NetworkUsageView lists Windows network usage data
NetworkUsageView is a free portable program for Windows 8 and newer by Nirsoft that displays network usage data that is collected by the operating system.
The free program parses the information of the SRUDB.dat database file that is filled with network usage information on Windows 8 and Windows 10.
The database is located under c:\windows\system32\sru\SRUDB.dat. It is part of System Resource Usage Monitor (SRUM), a new feature that Microsoft introduced in Windows 8 as part of the Diagnostic Policy Service.
SRUM monitors apps, programs, services, and network connections, and maintains a database of the activity in the database file.
Tip: If you want to know more about SRUM, check out the the paper Forensic implications of System Resource Usage Monitor (SRUM) data in Windows 8.
NetworkUsageView
Windows collects network usage data every hour, and at shut down of the computer the operating system runs on. It writes information to the database file that includes among other information a timestamp, the application name and description, the user name the process ran under, the network adapter, and the bytes sent and received.
The Nirsoft program NetworkUsageView is a portable program that you can run from any location once you have downloaded and extracted its package.
The program does not require elevated privileges to run, and will parse the database file on start. This takes a second or two, maybe longer depending on the size of it and the number of records.
The data is listed in the usual Nirsoft way: as a table that you can sort with a click on one of the column headers. Handy to list activity of applications, or to analyze the activity during a time period.
You may save selected items -- or all -- as txt, csv, html or xml files to to the local system. There is also the option to create HTML reports, and use the built-in search functionality to filter the data based on what you enter; for instance by network adapter, application, or user name.
NetworkUsageView loads the SRUDB.dat file of the local system by default. You may use Options > Advanced Options to load the network usage data from another SRUDB.data file on the same computer, a connected storage device, or a remove computer.
Tip: You can delete the file SRUDB.da in the System32\sru\ folder directly. Windows will re-create the file when it starts to write new data to it. If you are worried about privacy, you may want to automate the deletion process. This can be done with CCleaner by opening Options > Include, and adding the file to the cleanup operation.
Disabling the Diagnostic Policy Service works, but it will prevent associated diagnostics for detection and troubleshooting for Windows components from running as well.
Verdict
NetworkUsageView is a handy portable program for Windows 8 and 10 that lists network usage stats of the local system or another computer. The program works well and does not require elevated rights to run. Another Nirsoft gem.
Moreover as a Windows 7 user, hence not concerned here, I knew nothing of SRUDB.dat and the Diagnostic Policy Service.
If disabling this the Diagnostic Policy Service may not be a good choice given disabling the service will “prevent associated diagnostics for detection and troubleshooting for Windows components from running as well” (typical Microsoft rhetoric which means “we collect data for your good”) and if the SRUDB.dat file is considered as another data collection source worth being deleted (I’d do it on a regular basis with CCleaner) I wonder if this SRUDB.dat, deleted and then created as a 0 byte file and set to read-only would do the trick : this sometimes works, i.e. I did it for two files here on Win7 after what I considered as the normal procedure had failed to disable them being fed : AutomaticDestinations and CustomDestinations, in c:\Users\[USER]\AppData\Roaming\Microsoft\Windows\Recent. Both 0 bytes read-only. Now they sleep without being waked up.
very good, monster tip
in fact you will see what is collected by microsoft but you can’t do a damn thing about that.
even if you delete SRUDB.dat it’s too late, data is gone