<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content=text/html;charset=iso-8859-1 http-equiv=Content-Type>
<META name=GENERATOR content="MSHTML 8.00.7600.16588"></HEAD>
<BODY style="PADDING-LEFT: 10px; PADDING-RIGHT: 10px; PADDING-TOP: 15px"
id=MailContainerBody leftMargin=0 topMargin=0 CanvasTabStop="true"
name="Compose message area">
<DIV><FONT face=Calibri>As I said, the IP helper API provides such information,
as far as I know. Otherwise you would need to write some lightweight
filter driver (I think that's the name of the technology, it changes
between different windows versions) that will basically interact with the
TCP/IP stack and provide you such information.</FONT></DIV>
<DIV><FONT face=Calibri></FONT> </DIV>
<DIV><FONT face=Calibri>Have a nice day</FONT></DIV>
<DIV><FONT face=Calibri>GV</FONT></DIV>
<DIV style="FONT: 10pt Tahoma">
<DIV><BR></DIV>
<DIV style="BACKGROUND: #f5f5f5">
<DIV style="font-color: black"><B>From:</B> <A
title=greg.hauptmann.ruby@gmail.com
href="mailto:greg.hauptmann.ruby@gmail.com">Greg Hauptmann</A> </DIV>
<DIV><B>Sent:</B> Friday, July 09, 2010 4:13 PM</DIV>
<DIV><B>To:</B> <A
title="mailto:winpcap-users@winpcap.org CTRL + Click to follow link"
href="mailto:winpcap-users@winpcap.org">winpcap-users@winpcap.org</A> </DIV>
<DIV><B>Subject:</B> Re: [Winpcap-users] using Network Monitor versus WinPCap
for realtimenetwork usage statistics monitoring/capture?</DIV></DIV></DIV>
<DIV><BR></DIV>thanks Gianluca
<DIV><BR></DIV>
<DIV>Any other ideas (noting Q1 answer) re how to monitor/track network usage on
a per PC application/process basis then? Is it perhaps an unachievable
thing?</DIV>
<DIV><BR></DIV>
<DIV><BR>
<DIV class=gmail_quote>On 10 July 2010 02:11, Gianluca Varenni <SPAN
dir=ltr><<A
href="mailto:gianluca.varenni@cacetech.com">gianluca.varenni@cacetech.com</A>></SPAN>
wrote:<BR>
<BLOCKQUOTE
style="BORDER-LEFT: #ccc 1px solid; MARGIN: 0px 0px 0px 0.8ex; PADDING-LEFT: 1ex"
class=gmail_quote>
<DIV style="PADDING-LEFT: 10px; PADDING-RIGHT: 10px; PADDING-TOP: 15px"
name="Compose message area">
<DIV><FONT face=Calibri>1. <FONT color=#000000 size=3 face=Calibri>WinPcap
does not provide any information as to which process transmitted a specific
packet. It's possible to get such information (for TCP/UDP connections) with
the IP helper APIs, and correlate it with the packets. In any case, if the
traffic is for example generated by WinPcap, the IP helper API would not
help.</FONT></FONT></DIV>
<DIV><FONT face=Calibri>2. Supported</FONT></DIV>
<DIV><FONT face=Calibri>3. Supported</FONT></DIV>
<DIV><FONT face=Calibri>4. <FONT color=#000000 size=3 face=Calibri>It won't
slow down internet browsing, but it might slow down the machine. At the end of
the story, you are running another application on the system. If the
application is CPU/disk intensive (e.g. becuase it dumps every packet to disk)
