How to monitor network traffic for a process
-
I have a parent process that creates a child process that in turn exchanges data with an external network addressed computer. I would like the parent to be able to monitor the amount of data the child is sending and receiving. The application runs on W2K through Win7 and is written in C/C++. I already have the handles and PIDs of both the parent and child and know the internal IP address, external IP address and the IP address and port on the external network computer. I found some sniffer articles on here that may apply but they require a driver installed which I can not allow. Any suggestions or help is appreciated.
-
I have a parent process that creates a child process that in turn exchanges data with an external network addressed computer. I would like the parent to be able to monitor the amount of data the child is sending and receiving. The application runs on W2K through Win7 and is written in C/C++. I already have the handles and PIDs of both the parent and child and know the internal IP address, external IP address and the IP address and port on the external network computer. I found some sniffer articles on here that may apply but they require a driver installed which I can not allow. Any suggestions or help is appreciated.
feanorgem wrote:
but they require a driver installed which I can not allow
thats a shame - I was going to suggest you look at WinPCAP (the underlying engine for WireShark) formerly Ethereal http://www.wireshark.org/[^] Microsoft also has a network monitor that has an API, not sure if it requires its own driver ... http://blogs.technet.com/netmon/archive/2008/09/17/network-monitor-3-2-has-arrived.aspx[^] Im just not sure there's much out there that gives you accurate results without using a driver (happy if someone else knows one) 'g'
-
I have a parent process that creates a child process that in turn exchanges data with an external network addressed computer. I would like the parent to be able to monitor the amount of data the child is sending and receiving. The application runs on W2K through Win7 and is written in C/C++. I already have the handles and PIDs of both the parent and child and know the internal IP address, external IP address and the IP address and port on the external network computer. I found some sniffer articles on here that may apply but they require a driver installed which I can not allow. Any suggestions or help is appreciated.
I had a thought ... write a high speed tcp/ip proxy server to sit 'inbetween' your end-points - it simply needs to add up bytes/packets in/out and present that into in a shared-memory area or such but thats an extra component ! in reality its doing the same as WinPCAP in stats mode, just from a higher level 'g'
-
I have a parent process that creates a child process that in turn exchanges data with an external network addressed computer. I would like the parent to be able to monitor the amount of data the child is sending and receiving. The application runs on W2K through Win7 and is written in C/C++. I already have the handles and PIDs of both the parent and child and know the internal IP address, external IP address and the IP address and port on the external network computer. I found some sniffer articles on here that may apply but they require a driver installed which I can not allow. Any suggestions or help is appreciated.
Is the child process yours? If so forget all this fancy stuff and just have the child process report its progress to the parent (or otherwise publish them where the parent can access).
Steve
-
Is the child process yours? If so forget all this fancy stuff and just have the child process report its progress to the parent (or otherwise publish them where the parent can access).
Steve
No, only the parent process is my code. But I do have access to the child via the PID and its handle as well as knowing all the IP addresses involved in the transfers. I don't really care if the answer is totally accurate, but just a general knowledge that the link is alive and continually sending data back and forth.
-
I had a thought ... write a high speed tcp/ip proxy server to sit 'inbetween' your end-points - it simply needs to add up bytes/packets in/out and present that into in a shared-memory area or such but thats an extra component ! in reality its doing the same as WinPCAP in stats mode, just from a higher level 'g'
-
I was hoping someone knew of an API call that I wasn't able to find perhaps something like: GetProcessIoCounters or GetIpStatistics or GetTcpTable but I'm not sure if any of these are appropriate.
well, I have seen a C# way of doing it but cant remember all the steps to capture packets .. my first thought was also that it could cause performance issues on the local machine at least ... I think they opened a socket for receive, bound something like IP-Address-Any to it and then received all the packets from the network adaptor, mapping the packet receive to an event that they could monitor/wait for ... when the event was tripped that had a packet obkect they decoded the basic fields from - I just cant remember who did it and what the pitfalls were Actually David Crow has an article here about GetIPStatistics, the best thing to do is 'suck it and see' - if as a standalone it gives you what you're looking for you could look at including his functionality in your program (and crediting him of course) - see More on using IP Helper API’s[^] 'g'
-
No, only the parent process is my code. But I do have access to the child via the PID and its handle as well as knowing all the IP addresses involved in the transfers. I don't really care if the answer is totally accurate, but just a general knowledge that the link is alive and continually sending data back and forth.
Ok. Can you tell us any more about the "child" application? For example, it may be able to split out progress reports to
stdoutin which case pipes and output redirection could be used. This is just an example, but you get the idea: it may already provide a notification mechanism you can use.Steve
-
Ok. Can you tell us any more about the "child" application? For example, it may be able to split out progress reports to
stdoutin which case pipes and output redirection could be used. This is just an example, but you get the idea: it may already provide a notification mechanism you can use.Steve
-
well, I have seen a C# way of doing it but cant remember all the steps to capture packets .. my first thought was also that it could cause performance issues on the local machine at least ... I think they opened a socket for receive, bound something like IP-Address-Any to it and then received all the packets from the network adaptor, mapping the packet receive to an event that they could monitor/wait for ... when the event was tripped that had a packet obkect they decoded the basic fields from - I just cant remember who did it and what the pitfalls were Actually David Crow has an article here about GetIPStatistics, the best thing to do is 'suck it and see' - if as a standalone it gives you what you're looking for you could look at including his functionality in your program (and crediting him of course) - see More on using IP Helper API’s[^] 'g'