tcppcaplibpcapwinpcap

It is possible to find what application was listening on a TCP/IP port from "pcap" file?


With winpcap or libpcap I can find the port. But how do I know which app was listening to the port while the package was received? Thank in advance


Solution

  • In general, that information cannot be derived purely from the pcap file.

    IP, TCP, and UDP headers have addresses and port numbers, but they don't have anything indicating the application from which they're sent or to which they're being received.

    That information would have to be determined on the machine running the application; the way that's done depends on the operating system.