Applications Traffic Watcher Lite (ATWL) is a small utility to get information about the costs of the downloaded internet traffic consumed by different applications. It uses the
WinPcap library from here. Network traffic inside a LAN is calculated, but ignored when calculating costs. ATWL is very useful to understand how much traffic is consumed by Skype, Gizmo, etc.
The idea of the application is quite simple:
- Application Traffic Watcher Lite constantly gets packets from
- It tries to associate packets with process ID using packet's information about local address and port and also information about all active connections, using functions
- If the application couldn't associate packet with corresponding process ID, it adds this packet to "virtual" application named "
Unknown_" and local port number. Unfortunately, sometimes it cannot associate packet with process (see "Troubles" section of the article).
- ATWL determines either packet belongs to local network or to external using lib
Program installs by setup.msi file. Just run it, sit back and relax. ;-) The installation is required if
WinPcap is already installed. Otherwise you must download
WinPCap from http://www.winpcap.org and install it. After installation, you should maybe restart your computer to properly initialize the
WinPcap drivers - otherwise the program may crash.
The user can tune the application using the options dialog.
As you can see in the application predecessor screenshot, there are a lot of processes with name "
Unknown_". Unfortunately, I still couldn't find any way to determine which application sends/receives packets. Packets couldn't be identified when Internet Explorer/Firefox, etc. download some web pages. They create a lot of connections on different local ports with unknown PID (I couldn't associate the connection which I get from
GetExtendedTcpTable and packet which I get from
WinPCap). So, if you can help in resolving this problem - welcome.
Another big trouble - sometimes ATWL consumes a lot of CPU resources. After hard code refactoring and optimization, I minimize CPU consuming, but sometimes it is still too big.
CPU resources eat
WinPCap library. Unfortunately there is only one way to solve this problem - use filters when using
WinPCap library to reject packets from applications which are not interesting for monitoring. But it's not a suitable thing, I think.
Password to change options and exit - bizkit. User with role administrator can do everything without entering password.
- SharpPcap - A packet capture framework for .NET
- IP list, Check an IP number against a list in C#
- Getting active TCP/UDP connections on a box
- Getting active TCP/UDP connections using
- Applications Traffic Watcher
- 14th July, 2006: Initial post