Understanding Path of TCP operation in procmon

I got the following capture in procmon for a java program that made a HTTP GET call to url
on web. It did capture the operations like TCP Receive etc. But I am not sure what does the
Path means here Each line in Path has two ports and the initial port seems to be changing
whereas the second one doesn't.

1 Answer

A TCP connection connects two sockets that can reside in different programs and on different computers connected via a newtwork.

If one participant of this connection sends data to the other participand you have a sender and a receiver.

The column "Path" shows this direction when data is sent:

DESKTOP-NHT8PTC:49220 -> DESKTOP-NHT8PTC:64660

DESKTOP-NHT8PTC is the DNS name of the used computer, thus it is a local communication. However it is unclear if the communication uses localhost or an external IP address to connect.

49220 and 64660 are the TCP ports used.

Both ports are located within the dynamic ports—Ports (49152 to 65535). Based on your log the conection was initiated from port 49220, which means that port 64660 is the TCP port the server is listening on.

Fame Burst

Understanding Path of TCP operation in procmon

1 Answer

DESKTOP-NHT8PTC:49220 -> DESKTOP-NHT8PTC:64660

Your Answer

Sign up or log in

Post as a guest

You Might Also Like

Why do the dragons attack me?

My PlayStation account doesn't link to Ubisoft account

Is there a difference between map chat and team chat in WvW in Guild Wars 2?

Does stealing via "Mug" also count towards the Talent for Acquisition trophy?