Reputation: 3495
How can I enumerate sockets on a given windows process?
I need my program to check if a given Windows process is abusing the network. I would like to enumerate the process tcp and udp sockets, and see how much data they transferred during a given period.
Is there a C or .Net API that can provide such info?
Upvotes: 1
Views: 2873
Answers (2)
Reputation: 595377
On Win2k, you can use GetTcpTable(), GetTcp6Table(), GetUdpTable(), and GetUdp6Table() to locate all of the active socket connections. But to match them to specific process IDs, you would have to manually enumerate the system's open handles looking for TCP/UDP handles, and then query the process information from them.
On XP, you can use AllocateAndGetTcpExTableFromStack() and AllocateAndGetUdpExTableFromStack(), which can return process IDs with each socket connection.
On XP SP2 and later, you can use GetExtendedTcpTable() and GetExtendedUdpTable(), which can return process IDs with each socket connection as well.
Upvotes: 1
Reputation: 916
You might look at WinPcap. http://www.winpcap.org/
A C#.net version is available in SharpPcap. http://www.tamirgal.com/blog/page/SharpPcap.aspx
Upvotes: 0
Related Questions
- How to find a list of sockets held by a process in windows?
- Windows command line program that lists open sockets of certain process
- WIndows API for enumerating bound but unconnected sockets
- how to get list of opened sockets from some process?
- Enumerate all open connections
- Enumerate open ports in same process
- How do i find the Physical Socket ID / number a process is running on?
- Get a number of open sockets in C#?
- How to detect opened sockets in Windows?
- How to enumerate bound UDP / TCP sockets on Windows in C