|
See all open winsock connections - API replacement for Netstat!
|
Email
|
| Submitted on: |
10/2/2000 2:06:31 AM |
| By: |
Nick Johnson
|
| Level: |
Advanced |
| User Rating: |
By 46 Users |
| Compatibility: |
VB 5.0, VB 6.0 |
| Views: |
47867 |
|
(About the author) |
|
|
|
This is a complete API call replacement for the dos Netstat command. The example will show all open connections, and the API calls are encapsulated in a Class module that can also retrieve all listening ports on the local computer.
This module and demonstration project also allow you to kill TCP connections - in the demonstration right click on a current connection...
Includes caching DNS lookup code to get the domain names of the servers you are connecting to! Credit to Michael Tutty for the original DNS client code.
|
 |
| |
|
 Download code
Note: Due to the size or complexity of this submission, the author has submitted it as a .zip file to shorten your download time. Afterdownloading it, you will need a program like Winzip to decompress it.Virus note:All files are scanned once-a-day by Planet Source Code for viruses, but new viruses come
out every day, so no prevention program can catch 100% of them. For your own safety, please:
- Re-scan downloaded files using your personal virus checker before using it.
- NEVER, EVER run compiled files (.exe's, .ocx's, .dll's etc.)--only run source code.
- Scan the source code with Minnow's Project Scanner
If you don't have a virus scanner, you can get one at many places on the net
including:McAfee.com
|
Terms of Agreement:
By using this code, you agree to the following terms...
- You may use
this code in your own programs (and may compile it into a program and distribute it in compiled format for languages that allow it) freely and with no charge.
- You MAY NOT redistribute this code (for example to a web site) without written permission from the original author. Failure to do so is a violation of copyright laws.
- You may link to this code from another website, but ONLY if it is not wrapped in a frame.
- You will abide by any additional copyright restrictions which the author may have placed in the code or code's description.
|
Other 4 submission(s) by this author
|
|
Report Bad Submission
|
Your Vote
|
| |
Other User Comments
|
 10/2/2000 2:56:28 AM: Nick Johnson
If you like this code, I would REALLY appreciate it if you could vote for it! It would really help!
(If this comment was disrespectful, please report it.)
|
10/2/2000 4:37:58 AM: AMeoBA
Cool ! I vote for ya =)
it will be better if there is UDP or TCP indications..
(If this comment was disrespectful, please report it.)
|
10/2/2000 4:50:12 AM: Nick Johnson
Thanks for the vote & comment, AMeoBA. The module only supports TCP, as there is no such thing as a UDP connection. I may build in UDP listening ports, though.
(If this comment was disrespectful, please report it.)
|
10/2/2000 5:15:17 AM: Digital Vampire
AweSome ! have an excellent vote from me :)
(If this comment was disrespectful, please report it.)
|
10/2/2000 11:38:53 AM: HenYa
funny... i submit code much better than this in July.. and i only got 5 votes...
ummmm...
(If this comment was disrespectful, please report it.)
|
10/2/2000 11:41:42 AM: Nathan Evans
i checked out the code.. it seems quite different to mine.. so i guess your ok.. :P
(If this comment was disrespectful, please report it.)
|
10/2/2000 11:43:58 AM: Nathan Evans
oddd. it doesn't show up all my connections...
only shows up 3... is there a limit on this code or summit?
(If this comment was disrespectful, please report it.)
|
10/2/2000 3:38:51 PM: Nick Johnson
To address a few concerns:
I have NOT plagairised this code! I did use a 'netstat example' as a basic guide, and the API structures are the same, but I have rewritten this code from scratch in my own hand. The only code that is not mine is that from Michael Tutty, as credited above, and the two API structures, which are identical, copied or not (except comments).
RE: only 3 connections showing:
I have not had any problems with this, is there anyone else? Can you help me hunt down the offending code, if any?
(If this comment was disrespectful, please report it.)
|
10/2/2000 4:33:10 PM: Ultimatum
As far as the netstat command, there is a way to show ALL connection types, including listening UDP ports and UDP transmissions using this netstat command:
netstat -an | MORE
(If this comment was disrespectful, please report it.)
|
10/2/2000 5:07:30 PM: Nick Johnson
Ultimatum:
I'm aware of that, but as I stated above, in the Windows API, the call to get listening UDP sockets is a different one from the TCP one. IF there is enough demand, I may make a UDP class as well.
(If this comment was disrespectful, please report it.)
|
10/2/2000 6:52:26 PM: Anonymous
Yes, there is a demand, go for it. Also, can you get the executable file names that are using these connections??? Like WAOL.EXE, or IEXPLORE.EXE, or ZONE.EXE? Also, is it possible to view the raw data going in and our of these connection? If so, that would be really cool. This code is very professional, yet very complicated. I only understand about half of it...
