On Sep 1, 2004, at 9:17 AM, Gianluca Varenni wrote:
From: "Marcin Zaj�czkowski" <[EMAIL PROTECTED]> Sent: Sunday, August 22, 2004 11:34 AM
Hi,
I want to ask is it possible to determinate using WinPcap which application on local machine sent/received captured packet?
No, winpcap is not able to understand this.
I know that tcpview (www.sysinternals.com) is able to display such info,
What it appears to do is enumerate TCP and UDP sockets on the machine on which it's run, and show the process on that machine that owns the socket, so it doesn't even give that information on a per-packet basis - it gives it on a per-*socket* basis.
WinPcap could give you the raw packet data, and if some WinPcap application could *also* get the information that TCPView gets, that application could try to figure out whether a given IP packet would have been sent on or delivered to a particular socket, figure out the process to which that socket belongs, and get the process's executable image name, but I don't know how TCPView gets that information (the Sysinternals people say that the "netstatp" sample program to which they supply source *doesn't* show process names).
================================================================= This is the WinPcap users list. It is archived at http://www.mail-archive.com/[EMAIL PROTECTED]/
To unsubscribe use mailto: [EMAIL PROTECTED] =================================================================
