G'day
all,
I'm currently
using packets captured by WinPCap to build a table of active TCP/IP connections.
This table currently looks like the one generated by netstat on the command
line.
What I need to do
is work out which Windows NT user has established each connection - more
precisely, the security context of the process that established each
connection.
Now I know that
the IP stack is probably well outside the realm of NT security, but does anyone
know if there is some way to put this information together?
Regards,
Gavin