Display PID or name of blocked process

[GoogleCodeExporter]

We should be able to identify the PID of the process who generated a
blocked packet, and then display this info in the log.  Once we get that,
it should be a simple matter to determine the name of the program too; this
could either be visibly added to the log or else displayed in a popup if
you hover over the PID.

Original issue reported on code.google.com by peerbloc...@gmail.com on 13 Jul 2009 at 5:10

• Blocking: #222

[GoogleCodeExporter]

Original comment by peerbloc...@gmail.com on 24 Jul 2009 at 5:48

• Added labels: Milestone-After1.0

[GoogleCodeExporter]

Original comment by peerbloc...@gmail.com on 24 Jul 2009 at 5:51

[GoogleCodeExporter]

Great Idea but I much prefer it display the name of the program and PID.. As 
for the 
popup balloon. have it show the working directory of the file in question...

Original comment by mynameherebro on 28 Jul 2009 at 2:14

[GoogleCodeExporter]

Putting the name of the process might be a bit too long to fit in the window 
well,
especially once we add the name of the list causing the Block - will see what 
we can
do with this, though, once we start working on it.

Original comment by peerbloc...@gmail.com on 17 Aug 2009 at 6:14

[GoogleCodeExporter]

Removing 'After1.0' release-targetting.

Original comment by peerbloc...@gmail.com on 29 Sep 2009 at 3:58

• Removed labels: Milestone-After1.0

[GoogleCodeExporter]

Original comment by peerbloc...@gmail.com on 15 Oct 2009 at 3:19

• Changed title: Display PID or name of blocked process

[GoogleCodeExporter]

if it will make the window too wide you could only show the actual file.exe, 
without 
the route, or the apps icon if available.
also it could be optional, having a list of columns to choose from.
i'm particularly interested in which of my programs tries to connect to nocus 
networks llc 3 times an hour...

Original comment by jimifloy...@gmail.com on 18 Nov 2009 at 10:34

[GoogleCodeExporter]

Same here, but with a different IP.. ;)

Though, does somebody know a programm to use for that until PB is offering this 
feature?

Original comment by Eagle3...@gmail.com on 19 Nov 2009 at 9:20

[GoogleCodeExporter]

What I generally do to figure this stuff out is open a command-prompt (Start -> 
Run
-> "cmd") and run the command "netstat -abn > C:\netstat.txt" (sans quotes, of
course).  You can then open up the C:\netstat.txt in notepad and search for the
IP-address in which you're interested; it should show the process-name of 
whoever's
trying to connect to that.

The more heavyweight tool I would recommend is a program called "Wireshark" . . 
.
although it's far from a beginner-level tool.  (http://www.wireshark.org/)

Original comment by peerbloc...@gmail.com on 19 Nov 2009 at 2:14

[GoogleCodeExporter]

I do know both programs, but the first only catches a "snapshot" of that very 
moment
and the latter is way too feature-rich - I'm looking for something "in 
between"..

It doesn't have to offer a GUI, just showing a table like

Application|Remote IP|
firefox.exe| 1.2.3.4 |

but _constantly_ refreshing that table - maybe with an option to exclude some
application(-paths), so that I can exclude PB, Miranda IM, etc.

Original comment by Eagle3...@gmail.com on 19 Nov 2009 at 2:54

[GoogleCodeExporter]

Sorry, I forgot to say the most important thing: thanks for providing those 
tips! :)

Original comment by Eagle3...@gmail.com on 19 Nov 2009 at 2:55

[GoogleCodeExporter]

This should allow us to give full/http allow/block to certain applications only.

Original comment by wopeg...@tfea.co.cc on 19 Nov 2009 at 4:06

[GoogleCodeExporter]

TCP view is the ideal tool for this. You can get it from...
http://www.techspot.com/downloads/660-tcpview.html

Its a freeware and works perfectly for me. Peerblock will be having this 
feature shortly.

