I have been looking around for a way to match packets to processes as
well. For Windows XP there is the IP Helper API which uses TcpEx (EX for
extended) and UdpEx functions that can get process id and socket pairs.
With this and some decoding of packets one can then look at the protocol
and por
- Original Message -
From: "Marcin ZajÄczkowski" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Sunday, September 05, 2004 10:32 AM
Subject: Re: [WinPcap-users] Determinate which application sent packet
> Dnia 2004-09-01 20:06, UÅytkownik Guy Harris napisaÅ:
> > On Sep 1, 2004, at 9:1
Guy,
> J. Thomsen wrote:
>
> > Is there a way to clear the receive buffer
> > for packets that are captured before one
> > sets bpf filters ?
>
> If there is any version of libpcap/WinPcap where setting the filter
> doesn't discard all previously-received packets, I'd consider that a bug
> - BP