then the whole system would slow down.</FONT></FONT></DIV>
<DIV><FONT face=Calibri>5. <FONT color=#000000 size=3 face=Calibri>WinPcap
just provides packets. The application is in charge of saving the collected
data in a way that another application can read such data.</FONT></FONT></DIV>
<DIV><FONT face=Calibri>6. WinPcap needs to be installed separately (there is
no silent installer). If you need to embed WinPcap into a commercial
application and do not want to install WinPcap separately, you can also opt
for WinPcap Professional <A
href="http://www.cacetech.com/products/winpcap_pro.html"
target=_blank>http://www.cacetech.com/products/winpcap_pro.html</A></FONT></DIV>
<DIV><FONT face=Calibri></FONT> </DIV>
<DIV><FONT face=Calibri>Have a nice day</FONT></DIV>
<DIV><FONT face=Calibri>GV</FONT></DIV>
<DIV style="FONT: 10pt Tahoma">
<DIV><BR></DIV>
<DIV style="BACKGROUND: #f5f5f5">
<DIV><B>From:</B> <A
title="mailto:greg.hauptmann.ruby@gmail.com CTRL + Click to follow link"
href="mailto:greg.hauptmann.ruby@gmail.com" target=_blank>Greg Hauptmann</A>
</DIV>
<DIV><B>Sent:</B> Wednesday, July 07, 2010 11:16 PM</DIV>
<DIV><B>To:</B> <A
title="mailto:winpcap-users@winpcap.org CTRL + Click to follow link"
href="mailto:winpcap-users@winpcap.org"
target=_blank>winpcap-users@winpcap.org</A> </DIV>
<DIV><B>Subject:</B> [Winpcap-users] using Network Monitor versus WinPCap for
real timenetwork usage statistics monitoring/capture?</DIV></DIV></DIV>
<DIV>
<DIV></DIV>
<DIV class=h5>
<DIV><BR></DIV>
<DIV><SPAN
style="LINE-HEIGHT: 13px; FONT-FAMILY: 'Segoe UI', 'Lucida Grande', Verdana, Arial, Helvetica, sans-serif; COLOR: rgb(51,51,51); FONT-SIZE: 11px">Hi,</SPAN></DIV>
<DIV><SPAN
style="LINE-HEIGHT: 13px; FONT-FAMILY: 'Segoe UI', 'Lucida Grande', Verdana, Arial, Helvetica, sans-serif; COLOR: rgb(51,51,51); FONT-SIZE: 11px">
<P
style="BORDER-BOTTOM: 0px; BORDER-LEFT: 0px; PADDING-BOTTOM: 0px; LIST-STYLE-TYPE: none; MARGIN: 1em 0px; PADDING-LEFT: 0px; OUTLINE-WIDTH: 0px; PADDING-RIGHT: 0px; FONT-FAMILY: inherit; BORDER-TOP: 0px; BORDER-RIGHT: 0px; TEXT-DECORATION: none; PADDING-TOP: 0px">I
have some requirements I would like to implement, see below. My
questions are:</P>
<P
style="BORDER-BOTTOM: 0px; BORDER-LEFT: 0px; PADDING-BOTTOM: 0px; LIST-STYLE-TYPE: none; MARGIN: 1em 0px; PADDING-LEFT: 0px; OUTLINE-WIDTH: 0px; PADDING-RIGHT: 0px; FONT-FAMILY: inherit; BORDER-TOP: 0px; BORDER-RIGHT: 0px; TEXT-DECORATION: none; PADDING-TOP: 0px">a)
would I be able to use WinPCap to implement these requirements?</P>
<P
style="BORDER-BOTTOM: 0px; BORDER-LEFT: 0px; PADDING-BOTTOM: 0px; LIST-STYLE-TYPE: none; MARGIN: 1em 0px; PADDING-LEFT: 0px; OUTLINE-WIDTH: 0px; PADDING-RIGHT: 0px; FONT-FAMILY: inherit; BORDER-TOP: 0px; BORDER-RIGHT: 0px; TEXT-DECORATION: none; PADDING-TOP: 0px">b)
I'm aware of Microsoft Network Monitor also - anyone across this as well that
