Getting per process stats similar to TCPView

Question

0.00/5 (No votes)

See more:

Hi,

TCPView is a Sysinternals tool that gives a superset of information of netstat. It gives per connection stats such as packets/ bytes sent/ received.

It uses Windows IP Helper API GetPerTcpConnectionEStats and GetPerTcp6ConnectionEStats presumably for TCP and TCP6 sockets.

However IP helper does not have similar functions for UDP. Moreover IPHelper does not support XP. But TCPView gives stats for UDP sockets and works on XP too.

TCPView has a binary resource embedded which I read somewhere could be a driver that supports getting the stats. I deleted this resource and saved the exe and still it runs the same on XP and WIndows 7.

Can someone help how TCPView is showing stats for UDP sockets and work on XP as well.

Thanks in advance.
MK.

Posted 25-Oct-10 3:41am

mahendra.kumar.786

Updated 25-Oct-10 19:00pm

v3

Add a Solution

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

creizlein · Answer 1 · 2011-02-08T16:44:00

I'm not 100% sure that tcpview uses GetPerTcpConnectionEStats as you mention, in fact, im pretty sure that it doesn't use them, if you look at the PE these calls are not imported. (but i may be wrong on this)

What i can tell you for sure is that TCPview leverages on ETW for monitoring network activity.
Search for APIs StartTrace, OpenTrace, ProcessTrace.

I'm about to implement the same functionality and im running into these issues as well, hope this helps...