A
Andy
Greetings,
Here's my situation:
I'm looking to clean up rogue traffic on a network. I use iphlpapi.dll to
track tcp traffic to it's originating process with gettctptable() - this is
great, it does exactly what I want. I'd like something that can do the same
for icmp and udp. I see there's a getudptable but it has no dst info. So
suppose I have a machine that's trying to talk to dst machine on port 5545 -
is there no hooks I can use to tell which process is creating this traffic?
Similar with icmp - I have a machine that is spewing icmp now and again and
would like to narrow it down to a process if possible.
I'm predicting this can't be done... gettcptable does what I want because it
grabs the state table, it's not actually telling me when and which
application is making a network call (I assume the app name in this case is
just a part of the state table)... Although these personal firewalls
(kerio, zonelabs etc) can do it - there's got to be a way? THERE MUST BE A
WAY!!!
Andy
Here's my situation:
I'm looking to clean up rogue traffic on a network. I use iphlpapi.dll to
track tcp traffic to it's originating process with gettctptable() - this is
great, it does exactly what I want. I'd like something that can do the same
for icmp and udp. I see there's a getudptable but it has no dst info. So
suppose I have a machine that's trying to talk to dst machine on port 5545 -
is there no hooks I can use to tell which process is creating this traffic?
Similar with icmp - I have a machine that is spewing icmp now and again and
would like to narrow it down to a process if possible.
I'm predicting this can't be done... gettcptable does what I want because it
grabs the state table, it's not actually telling me when and which
application is making a network call (I assume the app name in this case is
just a part of the state table)... Although these personal firewalls
(kerio, zonelabs etc) can do it - there's got to be a way? THERE MUST BE A
WAY!!!
Andy