hi I am fresh to network program… does anyone know how to know the captured package belong to which process running on the system ? i mean we know the destination/source IP address and port, but how do we know which program send out these package or wait for these package? anyone got idea? thanks.
You can use IP helper API to query current active connections table and match your packet against this table using IP address and port information you have. Since Windows XP connections table contains process ID. Another way is using LSP or TDI filter driver.
Thanks for your reply! I downloaded the “Local Network Monitor API” and installed it on my system, i tried compiled and run the C# code Monitor to monitor the iexplore.exe ‘s data and always got below error:- Unhandled Exception: System.OverflowException: Value was either too large or too small for an Int32.
and I found that it’s code
ip = System.Convert.ToInt32(LogInfo.m_RemoteAddress.m_Ip);
seems that the captured package is not the correct LOG_INFO structure data. any idea why this happen?
And does the Local Network Monitor API got the ability of modify the buff before the data is sent to user application and sent to NIC ? thanks.