Netstat

Previous page
Table of content
Next page

Netstat

The NETSTAT.EXE utility displays the TCP connection table, the UDP listener table, and the IPv4 protocol statistics on your computer. The functions used to retrieve this information work with Windows NT 4.0 (Service Pack 4 and later), Windows 98, and Windows Me.

Retrieving the TCP Connection Table

The GetTcpTable function retrieves the TCP connection table. This is the same information you see when you execute NETSTAT.EXE with the -p tcp -a options. GetTcpTable is defined as

DWORD GetTcpTable(      PMIB_TCPTABLE pTcpTable,     PDWORD pdwSize,     BOOL bOrder );

The pTcpTable parameter is a pointer to an MIB_TCPTABLE application buffer that will receive the TCP connection information. The pdwSize parameter is a pointer to a variable that specifies the size of the buffer you passed in the pTcpTable parameter. If the buffer is not large enough to hold the TCP information, the function sets this parameter to the required buffer size. The bOrder parameter specifies whether the returned information should be sorted.

The MIB_TCPTABLE structure returned from GetTcpTable is defined as

typedef struct _MIB_TCPTABLE  {      DWORD dwNumEntries;     MIB_TCPROW table[ANY_SIZE]; } MIB_TCPTABLE, *PMIB_TCPTABLE;

The fields of this structure are defined as follows:

  • dwNumEntries Specifies how many entries are in the table field.

  • table Is a pointer to an array of MIB_TCPROW structures that contain TCP connection information.

The MIB_TCPROW structure contains the IPv4 address pair that comprises a TCP connection. This structure is defined as

typedef struct _MIB_TCPROW  {      DWORD dwState;     DWORD dwLocalAddr;     DWORD dwLocalPort;     DWORD dwRemoteAddr;     DWORD dwRemotePort; } MIB_TCPROW, *PMIB_TCPROW;

Its fields are defined as follows:

  • dwState Specifies the state of the TCP connection, as defined in Table 16-9. See Chapter 1 for information about TCP states.

Table 16-9 TCP Connection States

Connection State

RFC 793 Description

MIB_TCP_STATE_CLOSED

Known as the “CLOSED” state

MIB_TCP_STATE_CLOSING

Known as the “CLOSING” state

MIB_TCP_STATE_CLOSE_WAIT

Known as the “CLOSE WAIT” state

MIB_TCP_STATE_DELETE_TCB

Known as the “DELETE” state

MIB_TCP_STATE_ESTAB

Known as the “ESTABLISHED” state

MIB_TCP_STATE_FIN_WAIT1

Known as the “FIN WAIT1” state

MIB_TCP_STATE_FIN_WAIT2

Known as the “FIN WAIT2” state

MIB_TCP_STATE_LAST_ACK

Known as the “LAST ACK” state

MIB_TCP_STATE_LISTEN

Known as the “LISTENING” state

MIB_TCP_STATE_SYN_RCVD

Known as the “SYN RCVD” state

MIB_TCP_STATE_SYN_SENT

Known as the “SYN SENT” state

MIB_TCP_STATE_TIME_WAIT

Known as the “TIME WAIT” state

  • dwLocalAddr Specifies a local IPv4 address for the connection.

  • dwLocalPort Specifies a local port for the connection.

  • dwRemoteAddr Specifies the remote IPv4 address for the connection.

  • dwRemotePort Specifies the remote port for the connection.

Retrieving the UDP Listener Table

The GetUdpTable function retrieves the UDP listener table. This is the same information you see if you execute NETSTAT.EXE with the -p udp -a options. GetUdpTable is defined as

DWORD GetUdpTable(      PMIB_UDPTABLE pUdpTable,     PDWORD pdwSize,     BOOL bOrder );

The pUdpTable parameter is a pointer to an MIB_UDPTABLE application buffer that will receive the UDP listener information. The pdwSize parameter is a pointer to a variable that specifies the size of the buffer you passed in the pUdpTable parameter. If the buffer is not large enough to hold the UDP information, the function sets this parameter to the required buffer size. The bOrder parameter specifies whether the returned information should be sorted.

The MIB_UDPTABLE structure returned from GetUdpTable is defined as

typedef struct _MIB_UDPTABLE {      DWORD dwNumEntries;     MIB_UDPROW table[ANY_SIZE]; } MIB_UDPTABLE, * PMIB_UDPTABLE;

The fields of this structure are defined as follows:

  • dwNumEntries Specifies how many entries are in the table field.

  • table Is a pointer to an array of MIB_UDPROW structures that contain UDP listener information.

The MIB_UDPROW structure contains the IPv4 address in which UDP is listening for datagrams. This structure is defined as

typedef struct _MIB_UDPROW  {      DWORD dwLocalAddr;     DWORD dwLocalPort; } MIB_UDPROW, * PMIB_UDPROW;

Its fields are defined as follows:

  • dwLocalAddr Specifies the local IPv4 address.