Original comment by nidhish.r on 24 Nov 2009 at 10:25

[GoogleCodeExporter]

TCPView is a Sysinternals (Microsoft) tool and therefore I'm not sure if you are
allowed to use it within another product.
http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx

Original comment by cybermcm@gmail.com on 24 Nov 2009 at 10:45

[GoogleCodeExporter]

I think nidhish.r was recommending the TVPView program as something people can 
use to
identify which program's attempting to contact which IP address, as a stopgap 
measure
until PeerBlock includes this functionality.

The issue here is that while it's trivial to get this information on a Vista 
class
driver (meaning Windows Vista or 7), it will require a completely new driver 
for XP
class systems (including Windows 2000, I believe).  This new XP driver will 
probably
end up being an order of magnitude more code than the previous one, and likely 
take a
long while to implement and test.

What we may end up doing is to first add this functionality to the Vista/7 
driver,
since that's almost absurdly easy.  For this first iteration of this 
functionality,
XP will likely just have an empty column for the process name in the display 
(and
history).  At some point we may rewrite our XP driver in a manner such that it 
can
support this feature too, at which point we will of course start filling in this
information.

Original comment by peerbloc...@gmail.com on 1 Dec 2009 at 3:24

[GoogleCodeExporter]

[deleted comment]

[GoogleCodeExporter]

Whether the name is their or not I don't much care, but the PID would be a must.
I could have 12 processes called iexplore.exe.

Thanks,

Kenny

Original comment by kenny...@gmail.com on 9 Apr 2010 at 6:55

[GoogleCodeExporter]

I love this feature idea.  BUT, one thought....how exactly do PIDs work?  Are 
they "unique" per each application/process?

Say, I have 5 iexplore.exe processes running, would each "process" have a 
different PID?

Mind you, I'd never have 5 iexplore processes running ;)  My nitpicking would 
be more towards figuring out which "services" are calling out from my computer.

Original comment by aho...@gmail.com on 24 Jun 2010 at 3:18

[GoogleCodeExporter]

PID actually stands for "Process ID" . . . so yes, this would be the specific 
iexplore.exe instance on your machine who's doing this.

Original comment by peerbloc...@gmail.com on 24 Jun 2010 at 3:20

[GoogleCodeExporter]

Having a column with the process name would be great...and being able to click 
that name and have Windows Explorer open it's containing folder would make it 
absolutely invaluable for a whole host of reasons.

Original comment by jabcreat...@gmail.com on 19 Jul 2010 at 10:05

[GoogleCodeExporter]

*

Original comment by agent.s...@gmail.com on 31 Jan 2011 at 5:52

[GoogleCodeExporter]

There was a Chinese firewall I used to use, which are very similar in concept 
with peerblock, and have this function, here are some screen shots I found from 
google image, from every aspect its close to perfect, but I rather use open 
source english software... but if anyone interested feel free to try out the 
trial version, here are the screen shots:
http://wap.winzheng.com/u/img/soft/2008-05-15_163322.jpg
http://www.cfca.com.cn/help/image/help_060414_004.jpg
http://www.ent100.net/UpLoadFiles_3/20051207/lpaimga1.gif
http://www.ruanjian5.com/uploads/allimg/100427/1_100427121300_1.jpg
http://www.info110.com/upfile/20103814568325.jpg
http://www.duote.com/tech/1/836.html  

Original comment by pent...@gmail.com on 25 Mar 2011 at 1:00

[GoogleCodeExporter]

Issue 396 has been merged into this issue.

Original comment by nightstalkerz on 30 May 2011 at 9:53

[GoogleCodeExporter]

Is there any plan to add this feature?

Original comment by cdb1...@gmail.com on 5 Sep 2011 at 4:36

[GoogleCodeExporter]

I would also love to see the process name.    For example, I would love to know 
what process is blocked accessing a PSI ip address on port 443.

It should not affect performance much as long as you cache the process/PID, and 
I really don't care if all the columns don't fit in one screen.

Original comment by Vorlo...@gmail.com on 29 Jul 2014 at 12:59