Finding TCP ports used by application

Question

All right, so I\'m extending my company\'s flexlm vendor daemon to be a little bit more revealing to client applications.

I need to be able to find out what port lmg

Answer 1

Here's the code I ended up with, for anyone who hits this problem after me

#include "stdafx.h"
#include <windows.h>
#include <iphlpapi.h>

// These are just for the ntohl function in the printf below
#include <winsock.h>
#pragma comment(lib, "Ws2_32.lib")

DWORD (WINAPI *pGetExtendedTcpTable)(
  PVOID pTcpTable,
  PDWORD pdwSize,
  BOOL bOrder,
  ULONG ulAf,
  TCP_TABLE_CLASS TableClass,
  ULONG Reserved
);

int _tmain(int argc, _TCHAR* argv[])
{
    MIB_TCPTABLE_OWNER_PID *pTCPInfo;
    MIB_TCPROW_OWNER_PID *owner;
    DWORD size;
    DWORD dwResult;

    HMODULE hLib = LoadLibrary("iphlpapi.dll");

    pGetExtendedTcpTable = (DWORD (WINAPI *)(PVOID, PDWORD, BOOL, ULONG, TCP_TABLE_CLASS, ULONG))
        GetProcAddress(hLib, "GetExtendedTcpTable");

    if (!pGetExtendedTcpTable)
    {
        printf("Could not load iphlpapi.dll. This application is for Windows XP SP2 and up.\n");
        return 1;
    }

    dwResult = pGetExtendedTcpTable(NULL,     &size, false, AF_INET, TCP_TABLE_OWNER_PID_LISTENER, 0);
    pTCPInfo = (MIB_TCPTABLE_OWNER_PID*)malloc(size);
    dwResult = pGetExtendedTcpTable(pTCPInfo, &size, false, AF_INET, TCP_TABLE_OWNER_PID_LISTENER, 0);

    if (dwResult != NO_ERROR)
    {
        printf("Couldn't get our IP table");
        return 2;
    }

    printf("Iterating though table:\n");
    for (DWORD dwLoop = 0; dwLoop < pTCPInfo->dwNumEntries; dwLoop++)
    {
        owner = &pTCPInfo->table[dwLoop];

        printf("  PID: %5u - Port: %5u\n", owner->dwOwningPid, ntohs(owner->dwLocalPort));
    }

    // Pause a moment
    printf("Done Processing\n");

    return 0;
}

Answer 2

GetTcpTable2 -- see below

GetTcpTable2 function

The GetTcpTable function retrieves the IPv4 TCP connection table.

This will fill in a MIB_TCPTABLE structure.

typedef struct _MIB_TCPTABLE {
  DWORD      dwNumEntries;
  MIB_TCPROW table[ANY_SIZE];
} MIB_TCPTABLE, *PMIB_TCPTABLE;

And now the MIB_TCPROW

typedef struct _MIB_TCPROW {
  DWORD dwState;
  DWORD dwLocalAddr;
  DWORD dwLocalPort;
  DWORD dwRemoteAddr;
  DWORD dwRemotePort;
} MIB_TCPROW, *PMIB_TCPROW;

IMPORTANT:

You need to use GetTcpTable2 in order to get the corresponding PID associated as well.

typedef struct _MIB_TCPROW2 {
  DWORD                        dwState;
  DWORD                        dwLocalAddr;
  DWORD                        dwLocalPort;
  DWORD                        dwRemoteAddr;
  DWORD                        dwRemotePort;
  DWORD                        dwOwningPid;
  TCP_CONNECTION_OFFLOAD_STATE dwOffloadState;
} MIB_TCPROW2, *PMIB_TCPROW2;

dwOwningPid

Answer 3

In the worst case, you could always parse the output of:

netstat -bna