Getting Process ID of process that sent packet

Home Forums Discussions Support Getting Process ID of process that sent packet

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • December 4, 2014 at 9:10 pm #5415
    stsf
    Participant

      Hey guys, I was wondering – is it possible to get the process ID of the process that sent out the packet when we process the packet in user mode (similar to how we get the MAC address, IP’s, ports, etc )?

      I’m using the NdisApiWrapper in a C# project, and I can see that the NdisApiWrapper itself uses the Win32 API, which seems like the type of thing that would be used for that.

      Thanks in advance.

      December 17, 2014 at 8:43 am #7194
      Vadim Smirnov
      Keymaster

        You can use IP Helper API to retrieve current connections table and starting Windows XP this table also contains process ID. You can use IP/Port information from the packet to find the corresponding connection in that table and thus identify the process.

      • Author
        Posts
      Viewing 2 posts - 1 through 2 (of 2 total)
      • You must be logged in to reply to this topic.