Solved

How to lookup all TCP connections (IP) from an active application?

Posted on 2010-11-25
8
913 Views
Last Modified: 2012-05-10
I'm trying to examine one of our server / client applications to find all Client IP addresses connected to it.

Windows 2008 comes with an excellent GUI tool called "resource monitor" which shows the information I need but the problem is I need the results in a text based format rather than GUI so I can setup an automated task to extract these values into my own reporting tool.

I tried to use netstat -an but this didn't show all the established IP addresses on the application (while Resource Monitor does).. Is there another command in netstat or perhaps another command line application that could show this?

0
Comment
Question by:ultramoo
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 33

Expert Comment

by:Dave Howe
Comment Utility
the windows version of netstat is sadly quite limited. have you tried the tcpvcon command line utility from sysinternals?
0
 
LVL 35

Expert Comment

by:Joseph Daly
Comment Utility
Check out TCP view as well. This will provide a graphical representation of connections on a machine.
http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx
0
 

Author Comment

by:ultramoo
Comment Utility
unfortunatley neither TCPview nor TCPvcon were able to provide the detail I needed like the windows "Resource Monitor" does.  :(

Any other ideas fellas? There has to be a C# library or somthing at the very least.
0
 
LVL 35

Expert Comment

by:Joseph Daly
Comment Utility
Can you post a picture or an example of the data you are trying to retrieve? This may help suggest other options.

I'm betting there's some type of powershell script that can be used for this but I'm not 100 percent what your looking to do.
0
How does your email signature look on mobiles?

Do your employees use mobile devices to reply to emails? With mobile becoming increasingly important to the business world, it is in your best interest to make sure that your email signature looks great across all types of devices.

 

Author Comment

by:ultramoo
Comment Utility
Here is an image below explaining what I am after.
whatIwant.jpg
0
 
LVL 76

Expert Comment

by:arnold
Comment Utility
Get process explorer from sysinternals.com http://technet.microsoft.com/en-us/sysinternals/default.aspx

You can then look at the tcp/Ip of the process of interest

netstat -an | find ":port_of_interest"
netstat -anb | more will provide info on what ports are used by an application of interest to you.
0
 
LVL 33

Accepted Solution

by:
Dave Howe earned 500 total points
Comment Utility
those look to be UDP (not tcp) - udp doesn't have the concept of a connection, just listening and sending ports.  

you would really need to monitor activity (using a packet API, or more probably, a winsock LSP) to see which IP addresses are sending to or receiving from the machine; LSP is preferable as that exposes the PID (which the lower level libraries usually don't)

0
 

Author Closing Comment

by:ultramoo
Comment Utility
Looks like that's my only choice now. I've come to conclusion that Microsoft does not have any built-in console based software which can analysie TCP connections per PID except for their GUI resource monitor. Which is a shame it doesn't come in command line or some way to automaticaly save the results in text format.

Seems that I will need a third-party software or a packet API which I can code in C#.

 I will do some research on this and create a new question. Thanks all
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now