Version 5 Manual

Running as a service

Note: This documentation covers PingPlotter v5 and higher only. If you're using an older version, see the documentation that came with that version or upgrade to the latest version.

PingPlotter v5 can be installed as a  service - which allows the program to start running as soon as a machine is booted up, and continue running (even if a user logs out). This is a great option if we have a few targets that need to be monitored continuously, without interruption.

For Windows

This option can be selected on installation (or if you've already installed - you can run the installer again and choose the option to "Modify"):

Once the installation is finished, the PingPlotter service will automatically start running. To access the service instance, we just need to launch PingPlotter, which will automatically connect to the service instance. If a new trace tab is opened, in the lower right hand corner of the program we'll see a status bar reading "Engine: local service" - letting us know that we're accessing the service instance of PingPlotter. If running as an application, this status bar will show "Engine: built-in."

For Mac

The option to install PingPlotter for Mac as a service can be found after the application has been installed and launched (via the "PingPlotter" -> "Background Mode" -> "Install Service" option):

Once the option to install the service is selected, PingPlotter will complete the installation and restart itself. Once it's back up and running, the service status can be viewed (along with options to restart or reinstall the service) via the same menu option:

Benefits and Disadvantages

Running as a service in PingPlotter 5 is mostly upside. Good things:

  • Data collection happens in the background, starting at boot. Logging out doesn't stop tracing.
  • Some actions with security implications don't need to be configured - web server, Raw socket ICMP packet types being great examples.
  • Super-easy, everything just works.


  • Not many, but the security implications have a negative, too. Some alerts, like "launch an executable", could be used for evil when running as a service.
  • Communication uses TCP port 9636, with no option to change (currently).