Windows 10: display 30-days worth of network activity

Martin Brinkmann
Dec 25, 2015
Updated • Jul 5, 2017
Windows, Windows 10

Monitoring network activity can be a complicated, tedious process, but it is also essential in finding out which programs connect to the Internet, and how much data they upload or download in the process.

While you can use all sorts of programs for that, from the built-in Windows Firewall which reveals if a program requests Internet connection access over third-party solutions like the excellent NetBalancer, Networx or Free Process-Traffic Monitor to hardware-based solutions.

Microsoft built a solution right into its Windows 10 operating system that is good for a quick overview of what is going on as it reveals network activity for all apps and programs that ran on the computer in the past 30-days.

Network Activity History

Windows logs the information automatically even if users of the system don't make use of it. This means that you will get a full network activity history even if you never configured Windows 10 to provide you with those information or even opened the interface that highlights the information.

program network activity

Microsoft built the information into the task manager of the operating system. Here is what you need to do to list the network activity of apps and programs on Windows 10 machines:

  1. Use the shortcut Ctrl-Shift-Esc to open the Windows Task Manager.
  2. Select "More details" if you only see a list of programs but nothing else to switch to the detailed view.
  3. Switch to the App History tab in the window. You will notice that only apps are listed on the page by default.
  4. Select Options > Show history for all processes. Doing so adds legacy programs to the listing so that you get traffic information for all programs as well.

The page lists the following information for each program:

  • CPU Time.
  • Network utilization.
  • Metered network utilization.
  • Non-metered network utilization.
  • Tile updates (apps only)
  • Downloads.
  • Uploads.

Downloads, uploads and non-metered network are not displayed by default. You need to right-click on the header of the table to enable those options individually.

Network, as well as downloads or uploads are good indicators of a program's network activity. You can click on any column header to sort the list of programs using it.

This way you can sort programs by how much network traffic they have used, or by how much they have uploaded to the Internet.

The latter can reveal interesting privacy-related information, for instance if a program is listed as having uploaded data even though it does not really require an Internet connection to work.

You could then block certain programs from accessing the Internet, or even remove them from the system if suspicious behavior is recorded.

Closing Words

Windows 10's App History Task Manager page provides you with a quick -- but thorough -- overview of network activity of processes running on the system. It can also highlight processes that use the most cpu time for example, which can also be valuable information.

It may make sense to go through the listing from time to time to check up on processes to make sure they behave and don't communicate with the Internet.

You do need other software, network monitors like Wireshark to find out more about the data that is transferred by a listed process.

Windows 10: display 30-days worth of network activity
Article Name
Windows 10: display 30-days worth of network activity
Find out how to display the network activity of all programs running on Windows 10 machines for the past 30 days.
Ghacks Technology News

Tutorials & Tips

Previous Post: «
Next Post: «


  1. Rick said on December 26, 2015 at 7:19 am

    Good to know about this trick to show non-Metro apps. Previously, I thought you had to go into Settings (Data usage) to see this.

  2. REF said on December 26, 2015 at 2:09 am

    I got 3 months worth of home internet usage in the last 3 days! I blew through my bandwidth cap and I’m cringing just thinking of the ISP bill to come! What’s the problem and how can it be stopped? This is on a laptop with Windows 7 which was upgraded to Windows 10 a couple of months ago, yet it spent a couple of hours upgrading Windows 10 just a few days ago. Now, since that upgrade, another major bandwidth disaster! Following the above investigation on Task Manager shows Chromium consuming 130GB since Dec 21, 2015!!

  3. ben said on December 25, 2015 at 11:31 pm

    Any thoughts on using Wireshark to monitor unencyprted traffic of another IP?

    I’m developing a simple internet-of-things device, and for debugging, I’d like to use a laptop running Wireshark to monitor the IOT’s traffic.

