Hi guys
Imagine that I've written a packet sniffer to scan my network activity as Data mining purpose.

I'm curious is it possible to find out the application names too ? so that I can add the name in my database :)..

Thanks in advance

Each program that sends packets more then likely has a predefined structure, so you could read first few bytes of packet and get most likely program.

Also if you check the port that could be more helpful as there uassly unique.

Another would be check destination ip. Have a list you check against(somthing like this).

PortUsed,DestIp:NameOfProgram

Read in whole file when app starts. Use , as delimiter and read in vars to check against and : to read in name of app. There is nice containers you could use to link vars to name. Or just recursively search each line till match found or EOF.

Hi,

Use GetTcpTable() function it will do the job you need.

GL

I don't know how this function alone will get you the EXE file which send/receive data on the network.

There is an undocumented way by using AllocateAndGetTcpExTableFromStack() and AllocateAndGetUdpExTableFromStack() from IpHelperApi whose prototypes are:


Source:
http://www.codeproject.com/Articles/4298/Getting-active-TCP-UDP-connections-on-a-box


Once you have the PID is a piece of cake to use QueryFullProcessImageName() to get actual executable name.
http://msdn.microsoft.com/en-us/library/windows/desktop/ms684919(v=vs.85).aspx