would be in a position to suggest which direction I should start going?</P>
<P
style="BORDER-BOTTOM: 0px; BORDER-LEFT: 0px; PADDING-BOTTOM: 0px; LIST-STYLE-TYPE: none; MARGIN: 1em 0px; PADDING-LEFT: 0px; OUTLINE-WIDTH: 0px; PADDING-RIGHT: 0px; FONT-FAMILY: inherit; BORDER-TOP: 0px; BORDER-RIGHT: 0px; TEXT-DECORATION: none; PADDING-TOP: 0px"> </P>
<P
style="BORDER-BOTTOM: 0px; BORDER-LEFT: 0px; PADDING-BOTTOM: 0px; LIST-STYLE-TYPE: none; MARGIN: 1em 0px; PADDING-LEFT: 0px; OUTLINE-WIDTH: 0px; PADDING-RIGHT: 0px; FONT-FAMILY: inherit; BORDER-TOP: 0px; BORDER-RIGHT: 0px; TEXT-DECORATION: none; PADDING-TOP: 0px">Requirements</P>
<P
style="BORDER-BOTTOM: 0px; BORDER-LEFT: 0px; PADDING-BOTTOM: 0px; LIST-STYLE-TYPE: none; MARGIN: 1em 0px; PADDING-LEFT: 0px; OUTLINE-WIDTH: 0px; PADDING-RIGHT: 0px; FONT-FAMILY: inherit; BORDER-TOP: 0px; BORDER-RIGHT: 0px; TEXT-DECORATION: none; PADDING-TOP: 0px"></P>
<P
style="BORDER-BOTTOM: 0px; BORDER-LEFT: 0px; PADDING-BOTTOM: 0px; LIST-STYLE-TYPE: none; MARGIN: 1em 0px; PADDING-LEFT: 0px; OUTLINE-WIDTH: 0px; PADDING-RIGHT: 0px; FONT-FAMILY: inherit; BORDER-TOP: 0px; BORDER-RIGHT: 0px; TEXT-DECORATION: none; PADDING-TOP: 0px">1.
Allow collection / real-time-monitoring of network usage from a users Windows
PC to a specific set of IP addresses (or DNS names), on a per
application/process running on the PC point of view, differentiating between
"up" and "down" traffic. For example: show how much network traffic has
been used (sending to the configured set of IP addresses/DNS names) for each
PC process/application for the day so far.</P>
<P
style="BORDER-BOTTOM: 0px; BORDER-LEFT: 0px; PADDING-BOTTOM: 0px; LIST-STYLE-TYPE: none; MARGIN: 1em 0px; PADDING-LEFT: 0px; OUTLINE-WIDTH: 0px; PADDING-RIGHT: 0px; FONT-FAMILY: inherit; BORDER-TOP: 0px; BORDER-RIGHT: 0px; TEXT-DECORATION: none; PADDING-TOP: 0px">2.
Solution should run on the PC that the user is utilising (i.e. not require
setup of software on a separate PC)</P>
<P
style="BORDER-BOTTOM: 0px; BORDER-LEFT: 0px; PADDING-BOTTOM: 0px; LIST-STYLE-TYPE: none; MARGIN: 1em 0px; PADDING-LEFT: 0px; OUTLINE-WIDTH: 0px; PADDING-RIGHT: 0px; FONT-FAMILY: inherit; BORDER-TOP: 0px; BORDER-RIGHT: 0px; TEXT-DECORATION: none; PADDING-TOP: 0px">3.
For Windows PC (e.g. XP, Vista, Windows 7)</P>
<P
style="BORDER-BOTTOM: 0px; BORDER-LEFT: 0px; PADDING-BOTTOM: 0px; LIST-STYLE-TYPE: none; MARGIN: 1em 0px; PADDING-LEFT: 0px; OUTLINE-WIDTH: 0px; PADDING-RIGHT: 0px; FONT-FAMILY: inherit; BORDER-TOP: 0px; BORDER-RIGHT: 0px; TEXT-DECORATION: none; PADDING-TOP: 0px">4.
Shouldn't cause noticeable performance hit for the users (e.g. slow down
internet browsing)</P>
<P
style="BORDER-BOTTOM: 0px; BORDER-LEFT: 0px; PADDING-BOTTOM: 0px; LIST-STYLE-TYPE: none; MARGIN: 1em 0px; PADDING-LEFT: 0px; OUTLINE-WIDTH: 0px; PADDING-RIGHT: 0px; FONT-FAMILY: inherit; BORDER-TOP: 0px; BORDER-RIGHT: 0px; TEXT-DECORATION: none; PADDING-TOP: 0px">5.
