Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 920
  • Last Modified:

How to lookup all TCP connections (IP) from an active application?

I'm trying to examine one of our server / client applications to find all Client IP addresses connected to it.

Windows 2008 comes with an excellent GUI tool called "resource monitor" which shows the information I need but the problem is I need the results in a text based format rather than GUI so I can setup an automated task to extract these values into my own reporting tool.

I tried to use netstat -an but this didn't show all the established IP addresses on the application (while Resource Monitor does).. Is there another command in netstat or perhaps another command line application that could show this?

0
ultramoo
Asked:
ultramoo
  • 3
  • 2
  • 2
  • +1
1 Solution
 
Dave HoweCommented:
the windows version of netstat is sadly quite limited. have you tried the tcpvcon command line utility from sysinternals?
0
 
Joseph DalyCommented:
Check out TCP view as well. This will provide a graphical representation of connections on a machine.
http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx 
0
 
ultramooAuthor Commented:
unfortunatley neither TCPview nor TCPvcon were able to provide the detail I needed like the windows "Resource Monitor" does.  :(

Any other ideas fellas? There has to be a C# library or somthing at the very least.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
Joseph DalyCommented:
Can you post a picture or an example of the data you are trying to retrieve? This may help suggest other options.

I'm betting there's some type of powershell script that can be used for this but I'm not 100 percent what your looking to do.
0
 
ultramooAuthor Commented:
Here is an image below explaining what I am after.
whatIwant.jpg
0
 
arnoldCommented:
Get process explorer from sysinternals.com http://technet.microsoft.com/en-us/sysinternals/default.aspx

You can then look at the tcp/Ip of the process of interest

netstat -an | find ":port_of_interest"
netstat -anb | more will provide info on what ports are used by an application of interest to you.
0
 
Dave HoweCommented:
those look to be UDP (not tcp) - udp doesn't have the concept of a connection, just listening and sending ports.  

you would really need to monitor activity (using a packet API, or more probably, a winsock LSP) to see which IP addresses are sending to or receiving from the machine; LSP is preferable as that exposes the PID (which the lower level libraries usually don't)

0
 
ultramooAuthor Commented:
Looks like that's my only choice now. I've come to conclusion that Microsoft does not have any built-in console based software which can analysie TCP connections per PID except for their GUI resource monitor. Which is a shame it doesn't come in command line or some way to automaticaly save the results in text format.

Seems that I will need a third-party software or a packet API which I can code in C#.

 I will do some research on this and create a new question. Thanks all
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

  • 3
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now