public static List<Proc> getProcessTree(PacketStatistic statistic) { var relations = new Dictionary<int, List<int>>(); var procs = new Dictionary<int, Proc>(); var searcher = new ManagementObjectSearcher("select * from win32_process"); foreach(var res in searcher.Get()) { // res info at https://msdn.microsoft.com/en-us/library/aa394372(v=vs.85).aspx int pid = Convert.ToInt32(res["ProcessId"].ToString()); int ppid = Convert.ToInt32(res["ParentProcessId"].ToString()); string name = res["Name"].ToString(); procs[pid] = new Proc() { processId = pid, parentId = ppid, processName = name }; } var dataCount = statistic.refreshData(); var pc = new ProcessConnection(); foreach(var con in pc.connections) { if (con.pid != 0 && procs.ContainsKey(con.pid)) { procs[con.pid].connections.Add(con); if (dataCount.ContainsKey(con)) { procs[con.pid].speed += dataCount[con]; } } } var children = new HashSet<int>(); foreach(var res in procs) { int pid = res.Value.processId; int ppid = res.Value.parentId; if (ppid != 0 && procs.ContainsKey(ppid)) { procs[ppid].children.Add(procs[pid]); children.Add(pid); } } var result = new List<Proc>(); foreach (var res in procs) { if(!children.Contains(res.Key)) { result.Add(res.Value); } } return result; }
private void updateView(object sender, System.Timers.ElapsedEventArgs e) { rawCaptures = new List<RawCapture>(); var connectsions = new ProcessConnection().getConnectionByPID(pid); var packets = new List<RawCapture>(); foreach (var con in connectsions) { if (statistic.packets.ContainsKey(con)) packets.AddRange(statistic.packets[con]); } var newData = new List<List<string>>(); foreach (var rawPacket in packets.OrderBy((p) => p.Timeval)) { var packet = Packet.ParsePacket(rawPacket.LinkLayerType, rawPacket.Data); var ipV4Packet = (IPv4Packet)packet.Extract(typeof(IPv4Packet)); if (ipV4Packet != null) { var data = new List<string>(); var time = rawPacket.Timeval; var tcpPacket = (TcpPacket)packet.Extract(typeof(TcpPacket)); var udpPacket = (UdpPacket)packet.Extract(typeof(UdpPacket)); if (tcpPacket != null) { rawCaptures.Add(rawPacket); data.Add(string.Format("{0}.{1}", time.Seconds, time.MicroSeconds)); data.Add(rawPacket.Data.Length.ToString()); data.Add("TCP"); data.Add(ipV4Packet.SourceAddress.ToString()); data.Add(tcpPacket.SourcePort.ToString()); data.Add(ipV4Packet.DestinationAddress.ToString()); data.Add(tcpPacket.DestinationPort.ToString()); } else if (udpPacket != null) { rawCaptures.Add(rawPacket); data.Add(string.Format("{0}.{1}", time.Seconds, time.MicroSeconds)); data.Add(rawPacket.Data.Length.ToString()); data.Add("UDP"); data.Add(ipV4Packet.SourceAddress.ToString()); data.Add(udpPacket.SourcePort.ToString()); data.Add(ipV4Packet.DestinationAddress.ToString()); data.Add(udpPacket.DestinationPort.ToString()); } newData.Add(data); } } if (IsDisposed) return; this.Invoke(new Action( ()=>{ listView1.BeginUpdate(); listView1.Items.Clear(); foreach (var data in newData) { listView1.Items.Add(new ListViewItem(data.ToArray())); } listView1.Columns[0].Width = -1; listView1.Columns[3].Width = -1; listView1.Columns[5].Width = -1; listView1.EndUpdate(); if(listView1.Items.Count > 1) listView1.Items[listView1.Items.Count - 1].EnsureVisible(); //scroll to end; label1.Text = string.Format("{0} packets", listView1.Items.Count); } )); }