(If this comment was disrespectful, please report it.)
|
10/3/2000 9:07:01 AM: Zenethian
Anonymous:
That probably isnt possible unless you first hook the API calls and store the names of the callers. Even then I dunno if its possible. Either way it would be a MAJOR pain.
Of course, Linux stores that info for you, but this isnt Linux. Heh. (shameless plug)
(If this comment was disrespectful, please report it.)
|
10/3/2000 9:17:14 AM: Jim
Very good code. It worked without problems as the screen shot showed and can be a very useful utility
(If this comment was disrespectful, please report it.)
|
10/3/2000 4:59:20 PM: Drakken
This is good code. exactly what i needed, i give ya a 5.
(If this comment was disrespectful, please report it.)
|
10/3/2000 5:31:12 PM: Salvador
Excellent code ... tks
(If this comment was disrespectful, please report it.)
|
10/3/2000 6:22:26 PM: HenYa
think i should resubmit my code.. since it was much better than this... pity mine didn't get hardly any votes to start with tho..
(If this comment was disrespectful, please report it.)
|
10/4/2000 4:57:25 AM: CaRnAgE
i think it missing a file, every time i run the ee and code i always get file missing the file is IPhlpAPI can u please send it to me thanx
(If this comment was disrespectful, please report it.)
|
10/4/2000 11:33:22 AM: HenYa
it is possible to hook into the network subsystem and have you program to receive all inbound/outbound data, but it won't use the IPHLPAPI, it will use the TDI Layer..
It is also possible to find out which application is using what port.. but this requires alot of knowledge of the win32api with piping etc.. I could fix together some code for this.. but i dont think there is much point.
(If this comment was disrespectful, please report it.)
|
10/4/2000 3:49:18 PM: Nick Johnson
Carnage: This file should be with your copy of windows if you are running Windows '98 or NT. IF you are running '95, it won't work.
(If this comment was disrespectful, please report it.)
|
10/5/2000 4:19:23 PM: Nick Johnson
To all those that have given me less than 5/5:
I still REALLY appreciate your votes, but can I ask one extra thing of you? Tell me what I did or didn't do that cut me out of getting a 5/5! If you can suggest improvements, I can continue to improve my code!
(If this comment was disrespectful, please report it.)
|
10/8/2000 6:07:42 AM: Biznatchasaurus
cool code...thanks!
(If this comment was disrespectful, please report it.)
|
10/13/2000 4:53:58 PM: Thomas Pleasance
Can any one tell me how to view the raw data that is going in and out of a selected port
(If this comment was disrespectful, please report it.)
|
10/13/2000 6:55:01 PM: Nick Johnson
Thomas:
Unfortunately, this is not possible from VB, AFAIK. This requires Raw sockets, an advanced C topic, and none of the necessary facilities are available from VB.
(If this comment was disrespectful, please report it.)
|
10/14/2000 11:17:24 AM: HenYa
absolutely not!
It is entirely possible, you will need to research the TDI interface or NDIS driver.
Nick: raw sockets is completely different to packet monitoring... :)
Raw sockets is also possible from vb... anything you can do in c++ can be done in vb... although some things may require some work, raw sockets is easy in vb.
vb6 that is.. since vb6 has AddressOf operator.
(If this comment was disrespectful, please report it.)
|
10/14/2000 4:12:17 PM: Nick Johnson
Ok, I got that wrong, but I'm not the only one ;)
Addressof has been available since VB5, not just VB6.
MS has made threads just about impossible in VB6 non-activex exe's.
(If this comment was disrespectful, please report it.)
|
10/15/2000 2:29:44 AM: Curlew
You're talking about different things when it comes to monitoring data. Henya: You might be right, but you're talking about IP Packet Sniffing directly from the network device. Nick's talking about creating a system-wide hook and intercepting winsock messages, which is not possible in VB right now.
(If this comment was disrespectful, please report it.)
|
10/28/2000 6:05:12 AM: HenYa
anon: haha, she?
System-wide hooks are quite possible in VB.. its just a callback (addressof).
You not one of them people who think you can't system-wide keyboard hook in vb, are you?
(If this comment was disrespectful, please report it.)
|
10/28/2000 6:26:17 AM: Henya
curlew:
the reason you can "system-wide hook" the "winsock messages" is because microsoft arent that dumb in sending massive amounts of data to every single process on the computer at the same time...
It is IMPOSSIBLE to just "hook in to" a system-wde hook that receives all the windows socket notifications and data, i guess you've never programmed real implementations before?
To intercept "winsock messages" YOU WILL have to use the TDI or NDIS layers. As shown on various programs from www.sysinternals.com and/or www.winternals.com.