  • dwLocalPort Specifies the local port.

Retrieving IPv4 Protocol Statistics

Four functions are available for receiving IPv4 statistics: GetIpStatistics, GetIcmpStatistics, GetTcpStatistics, and GetUdpStatistics. These functions produce the same information that is returned from NETSTAT.EXE when you call it with the -s parameter. The first statistics function, GetIpStatistics, retrieves the IPv4 statistics for the current computer and is defined as

DWORD GetIpStatistics(      PMIB_IPSTATS pStats );

The pStats parameter is a pointer to an MIB_IPSTATS structure that receives the current IPv4 statistics for your computer. The MIB_IPSTATS structure is defined as

typedef struct _MIB_IPSTATS  {      DWORD dwForwarding;      DWORD dwDefaultTTL;     DWORD dwInReceives;     DWORD dwInHdrErrors;     DWORD dwInAddrErrors;     DWORD dwForwDatagrams;     DWORD dwInUnknownProtos;     DWORD dwInDiscards;     DWORD dwInDelivers;     DWORD dwOutRequests;     DWORD dwRoutingDiscards;      DWORD dwOutDiscards;     DWORD dwOutNoRoutes;     DWORD dwReasmTimeout;     DWORD dwReasmReqds;      DWORD dwReasmOks;     DWORD dwReasmFails;     DWORD dwFragOks;     DWORD dwFragFails;     DWORD dwFragCreates;     DWORD dwNumIf;     DWORD dwNumAddr;     DWORD dwNumRoutes; } MIB_IPSTATS, *PMIB_IPSTATS;

The fields of this structure are defined as follows:

  • dwForwarding Specifies whether IPv4 forwarding is enabled or disabled on your computer.

  • dwDefaultTTL Specifies the initial TTL value for datagrams originating on your computer.

  • dwInReceives Specifies the number of datagrams received.

  • dwInHdrErrors Specifies the number of datagrams received with bad headers.

  • dwInAddrErrors Specifies the number of datagrams received with bad addresses.

  • dwForwDatagrams Specifies the number of datagrams forwarded.

  • dwInUnknownProtos Specifies the number of datagrams received with an unknown protocol.

  • dwInDiscards Specifies the number of datagrams received that were discarded.

  • dwInDelivers Specifies the number of datagrams received that were delivered.

  • dwOutRequests Specifies the number of datagrams that IPv4 has requested to transmit.

  • dwRoutingDiscards Specifies the number of outgoing datagrams discarded.

  • dwOutDiscards Specifies the number of transmitted datagrams discarded.

  • dwOutNoRoutes Specifies the number of datagrams that did not have a routing destination.

  • dwReasmTimeout Specifies the maximum amount of time for a fragmented datagram to arrive.

  • dwReasmReqds Specifies the number of datagrams that require assembly.

  • dwReasmOks Specifies the number of datagrams that were successfully reassembled.

  • dwFragFails Specifies the number of datagrams that could not be fragmented.

  • dwFragCreates Specifies the number of datagrams that were fragmented.

  • dwNumIf Specifies the number of IPv4 interfaces available on your computer.

  • dwNumAddr Specifies the number of IPv4 addresses identified on your computer.

  • dwNumRoutes Specifies the number of routes available in the routing table.

The second statistics function, GetIcmpStatistics, retrieves ICMP statistics and is defined as

DWORD GetIcmpStatistics(    PMIB_ICMP pStats );

The pStats parameter is a pointer to an MIB_ICMP structure that receives the current ICMP statistics for your computer. The MIB_ICMP structure is defined as

typedef struct _MIB_ICMP {     MIBICMPINFO stats; } MIB_ICMP,*PMIB_ICMP;

As you can see, MIB_ICMP is a structure containing a MIBICMPINFO structure that is defined as

typedef struct _MIBICMPINFO {      MIBICMPSTATS icmpInStats;     MIBICMPSTATS icmpOutStats; } MIBICMPINFO;

The MIBICMPINFO structure receives incoming or outgoing ICMP information through an MIBICMPSTATS structure. The icmpInStats parameter receives incoming data and icmpOutStats receives outgoing data. The MIBICMPSTATS structure is defined as

typedef struct _MIBICMPSTATS  {      DWORD dwMsgs;     DWORD dwErrors;     DWORD dwDestUnreachs;     DWORD dwTimeExcds;     DWORD dwParmProbs;     DWORD dwSrcQuenchs;     DWORD dwRedirects;     DWORD dwEchos;     DWORD dwEchoReps;     DWORD dwTimestamps;     DWORD dwTimestampReps;     DWORD dwAddrMasks;     DWORD dwAddrMaskReps; } MIBICMPSTATS;

The fields of this structure are defined as follows:

  • dwMsgs Specifies the number of messages sent or received.