    Unfortunately, I haven’t had much luck entering monitor mode with Wireshark and Acrylic (using Win8 or with live linux dvds (kali, nst22, ubuntu, reaverpro).. not sure if it’s a driver, hardware*, or installation issue. For example, I understand the version of the winpcap driver shipped with Wireshark (windows) doesn’t support monitor mode, so it’s necessary to use more tools (airmon-ng, etc):

    *I’ve tried a few usb wifi adapters that have different chipsets: Usb Netgear A6200 (Broadcom BCM43526), 6 Realtek based devices: RT3070/RT3072/RT3290/RT5370/RTL8187L/RTL8188cus

  4. RottenScoundrel said on December 25, 2015 at 8:25 pm

    I can’t see why ** I ** would need such data, but I sure can see how m$oft can make money out of such data.

    That’s just another of the “we are doing this for the customer, who doesn’t need it, but we sure like it,” that win10 is becoming infamous for. Make it sound a like a benefit to the customer, oh wait, I am NOT a customer I am only a lessee of the OS so I guess it really is their data.

    I am with d3x — above.

    1. BillR said on January 1, 2016 at 10:28 am

      As Martin pointed out, this is very useful security and debugging data. **I** am glad MS incorporated this simple access to the data. This is anything but nefarious for the overwhelming vast majority of users. As other have mentioned, the logs are easily cleared (once or regularly) or even blocked.

    2. Anonymous said on December 26, 2015 at 4:39 pm

      Windows 10, aka Windows Botnet

  5. chesscanoe said on December 25, 2015 at 2:57 pm

    Thanks for this tip, even though I can’t easily use it because I replaced Windows 10 Task Manager with Microsoft’s Process Explorer. However your reference to NetBalancer is super! The standalone application works great from .

  6. jaja said on December 25, 2015 at 1:34 pm

    Works also in Win 8.1.

  7. d3x said on December 25, 2015 at 9:26 am

    The question remains, how to disable this logging?

    1. Henk van Setten said on December 25, 2015 at 2:52 pm

      A crude but simple and effective way to stop nearly all Windows logging in one stroke is this: open the Windows Services screen (run services.msc) and find the entry “Windows Event Log”. Normally, in the Status column, this will be listed as “Running”.

      Once you’ve selected this Event Log service, click “Stop the service” in the top-left corner of the window. The logging will stop now, but it will recommence automatically again the next time you start Windows. Should you want to disable the logging service permanently, in the same Services window right-click on the Event Log service, open Properties, and in the “Startup type” dropdown list select “Disabled”. Now, no logging will ever happen again.

      Windows will run just as fine with the Event Log disabled. No major problems at all! However, depending from your situation, you might encounter a few minor problems. Like, when you want to use some analyzer program that needs Windows event logs to gather its data (example: some Nirsoft utilities will remain blank if your event logs are empty). Also, after a crash, you won’t be able to use your event logs to look for the possible cause of the crash. However, in normal life you really won’t miss the logging at all.

      If this solution is too drastic for you, then consider deleting all Windows events logs on a regular basis. You will still be building logs for one week or so, just in case you might need them, but then clear them out. The popular cleaning app CCleaner has an option to do just this: in the CCleaner window, in the left (Windows) column, under Advanced, tick “Event Logs”. Then every time you run CCleaner, it will delete the Windows event logs.

      1. Decent60 said on December 25, 2015 at 4:48 pm

        You can also create a .BAT file with the following information and then schedule it with elevated permissions to run however much you need/like it to run:

        @echo off

        wevtutil clear-log Application
        wevtutil clear-log Security
        wevtutil clear-log Setup
        wevtutil clear-log System


        This uses the builtin Wevtutil which is meant to work with command line to process log information. If you wish to backup before clearing it, you can just add /backup:backup.evtx at the end of each item you wish to backup.

      2. Gary D said on December 25, 2015 at 3:52 pm

        Thanks Henk for yet another User 101 simplified guide. I use CCleaner to do this. Easy and effective :-)

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.