----- Original Message ----- From: "Marcin ZajÄczkowski" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Sunday, September 05, 2004 10:32 AM Subject: Re: [WinPcap-users] Determinate which application sent packet
> Dnia 2004-09-01 20:06, UÅytkownik Guy Harris napisaÅ: > > On Sep 1, 2004, at 9:17 AM, Gianluca Varenni wrote: > >> From: "Marcin ZajÂczkowski" <[EMAIL PROTECTED]> > >>> I want to ask is it possible to determinate using WinPcap which > >>> application on local machine sent/received captured packet? > >> > >> No, winpcap is not able to understand this. > >> > >> I know that tcpview (www.sysinternals.com) is able to display such info, > > > > What it appears to do is enumerate TCP and UDP sockets on the machine on > > which it's run, and show the process on that machine that owns the > > socket, so it doesn't even give that information on a per-packet basis - > > it gives it on a per-*socket* basis. > > > > WinPcap could give you the raw packet data, and if some WinPcap > > application could *also* get the information that TCPView gets, that > > application could try to figure out whether a given IP packet would have > > been sent on or delivered to a particular socket, figure out the process > > to which that socket belongs, and get the process's executable image > > name, but I don't know how TCPView gets that information (the > > Sysinternals people say that the "netstatp" sample program to which they > > supply source *doesn't* show process names). > > Thanks for answers. > I've looked into this source and indeed process names aren't showed. But > it gave me used function names (especially pCreateToolhelp32Snapshot and > AllocateAndGetTcpExTableFromStack). With this I found interesting ???. > http://www.codeproject.com/internet/enetstatasp.asp?df=100&forumid=26194&exp =0&select=792017 > http://www.codeproject.com/csharp/iphlpapi.asp?target=netstat > http://msdn.microsoft.com/library/default.asp?url=/library/en-us/perfmon/bas e/process32first.asp > This allow me to modify netstatp sources and I can see process names. > > I think Winpcap allows to get source and destination port and address, > so with this I could count transferred data to display each connection > speed. Am I right? > Unfortunately I'm going to write soft which allow me to display transfer > rate of specific process (aplication) and with ability to limit every > connection to pointed speed like: > NetLimiter - http://www.netlimiter.com/ > NetPeeker - http://www.net-peeker.com/ > > I'm afraid that to do this I have to write my own driver (NDIS or TDI). > Maybe watching abilities could be done by Winpcap and to control I could > use my driver? But I'm not sure is it sense to spread this functions. > Maybe You can recommend some good sites with tutorials about network > drivers and the way to exchange information between them and user level > applications to present informations? > > Regards > Marcin > I'm very interested in this kind of function. I've written some code which uses winpcap and an ndis driver to dyanmically markup qos bits on a stream. However, we could also use functionality similar to what you describe. What I'm unclear on is what technique should be used to limit bandwidth for a particular application, as netlimiter and net-peeker do. You can't throw away packets for UDP because those will be lost. Or maybe you can for multi-media apps, since a given packet doesn't make much difference. For TCP apps, you could also play with window sizes and so forth. It doesn't seem trivial - do you have some ideas? Regards, Mark Doanghue KanjiSoft Systems > ================================================================== > This is the WinPcap users list. It is archived at > http://www.mail-archive.com/[EMAIL PROTECTED]/ > > To unsubscribe use > mailto: [EMAIL PROTECTED] > ================================================================== > ================================================================== This is the WinPcap users list. It is archived at http://www.mail-archive.com/[EMAIL PROTECTED]/ To unsubscribe use mailto: [EMAIL PROTECTED] ==================================================================
