These circumstances what can be done using pcap? A packet sniffer could eventually figure out (via the port number) a process ID. It'd be extremely difficult to find out what's originated a certain call. Sadly a network sniffing tool works at the lowest level of the net stack, trying to catch everything, it's completely unaware of processes running on the OS.
Libpcap run on most Unix-like operating systems, there also a Windows version named Winpcap ( Windows Packet Capture). The Libpcap API is designed to be used from C and C++, however there are many wrappers that allow its use from languages like Perl, Python, Java, C#, Ruby. Libpcap is an open source library that provides a high level interface to network packet capture system. Once you have your capture by whatever means, you can then use NetMon to filter on the executable of your application to examine the network traffic generated by it during the period you were monitoring. There are other options, so you can see the manual using netsh trace /? To start a capture, and then: netsh trace stop If this is of interest, you can do: netsh trace start capture=yes traceFile=c:\tracefolder\tracename.etl You can capture directly from NetMon at the time you want to do it, or you can give yourself more flexibility with the netsh trace command by triggering it automatically. Putting that aside for one moment and focussing on the admin side of things (which is what you tend to get if you ask questions here), I would like to turn your attention to the netsh trace command and Microsoft Network Monitor (Netmon). Such introspection would probably require the use of ETW (Event Tracing for Windows), but again I can't be certain. If so, I think this may be a question better suited to StackOverflow since that is a developer community.
From your comments, I gather you are trying to capture the network traffic generated by the application you are developing from within the application itself.
0 kommentar(er)
