如何计算每个TCP连接(系统范围)发送和接收的字节数? [英] how to count bytes sent and received per TCP connection (system-wide)?

问题描述

例如最新版本的TCPView具有这样的功能:显示每个TCP连接发送/接收的字节(启动TCPView时开始计数).有没有包嗅探的可能? Windows是否为此提供任何API?我还没有找到这样的性能计数器

e.g. recent versions of TCPView has such functionality: showing bytes sent/received per TCP connection (counting starts when TCPView is launched). is it possible w/o packet sniffering? does windows provides any API for this? I haven't found such Performance Counter

如何枚举所有连接，请参见此处

how to enumerate all connections are described here

TDI是否有助于接收按套接字传输的统计信息? NetBIOS?有什么链接可以挖掘吗?

does TDI help to receive per-socket transfer statistics? NetBIOS? any links where to dig?

推荐答案

我也想实现此功能，所以我反转了tcpview 3.0.2.

I want to implement this function also, so I reverse tcpview 3.0.2.

我发现，tcpview使用WMI性能计数器MSNT_TcpIpInformation.

I found, tcpview use a WMI performance counter MSNT_TcpIpInformation.

但是xp和2003正式不支持MSNT_TcpIpInformation.

But MSNT_TcpIpInformation is not supported in xp and 2003 officially.

这是您可以参考的描述. http://www.scriptinternals.com/new/us/support/Internal /WMI_MSNT_TcpIpInformation.htm

here is the description, you can reference to. http://www.scriptinternals.com/new/us/support/Internal/WMI_MSNT_TcpIpInformation.htm

顺便说一句，MSNT_TcpIpInformation没有有关数据包的信息，因此tcpview每次仅递增已发送的数据包和revd数据包. 这是反汇编:

by the way, MSNT_TcpIpInformation have no information about packets, so tcpview just increment sent and revd packets everytime. here is the disassemble:

CPU Disasm
Address   Hex dump          Command                                           Comments
0040B41B  |.  83E8 02       SUB EAX,2                                         ; Switch (cases 2..3, 3 exits)
0040B41E  |.  74 29         JE SHORT 0040B449
0040B420  |.  83E8 01       SUB EAX,1
0040B423  |.  75 40         JNE SHORT 0040B465
0040B425  |.  8B57 1C       MOV EDX,DWORD PTR DS:[EDI+1C]                     ; Case 3 of switch Tcpview.40B41B
0040B428  |.  0196 90060000 ADD DWORD PTR DS:[ESI+690],EDX
0040B42E  |.  119E 94060000 ADC DWORD PTR DS:[ESI+694],EBX
0040B434  |.  8386 C0060000 ADD DWORD PTR DS:[ESI+6C0],1
0040B43B  |.  119E C4060000 ADC DWORD PTR DS:[ESI+6C4],EBX
0040B441  |.  5E            POP ESI
0040B442  |.  5F            POP EDI
0040B443  |.  5D            POP EBP
0040B444  |.  5B            POP EBX
0040B445  |.  83C4 3C       ADD ESP,3C
0040B448  |.  C3            RETN
0040B449  |>  8B47 1C       MOV EAX,DWORD PTR DS:[EDI+1C]                     ; Case 2 of switch Tcpview.40B41B
0040B44C  |.  0186 78060000 ADD DWORD PTR DS:[ESI+678],EAX
0040B452  |.  119E 7C060000 ADC DWORD PTR DS:[ESI+67C],EBX
0040B458  |.  8386 A8060000 ADD DWORD PTR DS:[ESI+6A8],1
0040B45F  |.  119E AC060000 ADC DWORD PTR DS:[ESI+6AC],EBX
0040B465  |>  5E            POP ESI                                           ; Default case of switch Tcpview.40B41B
0040B466  |.  5F            POP EDI

这篇关于如何计算每个TCP连接(系统范围)发送和接收的字节数?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！