Home » .Net Framework

.net class to monitor network traffic?

Does anyone know of a class within .NET that allows for monitoring packets in promiscuous mode?  Would like to see all outbound and inbound packets for a specific conversation between a client (the PC hosting the application with the packet monitor) and the host.

Want to be able to capture all get and post requests for HTTP... and then of course filter them out... etc.



3 Answers Found


Answer 1

Bing or Google return many results... for example this winpcap wrapper this or this .



Answer 2

Thanks CG;

  I was looking around at the links you provided and found a newer implementation of WINPCAP wrapper for C#, complete with a reference manual...  Take a look...



Answer 3

Same link I provided as first in the list, isn't it?




What is windows 7 network monitor tool monitoring?  It shows zero traffic when I download file within VM on a Virtual Environment.  I would expect the host system network monitor see traffic information in/out of the NIC.  This blows!


Here is my problem

- I live in a house with DSL coming in and being split to two routers, one for the two bottom floors and one for the top two floors.

- The internet gets really slow and feels like it's being stressed (probably because we have ten people in the house)

- I want to see who is on the entire network (both routers) and monitor each users traffic to see if someone is eating up all the bandwidth.

Here is the question:

Does anyone know what a good free open source tool for monitoring my network traffic usage is for each user on our home network and restricting or shaping each users traffic so they don't use more than a certain amount?


Hi guys,

I need to write an application that logs the packets sent and received using the sockets created by herself. Is there a simpler way than create a logfile with all the network traffic and then parsing it? I've seen it done by http://www.nirsoft.net/utils/socket_sniffer.html , and I was wondering if it is possible to do it in C# and with Network Monitor API

i want to monitor traffic at any particular port, how can i do it. please help

I have a setup like this:

Network A with Computer 1 and Computer 2

Network B with Computer 3

I am directly logged into Computer 1 in Network A, I then establish a remote desktop connection to Computer 3 on Network B.  I then use Computer 3 for all sorts of programs, web browsing, email, etc., while I am connected via RDP.

My question is the following.

Can I directly log into Computer 2, also on Network A, and monitor the activity of Computer 3 that is being accessed from Computer 1 via the RDP connection?

Currently I am only getting 'unknown' conversations in 'My Traffic' and in 'Other Traffic'. Is there a configuration
issue I should be aware of in order to resolve this problem?

I am using the updated version 3.3. Initially I had both TCP Analyser 1.2 and Microsoft Parsers 3.4 installed, when the
problem first appeared. After reinstalling just the 3.3 monitor w/o Microsoft Parsers 3.4 (or TCP Analyser 1.2) and setting
it to the default configuration ... the problem still persists.



I want to monitor all the network traffic going out of my laptop and also figure out the application involved. My question is for this purpose I need to write a kernel mode callout and then capture all the outgoing packets?  or can we do it through user mode api?

From the Inspect code, I am confused how to define my own GUID's? and also If i want to capture all the IP, what needs to be changed?

Other followup questions is: All my traffic is directed to a proxy server, but ideally I would like to capture the final destination, can this be done?





I would like to know whether using FwpmNetEventSubscribe0 I will be able to monitor entire outgoing traffic ? If ,so it would be nice if somebody could provide proper example.


I've got a simple Silverlight 4.0 app that calls some server-side WCF Data Services. I've got everything work just right so that the WCF traffic between the Silverlight app and the server is compressed (verified by Fiddler). However, when I run my application out-of-browser, the traffic is not longer compressed because the header Accept-Encoding:gzip,deflate is now changed to Accept-Encoding:identity.

My services are simple, but return a ton of data, so the compression really saves me. Is there any way to get the OOB mode to modify send the right HTTP header and thus trigger the compressed download?

Thanks in Advance!


Web searches for this issue kept turning up folks having firewall problems which is not the case here (can send Database Mail from SQL server without issues).

I am writing a Windows console app in V Studio 2008 Pro which contains the following code, which I've stripped down to two lines trying to troubleshoot.


SmtpClient mailServer = newSmtpClient("smtp.mydomain.com");
mailServer.Send("nobody@mydomain.com", "myaddress@msn.com","test", "test");

I execute the above code while I have Wireshark running and observe the following
  - My system sends a SYN packet to the SMTP server
  - The SMTP server replies with a SYN ACK
  - My system sends an ACK
  - The SMTP server replies with a response code 220
  - Another ACK is sent from my system to the SMTP server
  - Program hangs until the call times out and throws a SmtpException.

So everything looks like what I'd expect until the SMTP server sends the response code - it is almost like SmtpClient is ignoring it and I'm really not sure why the second ACK is sent.

The SMTP server does not authenticate, I checked in the debugger and the "Credentials" property is null and "UseDefaultCredentials" is false.

Am I missing something obvious?

When setting up TC only three protocols (udp, tcp and tcp-a) seem to be supported. But what about PGM (pragmatic general multicast) ? Is that also supported ?

Also, I was trying to apply QOS through the GQOS API on a PGM socket. Here the problem is that when I create a socket I need to supply a service provider with support for QOS. But none of these providers seem to have support for PGM ? What now ?

I'm developing an application that constantly looks at SMB traffic and displays utilization in a per-user basis.

I'd like to use ETW to accomplish this, but I'm not sure it's possible due to:

1. The application must perform online analysis of the captured traffic. Dumping the traffic to a file for further analysis is unfeasible.

2. The application must be able to handle long periods of run in production servers. Memory leaks are especially dangerous.


The following papers are interesting, but I'm looking for something more accurate/deeper.



Any help will be very much appreciated!



I want to log the total amount of network traffic on windows mobile 6.5

Is there any window service or API available?


Thank you. 

