Can WinPcap be used to capture network traffic per process?

views:

584

answers:

+1 Q:

Can WinPcap be used to capture network traffic per process?

On Windows I am loading a DLL and running it. The DLL performs a lot of network activities. Now I need to monitor which url and hosts the DLL connects to. I think using a packet sniffer might be a good option. Can WinPcap be used to capture traffic from a single process? I can't find any such option in the docs.

If that can’t be done using WinPcap, is there any other library or solution beside it that can capture data from a single selected process only?

+1 A:

I doubt it. WinPcap is a windows version of libpcap on unix. And libpcap can't do it.

You could try a two-step process: find the local ports used by the application and filter on that. I don't know how to find that on Windows.

Thomas 2009-07-08 09:18:53

It's simple: 1) tasklist /FO CSV | find "filename.exe" - the second value is the PID.2) netstat -nao | find "PID" - this will give you a list of connections and listening ports for the specified PID.

CyberShadow 2009-07-08 10:32:30