Would want the data collected stored on the PC in a manner that a GUI program
(e.g. C# WPF app) could access for displaying to user.</P>
<P
style="BORDER-BOTTOM: 0px; BORDER-LEFT: 0px; PADDING-BOTTOM: 0px; LIST-STYLE-TYPE: none; MARGIN: 1em 0px; PADDING-LEFT: 0px; OUTLINE-WIDTH: 0px; PADDING-RIGHT: 0px; FONT-FAMILY: inherit; BORDER-TOP: 0px; BORDER-RIGHT: 0px; TEXT-DECORATION: none; PADDING-TOP: 0px">6.
If possible ability to satisfy with only one application download/install
(i.e. if possible no dependency on the user pre-installing another
application)</P></SPAN></DIV></DIV></DIV>
<DIV><SPAN
style="LINE-HEIGHT: 13px; FONT-FAMILY: 'Segoe UI', 'Lucida Grande', Verdana, Arial, Helvetica, sans-serif; COLOR: rgb(51,51,51); FONT-SIZE: 11px">Have
a nice day</SPAN></DIV>
<DIV><SPAN
style="LINE-HEIGHT: 13px; FONT-FAMILY: 'Segoe UI', 'Lucida Grande', Verdana, Arial, Helvetica, sans-serif; COLOR: rgb(51,51,51); FONT-SIZE: 11px">GV</SPAN></DIV>
<DIV><SPAN
style="LINE-HEIGHT: 13px; FONT-FAMILY: 'Segoe UI', 'Lucida Grande', Verdana, Arial, Helvetica, sans-serif; COLOR: rgb(51,51,51); FONT-SIZE: 11px"><FONT
color=#000000 size=3 face=Calibri></FONT></SPAN> </DIV>
<DIV
style="PADDING-BOTTOM: 0px; BORDER-RIGHT-WIDTH: 0px; MARGIN: 0px; PADDING-LEFT: 0px; OUTLINE-WIDTH: 0px; PADDING-RIGHT: 0px; FONT-FAMILY: inherit; BORDER-TOP-WIDTH: 0px; BORDER-BOTTOM-WIDTH: 0px; BORDER-LEFT-WIDTH: 0px; PADDING-TOP: 0px"><BR></DIV>
<DIV
style="PADDING-BOTTOM: 0px; BORDER-RIGHT-WIDTH: 0px; MARGIN: 0px; PADDING-LEFT: 0px; OUTLINE-WIDTH: 0px; PADDING-RIGHT: 0px; FONT-FAMILY: inherit; BORDER-TOP-WIDTH: 0px; BORDER-BOTTOM-WIDTH: 0px; BORDER-LEFT-WIDTH: 0px; PADDING-TOP: 0px">thanks</DIV>
<DIV><BR><BR></DIV>
<P></P>
<HR>
<P></P>_______________________________________________<BR>Winpcap-users
mailing list<BR><A href="mailto:Winpcap-users@winpcap.org"
target=_blank>Winpcap-users@winpcap.org</A><BR><A
href="https://www.winpcap.org/mailman/listinfo/winpcap-users"
target=_blank>https://www.winpcap.org/mailman/listinfo/winpcap-users</A><BR>
<P></P></DIV><BR>_______________________________________________<BR>Winpcap-users
mailing list<BR><A
href="mailto:Winpcap-users@winpcap.org">Winpcap-users@winpcap.org</A><BR><A
href="https://www.winpcap.org/mailman/listinfo/winpcap-users"
target=_blank>https://www.winpcap.org/mailman/listinfo/winpcap-users</A><BR><BR></BLOCKQUOTE></DIV><BR><BR
clear=all><BR>-- <BR>Greg <BR><A
href="http://blog.gregnet.org/">http://blog.gregnet.org/</A><BR><BR><BR></DIV>
<P>
<HR>
<P></P>_______________________________________________<BR>Winpcap-users mailing
list<BR>Winpcap-users@winpcap.org<BR>https://www.winpcap.org/mailman/listinfo/winpcap-users<BR></BODY></HTML>