- This topic has 1 reply, 2 voices, and was last updated 7 years, 11 months ago by
.
Viewing 2 posts - 1 through 2 (of 2 total)
-
Posts
-
Hello folks,
I wanted to know whether we can get direct TCP socket in client application instead of IP packet?
Also, is there any way to get process metadata(process name, pid etc) using winpkfilter?
Thnaks
AviWinpkFilter works at the NDIS level, while socket is a high level abstraction, also for some packets (an example, routed packets) there can be no socket object at all.
Also, is there any way to get process metadata(process name, pid etc) using winpkfilter?
Yes, there is a way. You can use IP helper API to query active connections from the system and use protocol/IP/port information to match the packet against the connection and figure out the originating process.
Viewing 2 posts - 1 through 2 (of 2 total)
- You must be logged in to reply to this topic.