Is there a way to get a network trace report just like we get cpudisk or hardfault reports? I need to associate the network data with the process ids like the other reports do without having to manually parse the csv file.

There is a +Network provider group. Have you tried that? 

Yes I've tried that but that doesn't give me a report. I need to easily be able to see network traffic on a per process level. Just like how the Hard faults and disk usage shows disk usage on a per process level.

I don't think there is a current way to do that how you want. Have you tried to open the .ETL trace in Network Monitor. That I think has some info but you probably will have to figure it out manually. Are you trying to troubleshoot something or just want to know general network traffic just for fun?

Nope this isn't for fun. I'm trying to monitor PC activity and this is one of the components that could potentially identify rogue processes related to network traffic.

I'm just manually parsing the CSV file for now. But one other thing I just noticed is the following.

1. If I run xcopy fileA.iso to \\remoteserver\folder

2. The network activity is showing under the svchost.exe -k LocalService process, where it should in reality show under the System Process, whose ID is 4

TcpSend,   13952677,        "svchost" (3848),           112,  010.004.038.231,              445, 010.006.140.044,            1200
TcpRecv,   13952679,        "svchost" (3848),           104,  010.004.038.231,              445, 010.006.140.044,            1200

3. This looks like a bug with XPerf, as it is not correlating network activity to the correct process. I even tried killing the svchost process above and even though I kill the process 3848 above, a newly started xperf trace STILL shows it associated to it even though it's been killed. The process name shows up as Unknown now though.

TcpSend,   13952677,        "Unknown" (3848),           112,  010.004.038.231,              445, 010.006.140.044,            1200
TcpRecv,   13952679,        "Unknown" (3848),           104,  010.004.038.231,              445, 010.006.140.044,            1200

Any ideas or workarounds to get this fixed? This issue happens on Windows XP SP3. The network activity shows fine on Windows 7 (i.e. under System process instead of svchost process)

Looks like this is a generic Windows Trace Log bug. Even if I create a new Trace under the perfmon "Trace Logs" section, the incorrect process id still shows up. I filtered to only trace "Network TCP/IP".

Do you guys know if there is a fix for incorrect processid association for tcp/ip traces?