Home/ Questions/Q 3846174
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-19T16:21:27+00:00

e.g. recent versions of TCPView has such functionality: showing bytes sent/received per TCP connection

  • 0

e.g. recent versions of TCPView has such functionality: showing bytes sent/received per TCP connection (counting starts when TCPView is launched). is it possible w/o packet sniffering? does windows provides any API for this? I haven’t found such Performance Counter

how to enumerate all connections are described here

EDIT: does TDI help to receive per-socket transfer statistics? NetBIOS? any links where to dig?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I want to implement this function also, so I reverse tcpview 3.0.2.

    I found, tcpview use a WMI performance counter MSNT_TcpIpInformation.

    But MSNT_TcpIpInformation is not supported in xp and 2003 officially.

    here is the description, you can reference to.
    http://www.scriptinternals.com/new/us/support/Internal/WMI_MSNT_TcpIpInformation.htm

    by the way, MSNT_TcpIpInformation have no information about packets, so tcpview just increment sent and revd packets everytime.
    here is the disassemble:

    CPU Disasm
Address   Hex dump          Command                                           Comments
0040B41B  |.  83E8 02       SUB EAX,2                                         ; Switch (cases 2..3, 3 exits)
0040B41E  |.  74 29         JE SHORT 0040B449
0040B420  |.  83E8 01       SUB EAX,1
0040B423  |.  75 40         JNE SHORT 0040B465
0040B425  |.  8B57 1C       MOV EDX,DWORD PTR DS:[EDI+1C]                     ; Case 3 of switch Tcpview.40B41B
0040B428  |.  0196 90060000 ADD DWORD PTR DS:[ESI+690],EDX
0040B42E  |.  119E 94060000 ADC DWORD PTR DS:[ESI+694],EBX
0040B434  |.  8386 C0060000 ADD DWORD PTR DS:[ESI+6C0],1
0040B43B  |.  119E C4060000 ADC DWORD PTR DS:[ESI+6C4],EBX
0040B441  |.  5E            POP ESI
0040B442  |.  5F            POP EDI
0040B443  |.  5D            POP EBP
0040B444  |.  5B            POP EBX
0040B445  |.  83C4 3C       ADD ESP,3C
0040B448  |.  C3            RETN
0040B449  |>  8B47 1C       MOV EAX,DWORD PTR DS:[EDI+1C]                     ; Case 2 of switch Tcpview.40B41B
0040B44C  |.  0186 78060000 ADD DWORD PTR DS:[ESI+678],EAX
0040B452  |.  119E 7C060000 ADC DWORD PTR DS:[ESI+67C],EBX
0040B458  |.  8386 A8060000 ADD DWORD PTR DS:[ESI+6A8],1
0040B45F  |.  119E AC060000 ADC DWORD PTR DS:[ESI+6AC],EBX
0040B465  |>  5E            POP ESI                                           ; Default case of switch Tcpview.40B41B
0040B466  |.  5F            POP EDI
    • 0