  • dwErrors Specifies the number of errors sent or received.

  • dwDestUnreachs Specifies the number of “destination unreachable” messages sent or received.

  • dwTimeExcds Specifies the number of TTL-exceeded messages sent or received.

  • dwParmProbs Specifies the number of messages sent or received that indicate a datagram contains bad IPv4 information.

  • dwSrcQuenchs Specifies the number of source quench messages sent or received.

  • dwRedirects Specifies the number of redirection messages sent or received.

  • dwEchos Specifies the number of ICMP echo requests sent or received.

  • dwEchoReps Specifies the number of ICMP echo replies sent or received.

  • dwTimestamps Specifies the number of timestamp requests sent or received.

  • dwTimestampReps Specifies the number of timestamp replies sent or received.

  • dwAddrMasks Specifies the number of address masks sent or received.

  • dwAddrMaskReps Specifies the number of address mask replies sent or received.

The third statistics function, GetTcpStatistics, retrieves TCP statistics on your computer and is defined as

DWORD GetTcpStatistics(      PMIB_TCPSTATS pStats );

The pStats parameter is a pointer to an MIB_TCPSTATS structure that receives the current IP statistics for your computer. The MIB_TCPSTATS structure is defined as

typedef struct _MIB_TCPSTATS  {      DWORD dwRtoAlgorithm;      DWORD dwRtoMin;     DWORD dwRtoMax;     DWORD dwMaxConn;     DWORD dwActiveOpens;     DWORD dwPassiveOpens;     DWORD dwAttemptFails;     DWORD dwEstabResets;     DWORD dwCurrEstab;     DWORD dwInSegs;     DWORD dwOutSegs;     DWORD dwRetransSegs;     DWORD dwInErrs;     DWORD dwOutRsts;     DWORD dwNumConns; } MIB_TCPSTATS, *PMIB_TCPSTATS;

The fields of this structure are defined as follows:

  • dwRtoAlgorithm Specifies which retransmission algorithm is being used. The valid values are MIB_TCP_RTO_CONSTANT, MIB_TCP_ RTO_RSRE, MIB_TCP_RTO_VANJ, and MIB_TCP_RTO_OTHER, which is for other types.

  • dwRtoMin Specifies the minimum retransmission timeout in milliseconds.

  • dwRtoMax Specifies the maximum retransmission timeout in milliseconds.

  • dwMaxConn Specifies the maximum number of connections allowed.

  • dwActiveOpens Specifies how many times the machine is initiating a connection with a server.

  • dwPassiveOpens Specifies how many times the machine is listening for a connection from a client.

  • dwAttemptFails Specifies how many connection attempts have failed.

  • dwEstabResets Specifies the number of established connections that have been reset.

  • dwCurrEstab Specifies the number of connections that are currently established.

  • dwInSegs Specifies the number of segments received.

  • dwOutSegs Specifies the number of segments transmitted (excluding segments that have been retransmitted).

  • dwRetransSegs Specifies the number of segments retransmitted.

  • dwInErrs Specifies the number of errors received.

  • dwOutRsts Specifies the number of segments transmitted with the reset flag set.

  • dwNumConns Specifies the total number of connections.

The last statistics function, GetUdpStatistics, retrieves UDP statistics on your computer and is defined as

DWORD GetUdpStatistics(      PMIB_UDPSTATS pStats );

The pStats parameter is a pointer to an MIB_UDPSTATS structure that receives the current IPv4 statistics for your computer. The MIB_UDPSTATS structure is defined as

typedef struct _MIB_UDPSTATS {      DWORD dwInDatagrams;     DWORD dwNoPorts;     DWORD dwInErrors;     DWORD dwOutDatagrams;      DWORD dwNumAddrs; } MIB_UDPSTATS,*PMIB_UDPSTATS;

This structure's fields are defined as follows:

  • dwInDatagrams Specifies the number of datagrams received.

  • dwNoPorts Specifies the number of datagrams discarded because the port number was bad.

  • dwInErrors Specifies the number of erroneous datagrams received (excluding the datagrams counted in dwNoPorts).

  • dwOutDatagrams Specifies the number of datagrams transmitted.

  • dwNumAddrs Specifies the total number of UDP entries in the listener table.


Previous page
Table of content
Next page
Network Programming for Microsoft Windows
Network Programming for Microsoft Windows (Microsoft Professional Series)
ISBN: 0735605602
EAN: 2147483647
Year: 2001
Pages: 172
Authors: Anthony Jones
BUY ON AMAZON
Lotus Notes and Domino 6 Development (2nd Edition)
InDesign Type: Professional Typography with Adobe InDesign CS2
File System Forensic Analysis
Extending and Embedding PHP
Special Edition Using FileMaker 8
Quartz Job Scheduling Framework: Building Open Source Enterprise Applications
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy