S_Warrior
asked on
Monitor Sockets
Hello,
How can I monitor ALL outing sockets from my computer,
And get:
* what program sent the socket
* Where to its senging
* port of the socket
* And The message
How can I monitor ALL outing sockets from my computer,
And get:
* what program sent the socket
* Where to its senging
* port of the socket
* And The message
check out this site : http://users.pandora.be/dirk.claessens2/software.htm
Hi, listenning...
There is a windows function called GetTcpTable which gets info on all incoming and outgiong TCP connections/connection requests and open ports.
ASKER
barbourwill:
What Unit have the GetTcpTable?
What Unit have the GetTcpTable?
its not in any of the delphi units, heres some of the prototypes etc:
const
MIB_TCP_STATE_CLOSED = 1;
MIB_TCP_STATE_LISTEN = 2;
MIB_TCP_STATE_SYN_SENT = 3;
MIB_TCP_STATE_SYN_RCVD = 4;
MIB_TCP_STATE_ESTAB = 5;
MIB_TCP_STATE_FIN_WAIT1 = 6;
MIB_TCP_STATE_FIN_WAIT2 = 7;
MIB_TCP_STATE_CLOSE_WAIT = 8;
MIB_TCP_STATE_CLOSING = 9;
MIB_TCP_STATE_LAST_ACK = 10;
MIB_TCP_STATE_TIME_WAIT = 11;
MIB_TCP_STATE_DELETE_TCB = 12;
type
PMIB_TCPROW=^TMIB_TCPROW;
TMIB_TCPROW = record
dwState : LongWord; //state of the connection
dwLocalAddr : TLongWordBytes; //address on local computer
dwLocalPort : TLongWordBytes; //port number on local computer
dwRemoteAddr : TLongWordBytes; //address on remote computer
dwRemotePort : TLongWordBytes; //port number on remote computer
end;
PMIB_TCPTABLE=^TMIB_TCPTAB
TMIB_TCPTABLE = record
dwNumEntries : LongWord; //number of entries in the table
table : array[0..150] of TMIB_TCPROW; //array of TCP connections
end;
{api declarations}
function GetTcpTable (pTcpTable: Pointer; var pdwSize : Longword; bOrder : LongWord): LongWord;stdcall;
function GetTcpTable; external 'iphlpapi.dll' name 'GetTcpTable';
const
MIB_TCP_STATE_CLOSED = 1;
MIB_TCP_STATE_LISTEN = 2;
MIB_TCP_STATE_SYN_SENT = 3;
MIB_TCP_STATE_SYN_RCVD = 4;
MIB_TCP_STATE_ESTAB = 5;
MIB_TCP_STATE_FIN_WAIT1 = 6;
MIB_TCP_STATE_FIN_WAIT2 = 7;
MIB_TCP_STATE_CLOSE_WAIT = 8;
MIB_TCP_STATE_CLOSING = 9;
MIB_TCP_STATE_LAST_ACK = 10;
MIB_TCP_STATE_TIME_WAIT = 11;
MIB_TCP_STATE_DELETE_TCB = 12;
type
PMIB_TCPROW=^TMIB_TCPROW;
TMIB_TCPROW = record
dwState : LongWord; //state of the connection
dwLocalAddr : TLongWordBytes; //address on local computer
dwLocalPort : TLongWordBytes; //port number on local computer
dwRemoteAddr : TLongWordBytes; //address on remote computer
dwRemotePort : TLongWordBytes; //port number on remote computer
end;
PMIB_TCPTABLE=^TMIB_TCPTAB
TMIB_TCPTABLE = record
dwNumEntries : LongWord; //number of entries in the table
table : array[0..150] of TMIB_TCPROW; //array of TCP connections
end;
{api declarations}
function GetTcpTable (pTcpTable: Pointer; var pdwSize : Longword; bOrder : LongWord): LongWord;stdcall;
function GetTcpTable; external 'iphlpapi.dll' name 'GetTcpTable';
i'm not sure how you get to see the actual data being transmitted, you probably need to hook winsock or something.
ASKER
barbourwill:
what is TLongWordBytes?
what is TLongWordBytes?
No comment has been added lately, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question is:
Accept answer from barbourwill
Please leave any comments here within the next seven days.
PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!
Paul (pnh73)
EE Cleanup Volunteer
I will leave a recommendation in the Cleanup topic area that this question is:
Accept answer from barbourwill
Please leave any comments here within the next seven days.
PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!
Paul (pnh73)
EE Cleanup Volunteer
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.