Solved

How to lookup all TCP connections (IP) from an active application?

Posted on 2010-11-25
8
917 Views
Last Modified: 2012-05-10
I'm trying to examine one of our server / client applications to find all Client IP addresses connected to it.

Windows 2008 comes with an excellent GUI tool called "resource monitor" which shows the information I need but the problem is I need the results in a text based format rather than GUI so I can setup an automated task to extract these values into my own reporting tool.

I tried to use netstat -an but this didn't show all the established IP addresses on the application (while Resource Monitor does).. Is there another command in netstat or perhaps another command line application that could show this?

0
Comment
Question by:ultramoo
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 33

Expert Comment

by:Dave Howe
ID: 34214898
the windows version of netstat is sadly quite limited. have you tried the tcpvcon command line utility from sysinternals?
0
 
LVL 35

Expert Comment

by:Joseph Daly
ID: 34214941
Check out TCP view as well. This will provide a graphical representation of connections on a machine.
http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx 
0
 

Author Comment

by:ultramoo
ID: 34215198
unfortunatley neither TCPview nor TCPvcon were able to provide the detail I needed like the windows "Resource Monitor" does.  :(

Any other ideas fellas? There has to be a C# library or somthing at the very least.
0
Are You Headed to Black Hat USA 2017?

Getting ready for Black Hat next week? Kick things off with the WatchGuard Badge Challenge and test your puzzle and cipher skills. Do you have what it takes to earn our limited edition Firebox Badge? Get started today - https://crimsonthorn.net

 
LVL 35

Expert Comment

by:Joseph Daly
ID: 34215257
Can you post a picture or an example of the data you are trying to retrieve? This may help suggest other options.

I'm betting there's some type of powershell script that can be used for this but I'm not 100 percent what your looking to do.
0
 

Author Comment

by:ultramoo
ID: 34215400
Here is an image below explaining what I am after.
whatIwant.jpg
0
 
LVL 79

Expert Comment

by:arnold
ID: 34215703
Get process explorer from sysinternals.com http://technet.microsoft.com/en-us/sysinternals/default.aspx

You can then look at the tcp/Ip of the process of interest

netstat -an | find ":port_of_interest"
netstat -anb | more will provide info on what ports are used by an application of interest to you.
0
 
LVL 33

Accepted Solution

by:
Dave Howe earned 500 total points
ID: 34219577
those look to be UDP (not tcp) - udp doesn't have the concept of a connection, just listening and sending ports.  

you would really need to monitor activity (using a packet API, or more probably, a winsock LSP) to see which IP addresses are sending to or receiving from the machine; LSP is preferable as that exposes the PID (which the lower level libraries usually don't)

0
 

Author Closing Comment

by:ultramoo
ID: 34219836
Looks like that's my only choice now. I've come to conclusion that Microsoft does not have any built-in console based software which can analysie TCP connections per PID except for their GUI resource monitor. Which is a shame it doesn't come in command line or some way to automaticaly save the results in text format.

Seems that I will need a third-party software or a packet API which I can code in C#.

 I will do some research on this and create a new question. Thanks all
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
Suggested Courses

628 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question