(If this comment was disrespectful, please report it.)
|
11/5/2000 11:44:12 PM: zelon200@yahoo.com
Hey People,
Just noticed this little discussion you have. I'm in serious need of help with creating something that will intercept data that is coming to the Winsock. The only think I figured out myself is to recreate the winsock dll and have my program do all the routing but thats too much work. Please help.
zelon2000@yahoo.com
Fuzzy Logic
(If this comment was disrespectful, please report it.)
|
11/6/2000 6:10:02 AM: gary
Henya, can you put a link here to your code, i dont see it anywhere
(If this comment was disrespectful, please report it.)
|
11/6/2000 7:46:41 AM: skream
i get errors, it says stuff about SPLIT sub or function not defined, i got vb5, but it only says it when new ip shows up. Like its trying to determine, and split up IP with
(If this comment was disrespectful, please report it.)
|
11/6/2000 7:55:25 AM: skream
ACK
i get errors, it says stuff about SPLIT sub or function not defined i got vb5 but it only says it when new ip shows up. Like its trying to determine and split up IP with "."s inbetween.
Another problem the multiuse and persistable and all that stuff at top of the class modules before Option Explicit doesn't like being there. Nick Please contact me. 865965 icq ta
(If this comment was disrespectful, please report it.)
|
11/6/2000 1:30:14 PM: Nick Johnson
Hmm, seems somewhere along the line it got fed through VB6 by the sounds of it. With the multiuse bits at the top, just delete them. For the split, there should be a replacement function here on PSC. Has anyone else had this problem?
(If this comment was disrespectful, please report it.)
|
11/6/2000 7:57:52 PM: ged
yeah i get that split problem, seems you haven't included the split sub for splitting up the ip
(If this comment was disrespectful, please report it.)
|
11/8/2000 11:34:59 AM: Henya
Gary: since this has happened.. im not releasing any more of our code.. Actually, for a number of reasons.
I'm not sure if i should do this.. but Skream and the Split function;
MSDN has a plenty of information related to this function. You use the following params.. that i have simplified:
myArray = Split("myExpression or myArray", "delimiter")
There are two more params. but they are not required for your specific problem.
(If this comment was disrespectful, please report it.)
|
11/17/2000 12:44:00 PM: vbmojo
Excellent Code. It works like a charm.
(If this comment was disrespectful, please report it.)
|
11/20/2000 7:40:08 AM: Joe
It works fine when I'm testing it in vb, a little lagged though. But after I compile it, it freezes. I have Windows98 and vb6. Is there a a fix for this?
BTW: Great coding!!
(If this comment was disrespectful, please report it.)
|
11/24/2000 3:47:45 PM: SqueakMac
You guys were saying that you get an error on the Split function...
The Split function is only VB6, not VB5, AFAIK.
(If this comment was disrespectful, please report it.)
|
11/25/2000 8:28:40 PM: opello
Great code! (contest win in fact) ... The split function can be replaced. Just add some 'compatibility' code that you can find here code #3611 works good.
(If this comment was disrespectful, please report it.)
|
11/26/2000 1:01:51 PM: antiduh
henya, quit your ranting!
(If this comment was disrespectful, please report it.)
|
12/6/2000 3:29:16 PM: Anonymous
Teis program could not resolve the first IP, so it just hanged forever after it listed only the first IP.
(If this comment was disrespectful, please report it.)
|
12/28/2000 6:50:26 PM: Vasilis Sagonas
best :)
(If this comment was disrespectful, please report it.)
|
2/1/2001 1:29:23 PM: KaReL
Nice code, but can you gimme sometimes the API-calls & a sample prog HOW to make an UDP connection & send a sample of data & then close the connection?
Thx alot!
email: half_life_fool@bigfoot.com
(If this comment was disrespectful, please report it.)
|
8/24/2001 4:09:05 PM: Vicky
i love your work is there an update you done for this ?
(If this comment was disrespectful, please report it.)
|
8/24/2001 4:11:32 PM: Vicky
mail me
(If this comment was disrespectful, please report it.)
|
12/6/2001 12:21:48 PM: Tako
anyone know how to get around the
(If this comment was disrespectful, please report it.)
|
12/6/2001 12:23:20 PM: Tako
*anyone know how to get around the stucture too small error when trying to get the tcptable?
(If this comment was disrespectful, please report it.)
|
12/11/2001 12:29:09 PM: sick
Is there a way to get the amount of data being sent/recieved.
