programs their connections and their bandwidth

[frozen]

I'm looking to write something like

http://uploader.ws/upload/200802/eset.png

I've looked over the IPHLPAPI.DLL functions (whats documented and whats around on the undocumented) and a few other areas and just can't see how ESET wrote this program of theirs. I'm really hoping I don't have to write a driver.

[Hack]

I get a blank page when I click your link.

What are you trying to write and what language are you using to write it in?

[frozen]

Copy and paste the URL I guess it doesn't allow referrers. I haven't chosen a language yet. So far I have been using Perl to test iphlpapi functions.

[Hack]

Ok....so you would like us to help with what at this point?

[frozen]

Finding the API calls I need to write the program...

[Hack]

Well, it is a little difficult to ascertain the correct API syntax when the development language is not known.

Assuming you are doing an uploader program (this has never been specifically stated - and I understand uploader program to be a program that uploads files from a pc to some internet site somewhere), and you were going to be using VB or VB.NET, I could suggest looking at the INet control rather than APIs

[frozen]

I'm talking about the Windows API, what language I am using is irrelevant.

I'm trying to write a bandwidth monitor like the one in the above screen shot. It shows all connections a machine has established and how much bandwidth each one is using (kB/s). I have found out netstat uses IPHLPAPI.DLL and even though netstat doesn't even show what I am looking for I figured it was a start. I have been researching this DLL but most of it is undocumented. Other then the program in the screen shot I have never seen this done before and I would just use the program in the screen shot if it wasn't part of a firewall I don't want. I thought thats how they did it (with the firewall drivers) but I've been told its possible to do this without writing a driver.

[Chris001]

NetLimiter shows you that information and it allows you to limit the amount of bandwidth used by each application.

http://img101.imageshack.us/img101/2...imiter1oq1.png

[frozen]

NetLimiter is pretty far from what I am looking for. Little too feature rich and not even what I really want.

[frozen]

I stand corrected, I was using a rather old version. NetLimiter is pretty much what I wanted. Would still like to know about the API however.

[Doogle]

Looking at the IP Helper API set there doesn't seem to be a direct way of locating 'bandwidth per connection' on systems earlier than Vista. There appear to have been (at least) two new APIs added with Vista:

GetPerTcpConnectionEStats and GetPerTcp6ConnectionEStats

which would appear to provide stats on a per connection basis.

The GetOwnerModuleFromTcpEntry API (supported on XP) will return the path to and name of the module which caused the bind. So with that information and by snapshotting process information it might be possible to estimate the Network I/O and hence Network Utilisation per application. I've not tried it but.....

My guess is that whoever wrote NetLimiter has code running at the Network or Transport Layer of the ISO Stack where packets, packet type, and packet size per Port would be exposed and quite easy to count.

If Microsoft hadn't (silently) 'hotfixed' XPs capability to support Raw sockets, that would have been another possible method.

[Doogle]

I've had a play with some of the APIs. The GetExtendedTcpTable API (available on XP SP2 and above) seems to be the starting point. It will return the IP Addresses and Ports of both ends of each connection together with the PID of the process responsible for the bind.

Using the PID the I/O counts associated with it can also be obtained through WMI. (Win32.Process class) I did try using GetProcessIoCounters but that returned values very different from those reported by Task Manager and WMI.

I'm still playing, but have discovered that the "Other I/O" counter includes Network traffic, so an estimate of Bandwidth utilisation, per application (& therefore .exe), can be obtained by measuring the delta value over time.

What I'm not sure of, is what else gets put into the "Other I/O" bucket and hence, how good or bad the bandwidth estimate actually is. I suspect the only way is to compare results with something like NetLimiter.