access to critical areas of the operation system. The User mode processes must request use of the kernel by means of a system call in order to perform privileged operations on their behalf. Kernel mode has full access to system resources and controls scheduling, thread prioritization, interrupt handlers, memory management and the interaction with hardware. The system process cannot be terminated. For more detailed information, refer to:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Romeo29

Romeo29

    Learning To Bleep


  • Members
  • 3,194 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:127.0.0.1
  • Local time:09:03 AM

Posted 30 June 2010 - 03:51 PM

My 2 cents :

System:4 It is the NT kernel providing NetBIOS and MS Directory services. NetBIOS is used for connections over LAN. MS DS is used for file sharing over SMB port.

System Process:0 When an application (like Firefox) makes connection to a server over the internet and suddenly exits, then the connections to those addresses are active but the process is closed. So TCP View shows them under the [System Process:0] until the connections are closed.

#4 brainlock

brainlock
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:03 AM

Posted 01 July 2010 - 03:28 PM

Oh, ok, that makes sense! Thanks much for the reply!

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,750 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:03 AM

Posted 01 July 2010 - 04:43 PM

You're welcome on behalf of the Bleeping Computer community.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users