I almost accidentally discovered that my machine sends and receives UDP packets to a machine in Poland. It’s not that I had problems with Poland, I just don’t know why my laptop needs to communicate with the server. Reverse DNS shows only the ISP providing the address to the end user. Using Wireshark, I can track messages that were illegible because they were probably encrypted. All packets sent from my machine had the same source port, so it is clear that the application that sent them opened this UDP socket for use. I am looking for ways:
1) list all current sockets that are open in the system, including the process that created it, and for TCP and UDP, to which ports and addresses they are bound.
2), because applications can open these sockets, use them and close them immediately, I would like to find (or maybe even write) a program that once started, somehow get notified every time a socket is created or indeed, more importantly when binding to the source and / or destination address and port. For UDP, I would also like to be able to track / track the IP addresses and destination ports to which the socket sent messages.
I don’t want to control the traffic itself, I have Wireshark if I want to view the traffic. I want to be able to then cross-link to find out which application generates packages. I want to know if this is from a process that I trust, or if this is what I need for further study.
Does anyone know of any applications (for the Windows platform) that can do this? If not, any ideas on .NET or the Windows API that provide this feature, should I write this myself?
Edit:
- , API-, : GetExtendedUdpTable GetExtendedTcpTable, CodeProject.com , .NET(. http://www.codeproject.com/Articles/14423/Getting-the-active-TCP-UDP-connections-using-the-G). , API , , - . - , , , , .