Solved

How to lookup all TCP connections (IP) from an active application?

Posted on 2010-11-25
8
915 Views
Last Modified: 2012-05-10
I'm trying to examine one of our server / client applications to find all Client IP addresses connected to it.

Windows 2008 comes with an excellent GUI tool called "resource monitor" which shows the information I need but the problem is I need the results in a text based format rather than GUI so I can setup an automated task to extract these values into my own reporting tool.

I tried to use netstat -an but this didn't show all the established IP addresses on the application (while Resource Monitor does).. Is there another command in netstat or perhaps another command line application that could show this?

0
Comment
Question by:ultramoo
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 33

Expert Comment

by:Dave Howe
ID: 34214898
the windows version of netstat is sadly quite limited. have you tried the tcpvcon command line utility from sysinternals?
0
 
LVL 35

Expert Comment

by:Joseph Daly
ID: 34214941
Check out TCP view as well. This will provide a graphical representation of connections on a machine.
http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx 
0
 

Author Comment

by:ultramoo
ID: 34215198
unfortunatley neither TCPview nor TCPvcon were able to provide the detail I needed like the windows "Resource Monitor" does.  :(

Any other ideas fellas? There has to be a C# library or somthing at the very least.
0
Edgartown IT Case Study

Learn about Edgartown's quest to ensure the safety and security of the entire town's employee and citizen data. Read the case study!

 
LVL 35

Expert Comment

by:Joseph Daly
ID: 34215257
Can you post a picture or an example of the data you are trying to retrieve? This may help suggest other options.

I'm betting there's some type of powershell script that can be used for this but I'm not 100 percent what your looking to do.
0
 

Author Comment

by:ultramoo
ID: 34215400
Here is an image below explaining what I am after.
whatIwant.jpg
0
 
LVL 78

Expert Comment

by:arnold
ID: 34215703
Get process explorer from sysinternals.com http://technet.microsoft.com/en-us/sysinternals/default.aspx

You can then look at the tcp/Ip of the process of interest

netstat -an | find ":port_of_interest"
netstat -anb | more will provide info on what ports are used by an application of interest to you.
0
 
LVL 33

Accepted Solution

by:
Dave Howe earned 500 total points
ID: 34219577
those look to be UDP (not tcp) - udp doesn't have the concept of a connection, just listening and sending ports.  

you would really need to monitor activity (using a packet API, or more probably, a winsock LSP) to see which IP addresses are sending to or receiving from the machine; LSP is preferable as that exposes the PID (which the lower level libraries usually don't)

0
 

Author Closing Comment

by:ultramoo
ID: 34219836
Looks like that's my only choice now. I've come to conclusion that Microsoft does not have any built-in console based software which can analysie TCP connections per PID except for their GUI resource monitor. Which is a shame it doesn't come in command line or some way to automaticaly save the results in text format.

Seems that I will need a third-party software or a packet API which I can code in C#.

 I will do some research on this and create a new question. Thanks all
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

A procedure for exporting installed hotfix details of remote computers using powershell
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question