I send it again, because I didn't get it from mailing list first time.
Dnia 2004-09-06 18:50, UÅytkownik Terry Braun napisaÅ:
I have been looking around for a way to match packets to processes as well. For Windows XP there is the IP Helper API which uses TcpEx (EX for extended) and UdpEx functions that can get process id and socket pairs. With this and some decoding of packets one can then look at the protocol and port and determine which process sent or received the frame. For Win2k I have not been able to find the equivalent functionality. I tried an application (the one that is from http://www.codeproject.com/csharp/iphlpapi.asp- see the original message) that uses IP Helper API. On WinXP it works fine but the extended calls do not work on Win2k- they produce amessage about "DLL entry point not found."
Have you tried TcpView on w2k? Did you have process names? netstatp uses "Extended API" and in code there is clearly said that this work only with XP or highier, but maybe it's poor version of tcpview?
I did find one email message somewhere that said that TcpView used SNMP on Win2k but I have not been able to verify that. One bit of information that supports this theory is the the fact that the IP Helper API uses "MIB_" in the naming scheme and SNMP uses mibs so maybe. A list of SNMP mibs supported under win2k is available but I have not walked through the list to see if the information needed is available. MIB list is at- http://www.microsoft.com/resources/documentation/windows/2000/server/reskit/en-us/tcpip/part4/tcpappg.mspx
I don't know SNMP (and I haven't used it). Do you know any *newsgroup* (usenet) - I don't want to receive hundreds messages from mailing list - about programming in Windows when this question could be asked?
Update:
I've found that group: microsoft.public.win32.programmer.networks and in the meantime I've found something interesting about processes in w2k:
http://tinyurl.com/6qvz3 and some discussion aobut it: http://tinyurl.com/5jrje (long links: http://msdn.microsoft.com/newsgroups/default.aspx?dg=microsoft.public.win32.programmer.networks&tid=5088dc18-8f3f-4efc-b5bc-644802042760&cat=en-us-msdn-networking-networking&lang=en&cr=US&sloc=en-us&m=1&p=1 http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&selm=vpkjdugmm8faj0a0mfdt7kcsrcelguc7f1%404ax.com&rnum=1 )
I can't check it, bacause I haven't actually installed VS (and I haven't TDI headers to compile it in Dev-C++). What is more, as I read this program works only on w2k and I have WinXP.
Regards Marcin
================================================================== This is the WinPcap users list. It is archived at http://www.mail-archive.com/[EMAIL PROTECTED]/
To unsubscribe use mailto: [EMAIL PROTECTED]
==================================================================
