On Jul 9, 2010, at 4:13 PM, Greg Hauptmann wrote:
> Any other ideas (noting Q1 answer) re how to monitor/track network usage on a
> per PC application/process basis then? Is it perhaps an unachievable thing?
To the extent that it's achievable, you'd probably end up doing it the same way
I suspect Network Monitor does. At least as I read the NetMon blog:
http://blogs.technet.com/b/netmon/archive/2008/09/17/network-monitor-3-2-has-arrived.aspx
they probably do it by looking up remote IP address/port/protocol information
in the OS's table of sockets to see what process, if any, has that socket:
PaulELong 7 Oct 2008 10:09 PM
NM3.2 will poll the current state of processes when it detects UDP or
TCP traffic that has not been associated. It's possible a process has
disappeared by the time we query the state.
We do some caching and the timing may be further tunable, but there may
be some situations where we miss the process because it is no longer around
when we query the state.
I'll have to play around with DNS in general, but I think there should
be some situations where it does capture DNS traffic to a process.
Paul
They might use the IP Helper API:
http://msdn.microsoft.com/en-us/library/aa366073(v=VS.85).aspx
to fetch the TCP and UDP connection tables:
http://msdn.microsoft.com/en-us/library/aa366344(v=VS.85).aspx
http://msdn.microsoft.com/en-us/library/aa366026(v=VS.85).aspx
http://msdn.microsoft.com/en-us/library/aa366033(v=VS.85).aspx
_______________________________________________
Winpcap-users mailing list
[email protected]
https://www.winpcap.org/mailman/listinfo/winpcap-users
