Port to PID map

Home Forums Discussions General Port to PID map

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • April 22, 2008 at 12:07 pm #5187
    Hajoe
    Participant

      Hello,
      i tried to map a given TCP Local Port on a Win2K machine to a process ID by IOCTL_TCP_QUERY_INFORMATION_EX
      This works, but i only get established connections. I need the PID if only the sync packet was sended. Any ideas to solve this problem?

      April 22, 2008 at 12:19 pm #6584
      Vadim Smirnov
      Keymaster

        TDI filter, LSP, AFD filter are the most common options.

        April 22, 2008 at 12:23 pm #6585
        Hajoe
        Participant

          >> TDI filter, LSP, AFD filter are the most common options.
          Thanks, do you have any links (sourcecode) for me?
          What’s about your WinpkFilter – Framework?
          I just saw your Local Network Monitor API, that seems to be the right stuff?

          April 22, 2008 at 2:52 pm #6586
          Vadim Smirnov
          Keymaster

            What’s about your WinpkFilter – Framework?

            WinpkFilter operates at the NDIS level and can’t associate packet with PID without any additional information.

            I just saw your Local Network Monitor API, that seems to be the right stuff?

            You are right, Local Network Monitor API can be used for this.

          • Author
            Posts
          Viewing 4 posts - 1 through 4 (of 4 total)
          • You must be logged in to reply to this topic.