How to realize the system intercepting network port increased to reduce?-CodePudding

For example,
OnPortAdd (short)
OnPortDel (short)
How to do?
If only for a separate application can use the hooks, without hook how to listen to the global change?

CodePudding user response:

 WinExec (" CMD/c netstat - na & gt; D: \ \ netstat. TXT ", SW_HIDE); 
//then read file d: \ netstat. TXT, the content of the

CodePudding user response:

Thank you, can do real time not too good,,

CodePudding user response:

R0 driver stage firewall can,
R3 LSP can be used to WSPListen know which process is listen.

CodePudding user response:

refer to the second floor oldn_CC_bird response:

thank you, can do real time not too good,,

The bird of good real-time performance, and have to use?

CodePudding user response:

reference 4 floor zhao4zhong1 response:

Quote: refer to the second floor oldn_CC_bird response:

Thank you, can do real time not too good,,

The bird of good real-time performance, and have to use?

I write like this:
OnPortAdd (short)
OnPortDel (short) is to focus on real time,

reference smwhotjay reply: 3/f

R0 driver stage firewall can,
R3 can use the LSP get WSPListen namely know which process is listen.

Thank you, have the case

CodePudding user response:

A process in milliseconds have a port open and close, you don't count on the so-called real-time performance missing?
Even if you're not achieve omissions, one thousand opening and closing of nearly one thousand times per second, your OnXXXX don't take down the CPU?

CodePudding user response:

refer to 6th floor zhao4zhong1 response:

a process open and closed in milliseconds a port, you don't count on the so-called real-time performance missing?
Even if you're not achieve omissions, one thousand opening and closing of nearly one thousand times per second, your OnXXXX don't take down the CPU?

Miss zhao, you can mix points, but don't mislead others, the somebody else say is listening on port, listening? Understand not, that the netstat - a state of LISTENING

CodePudding user response:

https://www.codeproject.com/Articles/5453/Enhance-netstat

CodePudding user response:

refer to 7th floor ZWFGDLC response:

Quote: refer to the sixth floor zhao4zhong1 response:

A process in milliseconds have a port open and close, you don't count on the so-called real-time performance missing?
Even if you're not achieve omissions, one thousand opening and closing of nearly one thousand times per second, your OnXXXX don't take down the CPU?

Miss zhao, you can mix points, but don't mislead others, the somebody else say is listening on port, listening? Understand that no, is LISTENING in the netstat - a state of that kind of

LISTENING and LISTENING here it doesn't matter.

CodePudding user response:

https://docs.microsoft.com/zh-cn/sysinternals/downloads/tcpview

CodePudding user response:

Thank you for your reply,
Said I what to do, and why need onportadd such events;
I want to use winpcap to monitor a process network IO, because winpcap is directly on the port, not directly to process, so I get process corresponding port, only monitor those ports, actually also can, but the also dynamic process to open some port, this can lead to a corresponding relationship with the port I need to get process, but there will be a time difference, the difference will lead to my monitor, network packet omissions, so I hope that in the process of binding a new port, synchronous update my listener port, it should be able to get the package of all,

CodePudding user response:

Don't be to why can literally On events, when necessary, you have to Hook
WinAPIOverride http://jacquelin.potier.free.fr/winapioverride32/

CodePudding user response:

refer to 12 floor zhao4zhong1 reply:

why don't to events can literally On, if necessary, you have to Hook
WinAPIOverride http://jacquelin.potier.free.fr/winapioverride32/

If there is no other solution can only hook,

CodePudding user response:

The WFP know
https://docs.microsoft.com/zh-cn/windows/desktop/FWP/windows-filtering-platform-start-page