How to know the captured package belong to which process?

Home Forums Discussions Support Portal How to know the captured package belong to which process?

This topic contains 2 replies, has 2 voices, and was last updated by  mike 8 years ago.

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • #5263

    mike
    Participant

    hi I am fresh to network program… does anyone know how to know the captured package belong to which process running on the system ? i mean we know the destination/source IP address and port, but how do we know which program send out these package or wait for these package? anyone got idea? thanks.

    #6771

    Vadim Smirnov
    Moderator

    You can use IP helper API to query current active connections table and match your packet against this table using IP address and port information you have. Since Windows XP connections table contains process ID. Another way is using LSP or TDI filter driver.

    #6772

    mike
    Participant

    Thanks for your reply! I downloaded the “Local Network Monitor API” and installed it on my system, i tried compiled and run the C# code Monitor to monitor the iexplore.exe ‘s data and always got below error:-
    Unhandled Exception: System.OverflowException: Value was either too large or too small for an Int32.
    and I found that it’s code

    ip = System.Convert.ToInt32(LogInfo.m_RemoteAddress.m_Ip);

    seems that the captured package is not the correct LOG_INFO structure data. any idea why this happen?

    And does the Local Network Monitor API got the ability of modify the buff before the data is sent to user application and sent to NIC ? thanks.

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.