[C#]Get the process a packet was sent by

Home Forums Discussions Support Portal [C#]Get the process a packet was sent by

Tagged: , , ,

This topic contains 1 reply, has 2 voices, and was last updated by  Vadim Smirnov 1 year, 9 months ago.

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
  • #9643


    Is there a way to get the process that sent the intercepted packet?
    (I use some code from C# PassThru example)


    Vadim Smirnov

    Normally I’d use IP Helper API for this purpose. For the TCP protocol it can be done with the following steps:
    1) Use GetExtendedTcpTable and GetOwnerModuleFromTcpEntry to build the mapping from the local (IP address, TCP port) to process executable.
    2) Extract IP and port information from the packet and use the mapping built on previous step to look up the process executable.
    3) Update the mapping periodically or when you can’t lookup process for the certain packet.

    For the UDP just use GetExtendedUdpTable and GetOwnerModuleFromUdpEntry instead.

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.