在Windows上以编程方式获取每个进程的网络统计信息?
我想找出哪些进程正在使用我的网络.在Linux中这很容易,但是我对在Windows中如何做到这一点感到困惑.
I'd like to find out which processes are using my network. This is quite easy in Linux, but I'm stumped as to how to do this in Windows.
从本质上讲,我希望每个过程都知道它在一个时间段内已向网络读取/写入了多少个字节.如果我能知道IP地址/端口号等,那太好了.
Essentially, I'd like, for each process, to know how many bytes it has read/written to the network over a time period. If I could know IP addresses/port numbers, etc., that would be awesome.
有指针吗? Windows Vista/Windows 2008似乎能够在资源监视器中执行此操作.他们是如何做到的呢?开销是多少?
Any pointers? Windows Vista/Windows 2008 seem to be able to do this in Resource Monitor. How do they do it? What's the overhead?
我想用自己的代码执行此操作,因此实用程序(TCPView,PerfMon)对我没有用.我还想拥有单独的磁盘和网络I/O计数器,因此默认性能计数器是不够的.
I want to do this in my own code, so utilities (TCPView, PerfMon) aren't useful to me. I'd also like to have separate disk and network I/O counters, so the default performance counters aren't enough.
首选Windows XP,2003,Vista,2008和7. Win32或COM OK.
Windows XP, 2003, Vista, 2008 and 7 preferred. Win32 or COM OK.
我为此编写了一个解决方案.
I wrote a solution to this.
TDI筛选器驱动程序用于收集统计信息,该服务与驱动程序进行通信并每秒获取一次统计信息.由于过滤器位于TDI层,因此我知道哪些套接字属于哪些应用程序.该服务是用于此数据的服务器,通过我编写的API通过共享内存将其提供给任意第三方客户端.我写了一个GUI和一个命令行客户端.
A TDI filter driver to collect the stats, a service which communicates with the driver and gets the stats once per second. Since the filter is at the TDI layer, I know which sockets belong to which applications. The service is a server for this data, offering it via shared memory to arbitrary third party clients via an API I wrote. I wrote a GUI and a command line client.
您还可以在窗口中通过带宽形状发送(按接口和/或应用程序和/或套接字)并实时查看通过套接字的数据.
You can also bandwidth shape sends (per interface and/or application and/or socket) and watch data passing over a socket in real time, in a window.