How to capture network traffic application wise using winpcap?

Question

I have to make a windows based application for which captures network traffic per application where some of running application uses same port number for sending and receiving the packets. I have used winpcap and successfully captured and filtered them port wise and destination wise but I dont know how to capture them application wise that means how to know application information from ip packets. Is only winpcap can solve the problem or some other api's or library shoud be used. Can we get the application information from which packet is generated from packet header?

 **

Can anyone give me example that uses iphlpapi and winpcap in vc++ for capturing network traffic per application.

**

Answer 1

I don't think this is possible with winpcap.

Take a look at Windows Filtering Platform. It's not advanced at all.If you look in the samples you can find one which does exactly what you want.

Answer 2

winpcap doesn't have a good way to tell what process is sending what data. But windows does. try using

netstat -a -o

netstat is a program that tells you what ports are being used on your terminal. -a switch says, "show me all the ports" -o switch says, "show me the pid of the processes using this port"

you can't see what port your processes are sending on, but you can see what ports are receving on for udp packets.

for tcp packets you'll see all the info you could want, includeing the remote connections ip address.