Running as a Windows service

Note: This documentation covers PingPlotter v5 and higher only. If you're using an older version, see the documentation that came with that version or upgrade to the latest version.

PingPlotter v5 can be installed as a Windows service - which allows the program to start running as soon as a machine is booted up, and continue running (even if a user logs out). This is a great option if we have a few targets that need to be monitored continuously, without interruption.

This option can be selected on installation (or if you've already installed - you can run the installer again and choose the option to "Modify"):

Once the installation is finished, the PingPlotter service will automatically start running. To access the service instance, we just need to launch PingPlotter, which will automatically connect to the service instance. If a new trace tab is opened, in the lower right hand corner of the program we'll see a status bar reading "Engine: local service" - letting us know that we're accessing the service instance of PingPlotter. If running as an application, this status bar will show "Engine: built-in."

Benefits and Disadvantages

Running as a service in PingPlotter 5 is mostly upside. Good things:

  • Data collection happens in the background, starting at boot. Logging out doesn't stop tracing.
  • Some actions with security implications don't need to be configured - web server, Raw socket ICMP packet types being great examples.
  • Super-easy, everything just works.


  • Not many, but the security implications have a negative, too. Some alerts, like "launch an executable", could be used for evil when running as a service.
  • Communication uses TCP port 9636, with no option to change (currently).