How to monitor traffic

  • Thread starter Thread starter Ratson Janiv
  • Start date Start date
R

Ratson Janiv

Hi,
I need to know how many bytes are send and recieved (seperated for TCP, UDP
and ICMP) ?

Any suggestions ?

Thanks,
Janiv Ratson.
 
What, like netstat?

C:\>netstat -?

Displays protocol statistics and current TCP/IP network connections.

NETSTAT [-a] [-e] [-n] [-o] [-s] [-p proto] [-r] [interval]

-a Displays all connections and listening ports.
-e Displays Ethernet statistics. This may be combined with
the -s
option.
-n Displays addresses and port numbers in numerical form.
-o Displays the owning process ID associated with each
connection.
-p proto Shows connections for the protocol specified by proto; proto
may be any of: TCP, UDP, TCPv6, or UDPv6. If used with
the -s
option to display per-protocol statistics, proto may be any
of:
IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, or UDPv6.
-r Displays the routing table.
-s Displays per-protocol statistics. By default, statistics
are
shown for IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, and
UDPv6;
the -p option may be used to specify a subset of the
default.
interval Redisplays selected statistics, pausing interval seconds
between each display. Press CTRL+C to stop redisplaying
statistics. If omitted, netstat will print the current
configuration information once.

Stewart.
 
10x, but I need to do it programmaticaly ..
Any other suggestions ?



Stewart Tansley said:
What, like netstat?

C:\>netstat -?

Displays protocol statistics and current TCP/IP network connections.

NETSTAT [-a] [-e] [-n] [-o] [-s] [-p proto] [-r] [interval]

-a Displays all connections and listening ports.
-e Displays Ethernet statistics. This may be combined with
the -s
option.
-n Displays addresses and port numbers in numerical form.
-o Displays the owning process ID associated with each
connection.
-p proto Shows connections for the protocol specified by proto; proto
may be any of: TCP, UDP, TCPv6, or UDPv6. If used with
the -s
option to display per-protocol statistics, proto may be any
of:
IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, or UDPv6.
-r Displays the routing table.
-s Displays per-protocol statistics. By default, statistics
are
shown for IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, and
UDPv6;
the -p option may be used to specify a subset of the
default.
interval Redisplays selected statistics, pausing interval seconds
between each display. Press CTRL+C to stop redisplaying
statistics. If omitted, netstat will print the current
configuration information once.

Stewart.
--
This posting is provided "AS IS" with no warranties, and confers no rights.
--
http://www.microsoft.com/ipv6
http://research.microsoft.com/collaboration/university


Ratson Janiv said:
Hi,
I need to know how many bytes are send and recieved (seperated for TCP, UDP
and ICMP) ?

Any suggestions ?

Thanks,
Janiv Ratson.
Click to expand...
Click to expand...
 
That's only possible in driver ( or IM as James Antognini and K_Lee answered
to you ) or you can use LSP but it's covered only winsock and not netbios
sessions
Arkady

Mr. J. said:
10x, but I need to do it programmaticaly ..
Any other suggestions ?



"Stewart Tansley [MSFT]" <[email protected]> wrote in message
What, like netstat?

C:\>netstat -?

Displays protocol statistics and current TCP/IP network connections.

NETSTAT [-a] [-e] [-n] [-o] [-s] [-p proto] [-r] [interval]

-a Displays all connections and listening ports.
-e Displays Ethernet statistics. This may be combined with
the -s
option.
-n Displays addresses and port numbers in numerical form.
-o Displays the owning process ID associated with each
connection.
-p proto Shows connections for the protocol specified by proto; proto
may be any of: TCP, UDP, TCPv6, or UDPv6. If used with
the -s
option to display per-protocol statistics, proto may be any
of:
IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, or UDPv6.
-r Displays the routing table.
-s Displays per-protocol statistics. By default, statistics
are
shown for IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, and
UDPv6;
the -p option may be used to specify a subset of the
default.
interval Redisplays selected statistics, pausing interval seconds
between each display. Press CTRL+C to stop redisplaying
statistics. If omitted, netstat will print the current
configuration information once.

Stewart.
--
This posting is provided "AS IS" with no warranties, and confers no rights.
--
http://www.microsoft.com/ipv6
http://research.microsoft.com/collaboration/university


Ratson Janiv said:
Hi,
I need to know how many bytes are send and recieved (seperated for
Click to expand...
TCP,
UDP
and ICMP) ?

Any suggestions ?

Thanks,
Janiv Ratson.
Click to expand...
Click to expand...
Click to expand...
 
what is IM

arkadyf said:
That's only possible in driver ( or IM as James Antognini and K_Lee answered
to you ) or you can use LSP but it's covered only winsock and not netbios
sessions
Arkady

Mr. J. said:
10x, but I need to do it programmaticaly ..
Any other suggestions ?



"Stewart Tansley [MSFT]" <[email protected]> wrote in message
What, like netstat?

C:\>netstat -?

Displays protocol statistics and current TCP/IP network connections.

NETSTAT [-a] [-e] [-n] [-o] [-s] [-p proto] [-r] [interval]

-a Displays all connections and listening ports.
-e Displays Ethernet statistics. This may be combined with
the -s
option.
-n Displays addresses and port numbers in numerical form.
-o Displays the owning process ID associated with each
connection.
-p proto Shows connections for the protocol specified by proto; proto
may be any of: TCP, UDP, TCPv6, or UDPv6. If used with
the -s
option to display per-protocol statistics, proto may be any
of:
IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, or UDPv6.
-r Displays the routing table.
-s Displays per-protocol statistics. By default, statistics
are
shown for IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, and
UDPv6;
the -p option may be used to specify a subset of the
default.
interval Redisplays selected statistics, pausing interval seconds
between each display. Press CTRL+C to stop redisplaying
statistics. If omitted, netstat will print the current
configuration information once.

Stewart.
--
This posting is provided "AS IS" with no warranties, and confers no rights.
--
http://www.microsoft.com/ipv6
http://research.microsoft.com/collaboration/university


Hi,
I need to know how many bytes are send and recieved (seperated for
Click to expand...
TCP,
UDP
and ICMP) ?

Any suggestions ?

Thanks,
Janiv Ratson.
Click to expand...
Click to expand...
Click to expand...
 
NDIS IM (for "intermediate") driver, something that can be put on the network driver stack (which is
different from the legacy and WDM driver stack mechanism).
 
And how do I do it ?

Please help, I need anything that makes it for me, hence, telling me
(programmatically) how many bytes transfered via TCP and how many for
UDP, on a specific machine.

Sniffers open source code will also helo, any source code, samples.

Please ......................

10x ,
Janiv.
 
Thomas Divine wrote a nice article on NDIS IM drivers in http://www.wd-3.com/ in July. And he's a real expert on the
topic. And he included source.

An upcoming article on packet filtering for WD3, written by Thomas and me (again with source), may be of use, but it
won't be out till December.
 
I've also noticed that when I double click the network icon on my PC,
I can watch the number of bytes sent and received.
Does is say that there is such a driver on my PC already (maybe
windows'?).
How does this program counting the bytes received and sent ?

About the NDIS, I could foind the article U've mentioned, can U direct
me ?

10x all,
Janiv.
 
Here is the article Thomas Divine published: http://www.wd-3.com/archive/ExtendingPassthru.htm.

As for bytes sent and received, yes, of course, something is keeping the information. The question is how to get it. I
don't know. It's more straightforward to do this via an NDIS IM driver, because that way one is employing a supported
mechanism and not poking into the nooks and crannies of, say, TCPIP.sys or AFD.sys.
 
Back
Top