Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


How to lookup all TCP connections (IP) from an active application?

Posted on 2010-11-25
Medium Priority
Last Modified: 2012-05-10
I'm trying to examine one of our server / client applications to find all Client IP addresses connected to it.

Windows 2008 comes with an excellent GUI tool called "resource monitor" which shows the information I need but the problem is I need the results in a text based format rather than GUI so I can setup an automated task to extract these values into my own reporting tool.

I tried to use netstat -an but this didn't show all the established IP addresses on the application (while Resource Monitor does).. Is there another command in netstat or perhaps another command line application that could show this?

Question by:ultramoo
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +1
LVL 33

Expert Comment

by:Dave Howe
ID: 34214898
the windows version of netstat is sadly quite limited. have you tried the tcpvcon command line utility from sysinternals?
LVL 35

Expert Comment

by:Joseph Daly
ID: 34214941
Check out TCP view as well. This will provide a graphical representation of connections on a machine. 

Author Comment

ID: 34215198
unfortunatley neither TCPview nor TCPvcon were able to provide the detail I needed like the windows "Resource Monitor" does.  :(

Any other ideas fellas? There has to be a C# library or somthing at the very least.
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

LVL 35

Expert Comment

by:Joseph Daly
ID: 34215257
Can you post a picture or an example of the data you are trying to retrieve? This may help suggest other options.

I'm betting there's some type of powershell script that can be used for this but I'm not 100 percent what your looking to do.

Author Comment

ID: 34215400
Here is an image below explaining what I am after.
LVL 79

Expert Comment

ID: 34215703
Get process explorer from

You can then look at the tcp/Ip of the process of interest

netstat -an | find ":port_of_interest"
netstat -anb | more will provide info on what ports are used by an application of interest to you.
LVL 33

Accepted Solution

Dave Howe earned 2000 total points
ID: 34219577
those look to be UDP (not tcp) - udp doesn't have the concept of a connection, just listening and sending ports.  

you would really need to monitor activity (using a packet API, or more probably, a winsock LSP) to see which IP addresses are sending to or receiving from the machine; LSP is preferable as that exposes the PID (which the lower level libraries usually don't)


Author Closing Comment

ID: 34219836
Looks like that's my only choice now. I've come to conclusion that Microsoft does not have any built-in console based software which can analysie TCP connections per PID except for their GUI resource monitor. Which is a shame it doesn't come in command line or some way to automaticaly save the results in text format.

Seems that I will need a third-party software or a packet API which I can code in C#.

 I will do some research on this and create a new question. Thanks all

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
Suggested Courses

704 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question