[EMAIL PROTECTED] wrote:
I'm having some difficulty with a particular problem:
I want to be able to monitor tcp packets flowing through a tcp port in a pc (running windows xp or 2003), but I am not concerned about traffic through the ethernet adapter.
Example - A process abc.exe is listening on port n. Some other process connects to the port either from the same machine or another machine. I want to be able to monitor the coversation by attaching somehow to the port n.
Is this pissible?
(I presume you mean "possible". :-))
I don't know of any way to tap into network traffic at, say, the TCP layer. Perhaps there is a way, but, if there is, I'm not familiar with it.
If the two processes are on separate machines, and the network device used is one WinPcap can handle, you could capture with {WinDump,Analyzer,Ethereal,etc.} with a filter "port n".
Unfortunately, Windows is one of the systems on which traffic from the machine to itself can't be captured, unless WinPcap supports the "Microsoft Loopback Adapter", which I have the impression it might not do. You could always try it; see
http://support.microsoft.com/default.aspx?scid=kb;en-us;839013
http://support.microsoft.com/default.aspx?scid=kb;en-us;842561
If that doesn't work, I don't know what would.
================================================================== This is the WinPcap users list. It is archived at http://www.mail-archive.com/winpcap-users@winpcap.polito.it/
To unsubscribe use mailto: [EMAIL PROTECTED]
==================================================================
