-1

With winpcap or libpcap I can find the port. But how do I know which app was listening to the port while the package was received? Thank in advance

Avremi
  • 3
  • 3
  • Is your question for a specific operating system, or is it for any operating system? You should probably take a look at the content in [how to ask](https://stackoverflow.com/help/how-to-ask) and [this checklist](https://codeblog.jonskeet.uk/2012/11/24/stack-overflow-question-checklist/) to get an idea of what Stack Overflow expects out of a question. – Ross Jacobs May 06 '20 at 22:45
  • Sorry, I'm really new here. My question is for any operating system, and Focusing on a packet that **was** sent in the past. And now the app that was listen to the port was terminated. @Ross Jacobs – Avremi May 07 '20 at 05:17

1 Answers1

1

In general, that information cannot be derived purely from the pcap file.

IP, TCP, and UDP headers have addresses and port numbers, but they don't have anything indicating the application from which they're sent or to which they're being received.

That information would have to be determined on the machine running the application; the way that's done depends on the operating system.

user13251981
  • 96
  • 1
  • Thank for your answer. My question is theoretically regardless of any particular operating system. And the question is, is it possible to know which app received a previously shipped packet? meaning after the app stopped running? – Avremi May 07 '20 at 04:55
  • Theoretically, anything is possible. Specifics are helpful here to provide specific answers. You won’t be able to implement anything with a general answer, which this one is. – Ross Jacobs May 07 '20 at 05:35
  • Okay, I want to implement on Windows operating system, using **pcap.Net** (wraper to **winpcap**) to capture the pcap packet. is it possible to know which app received a previously shipped packet? Thanks a lot @Ross Jacobs – Avremi May 07 '20 at 06:18
  • So ask this as a separate question so that you can provide sufficient detail, keeping in mind the how to ask checklist. – Ross Jacobs May 07 '20 at 06:38