Netstat

The Netstat.exe utility displays the TCP connection table, the UDP listener table, and the IP protocol statistics on your computer. The functions used to retrieve this information not only work on Windows 98 and Windows 2000 but are also available on Windows NT 4 Service Pack 4 (or later).

Retrieving the TCP Connection Table

The GetTcpTable function retrieves the TCP connection table. This is the same information you see when you execute Netstat.exe with the -p tcp -a options. GetTcpTable is defined as

 DWORD GetTcpTable( PMIB_TCPTABLE pTcpTable, PDWORD pdwSize, BOOL bOrder ); 

The pTcpTable parameter is a pointer to an MIB_TCPTABLE application buffer that will receive the TCP connection information. The pdwSize parameter is a pointer to a variable that specifies the size of the buffer you passed in the pTcpTable parameter. If the buffer is not large enough to hold the TCP information, the function sets this parameter to the required buffer size. The bOrder parameter specifies whether the returned information should be sorted.

The MIB_TCPTABLE structure returned from GetTcpTable is defined as

 typedef struct _MIB_TCPTABLE { DWORD dwNumEntries; MIB_TCPROW table[ANY_SIZE]; } MIB_TCPTABLE, *PMIB_TCPTABLE; 

The fields of this structure are defined as follows:

  • dwNumEntries Specifies how many entries are in the table field (described next).
  • table Is a pointer to an array of MIB_TCPROW structures that contain TCP connection information.

The MIB_TCPROW structure contains the IP address pair that comprises a TCP connection. This structure is defined as

 typedef struct _MIB_TCPROW { DWORD dwState; DWORD dwLocalAddr; DWORD dwLocalPort; DWORD dwRemoteAddr; DWORD dwRemotePort; } MIB_TCPROW, *PMIB_TCPROW; 

Its fields are defined as follows:

  • dwState Specifies the state of the TCP connection, as defined in Table B-3.

Table B-3. TCP connection states

Connection State RFC 793 Description
MIB_TCP_STATE_CLOSED Known as the "CLOSED" state
MIB_TCP_STATE_CLOSING Known as the "CLOSING" state
MIB_TCP_STATE_CLOSE_WAIT Known as the "CLOSE WAIT" state
MIB_TCP_STATE_DELETE_TCB Known as the "DELETE" state
MIB_TCP_STATE_ESTAB Known as the "ESTABLISHED" state
MIB_TCP_STATE_FIN_WAIT1 Known as the "FIN WAIT1" state
MIB_TCP_STATE_FIN_WAIT2 Known as the "FIN WAIT2" state
MIB_TCP_STATE_LAST_ACK Known as the "LAST ACK" state
MIB_TCP_STATE_LISTEN Known as the "LISTENING" state
MIB_TCP_STATE_SYN_RCVD Known as the "SYN RCVD" state
MIB_TCP_STATE_SYN_SENT Known as the "SYN SENT" state
MIB_TCP_STATE_TIME_WAIT Known as the "TIME WAIT" state

  • dwLocalAddr Specifies a local IP address for the connection.
  • dwLocalPort Specifies a local port for the connection.
  • dwRemoteAddr Specifies the remote IP address for the connection.
  • dwRemotePort Specifies the remote port for the connection.

Retrieving the UDP Listener Table

The GetUdpTable function retrieves the UDP listener table. This is the same information you see if you execute Netstat.exe with the -p udp -a options. GetUdpTable is defined as

 DWORD GetUdpTable( PMIB_UDPTABLE pUdpTable, PDWORD pdwSize, BOOL bOrder ); 

The pUdpTable parameter is a pointer to an MIB_UDPTABLE application buffer that will receive the UDP listener information. The pdwSize parameter is a pointer to a variable that specifies the size of the buffer you passed in the pUdpTable parameter. If the buffer is not large enough to hold the UDP information, the function sets this parameter to the required buffer size. The bOrder parameter specifies whether the returned information should be sorted.

The MIB_UDPTABLE structure returned from GetUdpTable is defined as

 typedef struct _MIB_UDPTABLE { DWORD dwNumEntries; MIB_UDPROW table[ANY_SIZE]; } MIB_UDPTABLE, * PMIB_UDPTABLE; 

The fields of this structure are defined as follows:

  • dwNumEntries Specifies how many entries are in the table field, described next.
  • table Is a pointer to an array of MIB_UDPROW structures that contain UDP listener information.

The MIB_UDPROW structure contains the IP address in which UDP is listening for datagrams. This structure is defined as

 typedef struct _MIB_UDPROW { DWORD dwLocalAddr; DWORD dwLocalPort; } MIB_UDPROW, * PMIB_UDPROW; 

Its fields are defined as follows:

  • dwLocalAddr Specifies the local IP address.
  • dwLocalPort Specifies the local IP port.

