Applications Traffic Watcher (ATW) is a small utility to get information about the amount of data transferred to and from the Internet. It uses the
WinPcap library from here.
Network traffic inside a LAN is calculated, but ignored when calculating costs. So, you can see which applications are consuming traffic. ATW is very useful in understanding how much traffic is consumed by Skype, Gizmo etc.
The idea of the application is quite simple:
- Application Traffic Watcher constantly gets packets from
- It tries to associate packets with process ID using packet's information about local address and port and also information about all active connections, using the functions
- If the application cannot associate the packet with its corresponding process ID, add this packet to a "virtual" application named "Unknown_" and local port number. Unfortunately, sometimes it cannot associate a packet with a process (see "Problems" section of the article).
- ATW determines that either the packet belongs to a local network or to the Internet using lib
IPNumber (Read this article).
There is no installation required if
WinPcap is already installed. Just run the *.exe file. Otherwise you must download
WinPCap from here and install it. After installation, you should maybe restart your computer to properly initialize the
WinPcap drivers - otherwise the program may crash.
As you can see in the screen shot, there are a lot of processes specified as "Unknown_". Unfortunately, I couldn't find any way to determine which application sends/receives packets. Packets couldn't be identified when Internet Explorer/Firefox etc. download some Web pages. They create a lot of connections on different local ports with unknown PIDs (I couldn't associate the connection which I get from
GetExtendedTcpTable and packet which I get from
WinPCap). So, if you can help to resolve this problem, you are welcome to do so.
Another big problem - sometimes ATW consumes a lot of CPU resources and I couldn't minimize it for now.
- SharpPcap - A Packet Capture Framework for .NET
- IP list, Check an IP Number against a List in C#
- Getting Active TCP/UDP Connections on a Box
- Getting Active TCP/UDP Connections using GetExtendedTcpTable Function
To understand how Microsoft does some things and for code optimization, I used the following tools:
- Reflector for .NET
- Interactive Disassembler (IDA)
- Sysinternals tools
- Microsoft Netstat