Among the various types of operations Process Monitor traces, TCP/UDP activity is often overlooked. If you want to examine packets, Process Monitor is not going to do it for you. But it can sometimes present some important clues to a problem and point you in the right direction.
In the case here, our user was not able to get our in-house chat program to go online. You can usually force this by selecting the “List” button, but after several seconds of “Loading…” it would go back to offline. In hopes of finding something revealing, I opened Process Monitor from our lab and set a filter for the executable of the chat program. There were only a dozen operations but the ones that stood out were the last 5 UDP Send operations.
Read the rest of this entry »