Class Activity – Identify Running Processes

Objectives
In this lab, you will use TCP/UDP Endpoint Viewer, a tool in Sysinternals Suite, to identify any
running processes on your computer.

Background / Scenario
In this lab, you will explore processes. Processes are programs or applications in execution. You will explore
the processes using Process Explorer in the Windows Sysinternals Suite. You will also start and observe a
new process.

Required Resources
• 1 Windows PC with Internet access

Step 1: Download Windows Sysinternals Suite.

a. Navigate to the following link to download Windows Sysinternals
Suite: https://technet.microsoft.com/en-us/sysinternals/bb842062.aspx
b. After the download is completed, right+click the zip file, and choose Extract All…, to extract the files from
the folder. Choose the default name and destination in the Downloads folder and click Extract.
c. Exit the web browser.

Step 2: Start TCP/UDP Endpoint Viewer.

a. Navigate to the SysinternalsSuite folder with all the extracted files.

Cisco and/or its affiliates. All rights reserved. Cisco Confidential Page 1 of 3 www.netacad.com
Class Activity – Identify Running Processes

b. Open Tcpview.exe. Accept the Process Explorer License Agreement when prompted. Click Yes to
allow this app to make changes to your device.

c. Exit the File Explorer and close all the currently running applications.

Step 3: Explore the running processes.

a. TCPView lists the process that are currently on your Windows PC. At this time, only Windows processes
are running.

b. Double-click lsass.exe.
What is lsass.exe? In what folder is it located?
local security authority process
____________________________________________________________________________________
c. Close the properties window for lsass.exe when done.
d. View the properties for the other running processes.
Note: Not all processes can be queried for properties information.

Cisco and/or its affiliates. All rights reserved. Cisco Confidential Page 2 of 3 www.netacad.com
Class Activity – Identify Running Processes

Step 4: Explore a user-started process.

a. Open a web browser, such as Microsoft Edge.
What did you observe in the TCPView window?
____________________________________________________________________________________

b. Close the web browser.

What did you observe in the TCPView window?

The browser processes terminates abruptly

____________________________________________________________________________________

c. Reopen the web browser. Research some of the processes listed in TCPView. Record your findings.

When the browser reopened, the TCPview displays the processes and its associated IDs and parameters

Cisco and/or its affiliates. All rights reserved. Cisco Confidential Page 3 of 3 www.netacad.com