Tags:





Advertise here: Contact FM.


port -> program resolution?
January 31, 2006 10:56 AM   RSS feed for this thread Subscribe

How do I figure out what program is using what network connection on a windows machine using the win32 api?

I know it's possible, because various personal firewall software can restrict access to specific programs, but how do you do it in a program of your own?
posted by delmoi to computers & internet (14 comments total)
Eeh. I was a developer for a company that did firewall software for three years. Although I didn't work on the firewall directly, I know that it is an extremely complicated procedure to shim the network driver and retrieve application information for each internet connection.

How do you do it in a program of your own? Lots and lots of programming. What is the scope of your project?
posted by jon_kill at 11:03 AM on January 31, 2006


fport
posted by bendybendy at 11:04 AM on January 31, 2006


sysinternals.com - look there for some utilities.
posted by drstein at 11:19 AM on January 31, 2006


I doubt delmoi will be allowed to package those, or even integrate them very well, into a project of his own.
posted by jon_kill at 11:22 AM on January 31, 2006


Lots and lots of programming is fine. I've already managed to write a program (as a service) that can tell what users are logged onto a windows box -- by listing all the running programs and getting the users associated with them. If you have to

bendybendy: thanks a lot, that proves it can be done, the question is how?!
posted by delmoi at 11:23 AM on January 31, 2006


and I also need to know the actual PID of the program, not just the filename, so I can associate it with a user.
posted by delmoi at 11:24 AM on January 31, 2006


Sweet, sysinternals has a program called netstap which you can get the source for, that does exactly this. Sweet.
posted by delmoi at 11:31 AM on January 31, 2006


I was even able to build and run netstap out of the box. It's only 600 lines of code, and that's including two seperate methods (one for windows XP and one for older versions, I guess). A lot of the code are simple support functions to get the name of the program, the name of the port and hostname, etc. The real code is only about 70 lines.
posted by delmoi at 11:43 AM on January 31, 2006


I stand corrected. I'll have to out for a beer and find out what the driver developer was doing all that time.
posted by jon_kill at 12:12 PM on January 31, 2006


delmoi, what is "netstap"? The SysInternals program that I know about - and that you link - is TCPView...
posted by Dunwitty at 1:28 PM on January 31, 2006


Ah, got it. It's "netstatp", which explains why my page search wasn't turning it up.
posted by Dunwitty at 1:29 PM on January 31, 2006


By the way, for anybody who just wants to know this data, in Windows XP you can simpy open a command window and type "netstat -b".

"netstat /?" will tell help you with the dozens of other options. You can get PIDs, names of processes, names of subcomponents of the calling process, etc.
posted by Dunwitty at 1:38 PM on January 31, 2006


Active Ports is my favorite app for this.
The other alternatives arr TCPView, OpenPorts, fport
posted by Sharcho at 1:47 PM on January 31, 2006


Ah, got it. It's "netstatp", which explains why my page search wasn't turning it up.

Oops. Yeah, it's at the bottom of the page, basically a command line version of TCP view with easy to read (very easy and clear, actually) source code.
posted by delmoi at 3:37 PM on January 31, 2006


« Older What's the best bandwidth thro...   |   I have a first generation iPod... Newer »

You are not logged in, either login or create an account to post comments



Related Questions
XP Filter: I set up a non admin account for safer... July 21, 2008
How To Admin my Home Mac from Work Windows!... July 14, 2007
Are there any free software firewalls that run on... October 13, 2005
I need a Windows failover backup solution. September 30, 2005
How to make the Windows firewall play nice with... September 14, 2005