Click here to Skip to main content
15,868,051 members
Articles / Operating Systems / Windows
Article

Applications Traffic Watcher

Rate me:
Please Sign up or sign in to vote.
4.74/5 (18 votes)
17 Jul 2006CPOL2 min read 127.7K   11.9K   125   20
Applications Traffic Watcher is a small utility to get information about the amount of data transferred to and from the Internet.
Sample Image - apptraffwatcher.gif - Click to enlarge image

Introduction

Applications Traffic Watcher (ATW) is a small utility to get information about the amount of data transferred to and from the Internet. It uses the WinPcap library from here.

Network traffic inside a LAN is calculated, but ignored when calculating costs. So, you can see which applications are consuming traffic. ATW is very useful in understanding how much traffic is consumed by Skype, Gizmo etc.

Main Idea

The idea of the application is quite simple:

  1. Application Traffic Watcher constantly gets packets from WinPCap.
  2. It tries to associate packets with process ID using packet's information about local address and port and also information about all active connections, using the functions GetExtendedTcpTable or GetExtendedUdpTable.
  3. If the application cannot associate the packet with its corresponding process ID, add this packet to a "virtual" application named "Unknown_" and local port number. Unfortunately, sometimes it cannot associate a packet with a process (see "Problems" section of the article).
  4. ATW determines that either the packet belongs to a local network or to the Internet using lib IPNumber (Read this article).

Installation

There is no installation required if WinPcap is already installed. Just run the *.exe file. Otherwise you must download WinPCap from here and install it. After installation, you should maybe restart your computer to properly initialize the WinPcap drivers - otherwise the program may crash.

Problems

As you can see in the screen shot, there are a lot of processes specified as "Unknown_". Unfortunately, I couldn't find any way to determine which application sends/receives packets. Packets couldn't be identified when Internet Explorer/Firefox etc. download some Web pages. They create a lot of connections on different local ports with unknown PIDs (I couldn't associate the connection which I get from GetExtendedTcpTable and packet which I get from WinPCap). So, if you can help to resolve this problem, you are welcome to do so.

Another big problem - sometimes ATW consumes a lot of CPU resources and I couldn't minimize it for now.

References

  1. SharpPcap - A Packet Capture Framework for .NET
  2. IP list, Check an IP Number against a List in C#
  3. Getting Active TCP/UDP Connections on a Box
  4. Getting Active TCP/UDP Connections using GetExtendedTcpTable Function
  5. TrafficWatcher

Tools

To understand how Microsoft does some things and for code optimization, I used the following tools:

  1. Reflector for .NET
  2. Interactive Disassembler (IDA)
  3. ANTS
  4. Sysinternals tools
  5. Microsoft Netstat

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)


Written By
Web Developer
Russian Federation Russian Federation
I am a CIO in Nizhny Novgorod, Russia.

Comments and Discussions

 
QuestionI have a solution the the UnKnow processes Pin
Member 1001041327-Apr-13 7:04
Member 1001041327-Apr-13 7:04 
The trouble is that NetStat along with the win-api "GetExtendedTcpTable" does not get all the connections being used and i have some code like your and it deals with the problem by trying to resolve a process name by the source IP/Port and destination IP/Port and if both match then the process-name and port are held in a collection.

if I then find a destination address like 123.123.123.123:80 has no process then it look in the collectiion for the last process that used port 80 and uses that name.

Not 100% perfect and yes it's a guess but it does seem to work and i was going to post the code here but the page for releasing an article on this site keeps crashing so i gave in trying.

Don't take this to the bank but i think microsofts firewall lets outbound connections pass if it cannot resolve the connection to a process and even MS network monitor cannot resolve the connections PID's any better than wireshark so what does that say about microsoft and security ?
QuestionWin7 x64 Pin
Andrew de Jonge3-Oct-12 2:50
Andrew de Jonge3-Oct-12 2:50 
Questioncraft packet? Pin
Huisheng Chen1-Jan-09 15:37
Huisheng Chen1-Jan-09 15:37 
Questionatw Pin
Jan Stetka11-Apr-08 12:04
Jan Stetka11-Apr-08 12:04 
GeneralFull Project Pin
M.A.B.30-Jul-07 2:48
M.A.B.30-Jul-07 2:48 
GeneralCannot stop monitoring and cannot close the application Pin
Nonthanut24-Apr-07 21:53
Nonthanut24-Apr-07 21:53 
GeneralDoes not run on x64 windows Pin
manfbraun8-Apr-07 12:32
manfbraun8-Apr-07 12:32 
GeneralRe: Does not run on x64 windows Pin
Warlib8-Apr-07 20:02
Warlib8-Apr-07 20:02 
GeneralRe: Does not run on x64 windows Pin
manfbraun8-Apr-07 22:39
manfbraun8-Apr-07 22:39 
GeneralWrong IPNumbers Version Pin
KevinI5930-Jul-06 5:37
KevinI5930-Jul-06 5:37 
GeneralRe: Wrong IPNumbers Version Pin
Warlib30-Jul-06 8:04
Warlib30-Jul-06 8:04 
Generalmissing projects in zip files Pin
David Every10-Jul-06 16:30
David Every10-Jul-06 16:30 
GeneralRe: missing projects in zip files [modified] Pin
Warlib10-Jul-06 19:18
Warlib10-Jul-06 19:18 
GeneralRe: missing projects in zip files Pin
chakkaradeepcc27-Sep-06 18:38
chakkaradeepcc27-Sep-06 18:38 
GeneralRe: missing projects in zip files Pin
Warlib27-Sep-06 19:03
Warlib27-Sep-06 19:03 
GeneralRe: missing projects in zip files Pin
chakkaradeepcc27-Sep-06 20:50
chakkaradeepcc27-Sep-06 20:50 
GeneralRe: missing projects in zip files Pin
Warlib27-Sep-06 20:58
Warlib27-Sep-06 20:58 
GeneralRe: missing projects in zip files Pin
chakkaradeepcc27-Sep-06 21:36
chakkaradeepcc27-Sep-06 21:36 
GeneralRe: missing projects in zip files Pin
Warlib27-Sep-06 21:51
Warlib27-Sep-06 21:51 
GeneralRe: missing projects in zip files Pin
Tefo25-Jul-07 3:13
Tefo25-Jul-07 3:13 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.