Best Regards,

Gurjeet Singh



I need to write a tool that logs the amount of network traffic on a windows mobile 6.5.

The network may be GPRS/WWAN/HDSPA etc.

Is this a feasible assignment?


Best Regards,

Gurjeet Singh 


I have an MSSQL 2000 server that has an SSL certificate. In the SQL
Server network utility, 'Force protocol encryption' is checked.
Looking at the traffic with Wireshark, it's no longer in plain text.

However, the certificate is issued to say a.mydomain.com.
If I create a dns record such that b.mydomain.com resolves to the same
address and then use Query Analyzer to connect to b.mydomain.com
everything still works. I get no sort of warning like I would if I
used a web browser to visit an https site where the certificate had
been issued to a different name.

Is this to be expected?




I have a small but can be a complicated question:

I have a forrest with alot of dc's around the world. The most of them are on WAN.

When I use the UPS service it will generate traffic, and it will look through all the Parent and Child domains.

Is the load that is generated by FIM from scale 1(low) to 5(high) based on a single synch per week?

Is the load that is generated on network from scale 1(low) to 5(high)?

Could some one tell me more, or have some more info about the load that is generated by the UPS service?



Hi all,

I use vfp9 sp2 win xp.

I am writing an application for a school that all the teachers will use to enter grades etc. Sometimes the program is really slow, but at other times it is fast. My guess is that it all depends on the amount of traffic on the network. 

To reduce network traffic I have written a vbscript that is placed on the server. It will check the date stamp of the exe file on the server and if no exe file exists on the terminal, or it is older, it will copy the server's exe file to the terminal. It will also update the terminal's image folder so it is in sync with the image folder on the server. The images are of students and teachers.

The problem is that when the user tries to click the shortcut that points to the vbs file on the server an error message says that he does not have permissions to access it. The terminals are running winxp and win7. The server is running win server 2003.

I have read somewhere that most vbscripts require the user to be logged in as administrator, but that is not a solution for us.

What is a solution for this to work?

Below is the vbscript we want to use:

dim filesys
Set filesys = CreateObject("Scripting.FileSystemObject") 

' parameters
serverfolder = "\\fs1\learninginadigitalworld\answer\"
localfolder = "C:\gims\"
runlocally = 0

if filesys.folderexists(localfolder) then

 'wscript.echo "Folder exists"
 runlocally = -1
 If not filesys.FileExists(localfolder + "foxypreviewer.app") Then
  Set file0 = filesys.GetFile(serverfolder + "foxypreviewer.app")
  file0.copy localfolder + "foxypreviewer.app"
 end if 
 If filesys.FileExists(localfolder + "schooldata.exe") Then
   'wscript.echo "File exists"
   Set file1 = filesys.GetFile(localfolder + "schooldata.exe")
   date1 = file1.DateLastModified
   'wscript.echo CDate(date1)
   Set file2 = filesys.GetFile(serverfolder + "schooldata.exe")
   date2 = file2.DateLastModified
   'wscript.echo CDate(date2)
   if date1 <> date2 then
    filesys.DeleteFile localfolder + "schooldata.exe", true
    file2.copy localfolder + "schooldata.exe", overwrite
    'wscript.echo "copied"
   end if
   ' images
   if not filesys.folderexists(localfolder + "images") then
    filesys.createfolder localfolder + "images"
   end if 
   Set file2 = filesys.GetFile(serverfolder + "schooldata.exe")
   file2.copy localfolder + "schooldata.exe", overwrite
   'wscript.echo "copied"
 End If 


 'wscript.echo "Folder does not exist"

end if

wscript.echo "fin"

' run gims

' Set WshShell = WScript.CreateObject("WScript.Shell")

' if runlocally = -1 then
' exefolder = localfolder
' datafolder = localfolder + "data\"
' imagefolder = localfolder + "images\"
' WshShell.Run  chr(34) + localfolder + "schooldata.exe" + chr(34) +" " + exefolder + " " + datafolder + " " + 'imagefolder
' WshShell.Run  chr(34) + serverfolder + "schooldata.exe" + chr(34) 
'end if

'Set objShell = Nothing


Jan Nordgreen


I needed to trace some network traffic on my .Net application and found that you can modify the config file and dump traffic to a text file.

While that is great news for debugging, what is to keep any bloody soul from doing the same thing and dumping credit card traffic to a log file?



I need to shape incoming and outcoming network traffic of my program.

I dont need to shape traffic of others applications.

I heard it is possible with the help of NDIS or TDI, or even QoS( Traffic control ).

Could you advise me the best way to do it?




I have some requirements I would like to implement, see below.  My questions are:

a) would I be able to use Network Monitor and it's API to implement these requirements?

b) I'm aware of the  http://www.winpcap.org/ library also - anyone across this library as well that would be in a position to suggest which direction I should start going?



1. Allow collection / real-time-monitoring of network usage from a users Windows PC to a specific set of IP addresses (or DNS names), on a per application/process running on the PC point of view, differentiating between "up" and "down" traffic.  For example: show how much network traffic has been used (sending to the configured set of IP addresses/DNS names) for each PC process/application for the day so far.

2. Solution should run on the PC that the user is utilising (i.e. not require setup of software on a separate PC)

3. For Windows PC (e.g. XP, Vista, Windows 7)

4. Shouldn't cause noticeable performance hit for the users (e.g. slow down internet browsing)

5. Would want the data collected stored on the PC in a manner that a GUI program (e.g. C# WPF app) could access for displaying to user.

6. If possible ability to satisfy with only one application download/install (i.e. if possible no dependency on the user pre-installing another application)



<< Previous      Next >>

Microsoft   |   Windows   |   Visual Studio   |   Sharepoint   |   Azure