How to know the captured package belong to which process?

Home Forums Discussions Support How to know the captured package belong to which process?

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • February 13, 2009 at 5:51 am #5263
    mike
    Participant

      hi I am fresh to network program… does anyone know how to know the captured package belong to which process running on the system ? i mean we know the destination/source IP address and port, but how do we know which program send out these package or wait for these package? anyone got idea? thanks.

      February 17, 2009 at 7:34 am #6771
      Vadim Smirnov
      Keymaster

        You can use IP helper API to query current active connections table and match your packet against this table using IP address and port information you have. Since Windows XP connections table contains process ID. Another way is using LSP or TDI filter driver.

        February 19, 2009 at 1:13 pm #6772
        mike
        Participant

          Thanks for your reply! I downloaded the “Local Network Monitor API” and installed it on my system, i tried compiled and run the C# code Monitor to monitor the iexplore.exe ‘s data and always got below error:-
          Unhandled Exception: System.OverflowException: Value was either too large or too small for an Int32.
          and I found that it’s code 

          ip = System.Convert.ToInt32(LogInfo.m_RemoteAddress.m_Ip);

          seems that the captured package is not the correct LOG_INFO structure data. any idea why this happen?

          And does the Local Network Monitor API got the ability of modify the buff before the data is sent to user application and sent to NIC ? thanks.

        • Author
          Posts
        Viewing 3 posts - 1 through 3 (of 3 total)
        • You must be logged in to reply to this topic.