Find Process ID by Network Monitor API

Jul 4, 2009 at 5:27 PM

Hi,

  How can I find Proces ID of a process send/receive a network frame in the live session, like TCPView?

  I think I should use conversation to get process ID, but I don't know how to do that.

  Any hint?

 

 

 

Jul 6, 2009 at 6:56 PM

Hi,

NMCap and NMAPI cannot capture the process information in live capture scenarios.

However, if you have a capture file which was captured using the Network Monitor UI, then you can still read that information from the capture file using our API.

You'll want to make sure you turn Conversations on with NmConfigConversation.  And then you can use NmAddProperty and NmGetPropertyValueById, or NmGetPropertyValueByName to retrieve the following properties:

Conversation.ProcessName
Conversation.ProcessId

Hope that helps.  Let me know if you have any other questions.

Michael

Jul 6, 2009 at 11:55 PM

Just like you said, I can not get proess information directly using API.

Also I found the file file created by UI differs from that created by API. The file created by UI contains process information.

I can follow the example to get procss id.

But I need to do this in a live session with no human control the UI.So I will try to find other way to do that.

Thanks for the replay. 

Jul 7, 2009 at 12:33 AM

Hi,

Sorry I can't be of more help.  Currently, as we state in our help file, the only way to retrieve process information is with the UI.

We have had lots of requests for being able to capture process information with our command line tool, so we are aware of this limitation.

I hope you find a solution to your problem.

Michael