Retrieving IP Protocol Statistics

Four functions are available for receiving IP statistics: GetIpStatistics, GetIcmpStatistics, GetTcpStatistics, and GetUdpStatistics. These functions produce the same information that is returned from Netstat.exe when you call it with the -s parameter. The first statistics function, GetIpStatistics, retrieves the IP statistics for the current computer and is defined as

 DWORD GetIpStatistics( PMIB_IPSTATS pStats ); 

The pStats parameter is a pointer to an MIB_IPSTATS structure that receives the current IP statistics for your computer. The MIB_IPSTATS structure is defined as

 typedef struct _MIB_IPSTATS { DWORD dwForwarding; DWORD dwDefaultTTL; DWORD dwInReceives; DWORD dwInHdrErrors; DWORD dwInAddrErrors; DWORD dwForwDatagrams; DWORD dwInUnknownProtos; DWORD dwInDiscards; DWORD dwInDelivers; DWORD dwOutRequests; DWORD dwRoutingDiscards; DWORD dwOutDiscards; DWORD dwOutNoRoutes; DWORD dwReasmTimeout; DWORD dwReasmReqds; DWORD dwReasmOks; DWORD dwReasmFails; DWORD dwFragOks; DWORD dwFragFails; DWORD dwFragCreates; DWORD dwNumIf; DWORD dwNumAddr; DWORD dwNumRoutes; } MIB_IPSTATS, *PMIB_IPSTATS; 

The fields of this structure are defined as follows:

  • dwForwarding Specifies whether IP forwarding is enabled or disabled on your computer.
  • dwDefaultTTL Specifies the initial time-to-live (TTL) value for datagrams originating on your computer.
  • dwInReceives Specifies the number of datagrams received.
  • dwInHdrErrors Specifies the number of datagrams received with bad headers.
  • dwInAddrErrors Specifies the number of datagrams received with bad addresses.
  • dwForwDatagrams Specifies the number of datagrams forwarded.
  • dwInUnknownProtos Specifies the number of datagrams received with an unknown protocol.
  • dwInDiscards Specifies the number of datagrams received that were discarded.
  • dwInDelivers Specifies the number of datagrams received that were delivered.
  • dwOutRequests Specifies the number of datagrams that IP has requested to transmit.
  • dwRoutingDiscards Specifies the number of outgoing datagrams discarded.
  • dwOutDiscards Specifies the number of transmitted datagrams discarded.
  • dwOutNoRoutes Specifies the number of datagrams that did not have a routing destination.
  • dwReasmTimeout Specifies the maximum amount of time for a fragmented datagram to arrive.
  • dwReasmReqds Specifies the number of datagrams that require assembly.
  • dwReasmOks Specifies the number of datagrams that were successfully reassembled.
  • dwFragFails Specifies the number of datagrams that could not be fragmented.
  • dwFragCreates Specifies the number of datagrams that were fragmented.
  • dwNumIf Specifies the number of IP interfaces available on your computer.
  • dwNumAddr Specifies the number of IP addresses identified on your computer.
  • dwNumRoutes Specifies the number of routes available in the routing table.

The second statistics function, GetIcmpStatistics, retrieves Internet Control Message Protocol (ICMP) statistics and is defined as

 DWORD GetIcmpStatistics( PMIB_ICMP pStats ); 

The pStats parameter is a pointer to an MIB_ICMP structure that receives the current ICMP statistics for your computer. The MIB_ICMP structure is defined as

 typedef struct _MIB_ICMP { MIBICMPINFO stats; } MIB_ICMP,*PMIB_ICMP; 

As you can see, MIB_ICMP is a structure containing a MIBICMPINFO structure that is defined as

 typedef struct _MIBICMPINFO { MIBICMPSTATS icmpInStats; MIBICMPSTATS icmpOutStats; } MIBICMPINFO; 

The MIBICMPINFO structure receives incoming or outgoing ICMP information through an MIBICMPSTATS structure. The icmpInStats parameter receives incoming data, while icmpOutStats receives outgoing data. The MIBICMPSTATS structure is defined as

 typedef struct _MIBICMPSTATS { DWORD dwMsgs; DWORD dwErrors; DWORD dwDestUnreachs; DWORD dwTimeExcds; DWORD dwParmProbs; DWORD dwSrcQuenchs; DWORD dwRedirects; DWORD dwEchos; DWORD dwEchoReps; DWORD dwTimestamps; DWORD dwTimestampReps; DWORD dwAddrMasks; DWORD dwAddrMaskReps; } MIBICMPSTATS; 