(If this comment was disrespectful, please report it.)
|
12/29/2001 1:25:45 PM: DeAtH RyDeR
I haven't run the code yet but it looks pretty cool, you have an excellent vote from hacker supreme (a.k.a T_R_I_C_K_S_T_E_R)
(If this comment was disrespectful, please report it.)
|
2/20/2002 11:05:41 AM: Michiel Schermer
Why you people want to get RAW incoming/outgoing data? - you want to make any project very insecure or something? - then even newbies could get the datastreams into projects and make simple hacks for it... happy microsoft protected that part very good since everything (even FTP, Emailing) is using a winsock control... should be fun if i could see the incoming/outgoing data but its not possible
(If this comment was disrespectful, please report it.)
|
4/11/2002 12:19:28 PM: chris
thanks for these excellent lines of code - they finally showed me how to deal with all these "IP Helper Functions"!
As you might know your code can be very easy enhanced to support udptable too.
(If this comment was disrespectful, please report it.)
|
4/14/2002 12:47:37 PM: Jerry
How map the port to its own application?
(If this comment was disrespectful, please report it.)
|
5/15/2002 2:12:34 PM:
I´ll like to learn TDI layer in vb, very thanks and greetings.
(If this comment was disrespectful, please report it.)
|
5/16/2002 12:56:24 PM: bote
I want to learn TDI layer in vb,
very thanks and greetings.
(If this comment was disrespectful, please report it.)
|
5/17/2002 6:05:59 AM: bote
nobody have saved the HenYa code????
please, send me
(If this comment was disrespectful, please report it.)
|
6/5/2002 6:39:10 PM: X°Celcius
I got the same error someone mentioned above. The code works beautifully in testing, but when compiled it only freezes. Any suggestions on how to go about fixing that?
X°C
(If this comment was disrespectful, please report it.)
|
6/14/2003 11:23:34 AM: gridrun
raw sockets (IP level) are possible in VB6, just check out Erwan's Promiscuous Sniffer (use search box, Im too lazy to paste URL/CodeID).
To see what port is owned by what process (ie map executable path/name to port) would be *so* very useful.. Obviously there must be more than one approach, as several utilities exist(foundstone fport, and that sysinternals utility, for example), which can do it, and are lightning fast at it, too.
(If this comment was disrespectful, please report it.)
|
6/14/2003 11:24:14 AM: gridrun
I dont think any of the mentioned programs work by hooking winsock API calls. While some older tools used this method, they had all the restriction of being unable to map ports that were opened prior to the tool's execution.
Yet another tool, ntsecurity.nu's Inzider, takes awfully long to execute, using, it seems, yet another method to accomplish the result.
At least for XP, there exist a special API call that will return the process name, again sysinternals.com is demonstrating this with sourcecode on there site.
(If this comment was disrespectful, please report it.)
|
10/3/2003 2:52:51 PM:
Alguém sabe como eu posso fazer isso em Delphi??????????
Por favor me contate....
Valeu...
Kjones2003@bol.com.br
MSN kjones1@hotmail.com
ICQ 169651259
Somebody know how I can do it on Delphi??
Please contact me
Kjones2003@bol.com.br
MSN kjones1@hotmail.com
ICQ 169651259
(If this comment was disrespectful, please report it.)
|
10/13/2003 3:32:40 AM: HyperHacker
It gets the first one then hangs (even in VB). Also notice Windoze declares it "hung" a lot faster than with other apps. O_o
(If this comment was disrespectful, please report it.)
|
2/21/2005 11:53:30 AM: Max Mouse
Netstat -ano will give you a PID of each port, using vb its possible to resolve the PID to an executable name (Search PID to Executable name) if netstat can get those PID listings then there must be some sort of api to do it.
(If this comment was disrespectful, please report it.)
|
3/10/2005 3:40:07 PM:
there are a few ways to do it. the first I though of a couple of years ago. you can create an activex exe to handle the multiple threads and use a capture exe with multiple instances to capture the new objects and relay the data. they could even use a dynamic array with a form of mutex to propagate the data to the activex control and back into the exe. I would have to read more into the raw connection information to know for sure how to implement this. alternatively you could use the activex exe directly and reference the functions from the vtable of the object but you may have to overlay the function start with a corrected binary due to how vb6 compiles functions inside of activex objects (or so I've read in some questionably reliable sources) basically lots of research and time would find a solution, because things are only as imposible as you believe them to be.
(If this comment was disrespectful, please report it.)
|
5/22/2006 4:00:44 AM: jawir
this is a good code, simple but powrfull to get all open winsock!
nice
(If this comment was disrespectful, please report it.)
|
Add Your Feedback
Your feedback will be posted below and an email sent to
the author. Please remember that the author was kind enough to
share this with you, so any criticisms must be stated politely, or they
will be deleted. (For feedback not related to this particular code, please
click here instead.)
To post feedback, first please login.
|
