I'm trying to get the ipaddress that a process is connected to in c#. Is there an easy way to do this?
+2
A:
There are two ways to achieve this:
- Use the undocumented
InternalGetTcpTableWithOwnerModule/InternalGetUdpTableWithOwnerModule/InternalGetTcp6TableWithOwnerModule/InternalGetUdp6TableWithOwnerModuleAPIs exported from iphlpapi.dll. - Run
netstat -band parse the output.
Either way you will need administrator privileges and both ways are bound to break with different Windows versions. It is most certainly possible to create a Windows driver with documented APIs, but that would be a lot of work.
Update:
There is actually a documented API too - GetExtendedTcpTable and GetExtendedUdpTable. Also there's an article which presents an example how to call it from C#.
Filip Navara
2009-09-12 09:55:50
This is working great, although the process in question is call of duty 4, and even when I'm in a server playing the game it doesnt ever appear in the list which is a little confusing.
RubbleFord
2009-09-12 12:37:02
Follow up, it's not even coming out in netstat -b
RubbleFord
2009-09-12 12:37:39
Do you know which protocol is Call of Duty using for the network connection? Does netstat -a -b show it?
Filip Navara
2009-09-12 13:02:38
Well it's coming back as UDP : 0.0.0.0:49404, but the initial address is 78.111.229.123:32000 which is tcp I believe, yet I never see that address.
RubbleFord
2009-09-12 14:03:09
Just used a packet sniffer and it's going to 78.111.229.123:32000 UDP
RubbleFord
2009-09-12 16:03:55
Then GetExtendedUdpTable should be able to return it, as long as the application is running with Administrator privileges. Does it report other UDP connections? Or is just this one missing?
Filip Navara
2009-09-12 17:50:28
A:
I've had to revert to packet sniffing, and at the moment I have a solution that's beginning to take shape.
RubbleFord
2009-09-18 07:40:51