The fields of this structure are defined as follows:

  • dwMsgs Specifies the number of messages sent or received.
  • dwErrors Specifies the number of errors sent or received.
  • dwDestUnreachs Specifies the number of "destination unreachable" messages sent or received.
  • dwTimeExcds Specifies the number of TTL-exceeded messages sent or received.
  • dwParmProbs Specifies the number of messages sent or received that indicate a datagram contains bad IP information.
  • dwSrcQuenchs Specifies the number of source quench messages sent or received.
  • dwRedirects Specifies the number of redirection messages sent or received.
  • dwEchos Specifies the number of ICMP echo requests sent or received.
  • dwEchoReps Specifies the number of ICMP echo replies sent or received.
  • dwTimestamps Specifies the number of timestamp requests sent or received.
  • dwTimestampReps Specifies the number of timestamp replies sent or received.
  • dwAddrMasks Specifies the number of address masks sent or received.
  • dwAddrMaskReps Specifies the number of address mask replies sent or received.

The third statistics function, GetTcpStatistics, retrieves TCP statistics on your computer and is defined as

 DWORD GetTcpStatistics( PMIB_TCPSTATS pStats ); 

The pStats parameter is a pointer to an MIB_TCPSTATS structure that receives the current IP statistics for your computer. The MIB_TCPSTATS structure is defined as

 typedef struct _MIB_TCPSTATS { DWORD dwRtoAlgorithm; DWORD dwRtoMin; DWORD dwRtoMax; DWORD dwMaxConn; DWORD dwActiveOpens; DWORD dwPassiveOpens; DWORD dwAttemptFails; DWORD dwEstabResets; DWORD dwCurrEstab; DWORD dwInSegs; DWORD dwOutSegs; DWORD dwRetransSegs; DWORD dwInErrs; DWORD dwOutRsts; DWORD dwNumConns; } MIB_TCPSTATS, *PMIB_TCPSTATS; 

The fields of this structure are defined as follows:

  • dwRtoAlgorithm Specifies which retransmission algorithm is being used. The valid values are MIB_TCP_RTO_CONSTANT, MIB_TCP_RTO_RSRE, MIB_TCP_RTO_VANJ, and MIB_TCP_RTO_OTHER, which is for other types.
  • dwRtoMin Specifies the minimum retransmission timeout in milliseconds.
  • dwRtoMax Specifies the maximum retransmission timeout in milliseconds.
  • dwMaxConn Specifies the maximum number of connections allowed.
  • dwActiveOpens Specifies how many times the machine is initiating a connection with a server.
  • dwPassiveOpens Specifies how many times the machine is listening for a connection from a client.
  • dwAttemptFails Specifies how many connection attempts have failed.
  • dwEstabResets Specifies the number of established connections that have been reset.
  • dwCurrEstab Specifies the number of connections that are currently established.
  • dwInSegs Specifies the number of segments received.
  • dwOutSegs Specifies the number of segments transmitted (excluding segments that have been retransmitted).
  • dwRetransSegs Specifies the number of segments retransmitted.
  • dwInErrs Specifies the number of errors received.
  • dwOutRsts Specifies the number of segments transmitted with the reset flag set.
  • dwNumConns Specifies the total number of connections.

The last statistics function, GetUdpStatistics, retrieves UDP statistics on your computer and is defined as

 DWORD GetUdpStatistics( PMIB_UDPSTATS pStats ); 

The pStats parameter is a pointer to an MIB_UDPSTATS structure that receives the current IP statistics for your computer. The MIB_UDPSTATS structure is defined as

 typedef struct _MIB_UDPSTATS { DWORD dwInDatagrams; DWORD dwNoPorts; DWORD dwInErrors; DWORD dwOutDatagrams; DWORD dwNumAddrs; } MIB_UDPSTATS,*PMIB_UDPSTATS; 

This structure's fields are defined as follows:

  • dwInDatagrams Specifies the number of datagrams received.
  • dwNoPorts Specifies the number of datagrams discarded because the port number was bad.
  • dwInErrors Specifies the number of erroneous datagrams received (excluding the datagrams counted in dwNoPorts).
  • dwOutDatagrams Specifies the number of datagrams transmitted.
  • dwNumAddrs Specifies the total number of UDP entries in the listener table.


Network Programming for Microsoft Windows
Linux Server Hacks, Volume Two: Tips & Tools for Connecting, Monitoring, and Troubleshooting
ISBN: 735615799
EAN: 2147483647
Year: 1998
Pages: 159

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net