I'm currently making an application that, amongst other things, monitors connections on the host system. I have no problems monitoring the packets but I'm having a hard time finding the source application of the packet (on the local system). Applications such as NetLimiter are able to tell where a specific packet originated from. Does anyone know how to achieve this? How can one find the process that sent the packet on the host system? I know one can do this in WinXP (and later) systems with the undocumented AllocateAndGet(Tcp/Udp)ExTableFromStack() API function, but how does one achieve it on Win2k systems? Huge thanks in advance,

Maybe a look into the source code for TCPView will help you:

http://www.sysinternals.com/ntw2k/source/tcpview.shtml

Yeah, already did that. The problem is just that it uses the above-mentioned function which works only in WinXP and not in Win2k.

I need something that will run on both operating systems. :)