port -> program resolution?
January 31, 2006 10:56 AM   Subscribe

How do I figure out what program is using what network connection on a windows machine using the win32 api?

I know it's possible, because various personal firewall software can restrict access to specific programs, but how do you do it in a program of your own?
posted by delmoi to Computers & Internet (14 answers total)
 
Eeh. I was a developer for a company that did firewall software for three years. Although I didn't work on the firewall directly, I know that it is an extremely complicated procedure to shim the network driver and retrieve application information for each internet connection.

How do you do it in a program of your own? Lots and lots of programming. What is the scope of your project?
posted by jon_kill at 11:03 AM on January 31, 2006


fport
posted by bendybendy at 11:04 AM on January 31, 2006


Best answer: sysinternals.com - look there for some utilities.
posted by drstein at 11:19 AM on January 31, 2006


I doubt delmoi will be allowed to package those, or even integrate them very well, into a project of his own.
posted by jon_kill at 11:22 AM on January 31, 2006


Response by poster: Lots and lots of programming is fine. I've already managed to write a program (as a service) that can tell what users are logged onto a windows box -- by listing all the running programs and getting the users associated with them. If you have to

bendybendy: thanks a lot, that proves it can be done, the question is how?!
posted by delmoi at 11:23 AM on January 31, 2006


Response by poster: and I also need to know the actual PID of the program, not just the filename, so I can associate it with a user.
posted by delmoi at 11:24 AM on January 31, 2006


Response by poster: Sweet, sysinternals has a program called netstap which you can get the source for, that does exactly this. Sweet.
posted by delmoi at 11:31 AM on January 31, 2006


Best answer: I was even able to build and run netstap out of the box. It's only 600 lines of code, and that's including two seperate methods (one for windows XP and one for older versions, I guess). A lot of the code are simple support functions to get the name of the program, the name of the port and hostname, etc. The real code is only about 70 lines.
posted by delmoi at 11:43 AM on January 31, 2006


I stand corrected. I'll have to out for a beer and find out what the driver developer was doing all that time.
posted by jon_kill at 12:12 PM on January 31, 2006


delmoi, what is "netstap"? The SysInternals program that I know about - and that you link - is TCPView...
posted by Dunwitty at 1:28 PM on January 31, 2006


Best answer: Ah, got it. It's "netstatp", which explains why my page search wasn't turning it up.
posted by Dunwitty at 1:29 PM on January 31, 2006


By the way, for anybody who just wants to know this data, in Windows XP you can simpy open a command window and type "netstat -b".

"netstat /?" will tell help you with the dozens of other options. You can get PIDs, names of processes, names of subcomponents of the calling process, etc.
posted by Dunwitty at 1:38 PM on January 31, 2006


Best answer: Active Ports is my favorite app for this.
The other alternatives arr TCPView, OpenPorts, fport
posted by Sharcho at 1:47 PM on January 31, 2006


Response by poster: Ah, got it. It's "netstatp", which explains why my page search wasn't turning it up.

Oops. Yeah, it's at the bottom of the page, basically a command line version of TCP view with easy to read (very easy and clear, actually) source code.
posted by delmoi at 3:37 PM on January 31, 2006


« Older What's the most robust bandwidth throttling...   |   Where can I get my iPod fixed? Newer »
This thread is closed to new comments.


Tags

Share