ultramoo
asked on
How to lookup all TCP connections (IP) from an active application?
I'm trying to examine one of our server / client applications to find all Client IP addresses connected to it.
Windows 2008 comes with an excellent GUI tool called "resource monitor" which shows the information I need but the problem is I need the results in a text based format rather than GUI so I can setup an automated task to extract these values into my own reporting tool.
I tried to use netstat -an but this didn't show all the established IP addresses on the application (while Resource Monitor does).. Is there another command in netstat or perhaps another command line application that could show this?
Windows 2008 comes with an excellent GUI tool called "resource monitor" which shows the information I need but the problem is I need the results in a text based format rather than GUI so I can setup an automated task to extract these values into my own reporting tool.
I tried to use netstat -an but this didn't show all the established IP addresses on the application (while Resource Monitor does).. Is there another command in netstat or perhaps another command line application that could show this?
Dave Howe
the windows version of netstat is sadly quite limited. have you tried the tcpvcon command line utility from sysinternals?
Check out TCP view as well. This will provide a graphical representation of connections on a machine.
http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx
http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx
ASKER
unfortunatley neither TCPview nor TCPvcon were able to provide the detail I needed like the windows "Resource Monitor" does. :(
Any other ideas fellas? There has to be a C# library or somthing at the very least.
Any other ideas fellas? There has to be a C# library or somthing at the very least.
Can you post a picture or an example of the data you are trying to retrieve? This may help suggest other options.
I'm betting there's some type of powershell script that can be used for this but I'm not 100 percent what your looking to do.
I'm betting there's some type of powershell script that can be used for this but I'm not 100 percent what your looking to do.
ASKER
Here is an image below explaining what I am after.
whatIwant.jpg
whatIwant.jpg
Get process explorer from sysinternals.com http://technet.microsoft.com/en-us/sysinternals/default.aspx
You can then look at the tcp/Ip of the process of interest
netstat -an | find ":port_of_interest"
netstat -anb | more will provide info on what ports are used by an application of interest to you.
You can then look at the tcp/Ip of the process of interest
netstat -an | find ":port_of_interest"
netstat -anb | more will provide info on what ports are used by an application of interest to you.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Looks like that's my only choice now. I've come to conclusion that Microsoft does not have any built-in console based software which can analysie TCP connections per PID except for their GUI resource monitor. Which is a shame it doesn't come in command line or some way to automaticaly save the results in text format.
Seems that I will need a third-party software or a packet API which I can code in C#.
I will do some research on this and create a new question. Thanks all
Seems that I will need a third-party software or a packet API which I can code in C#.
I will do some research on this and create a new question. Thanks all