May 232012
 

I can recall several very recent instances in the past where I needed to write a custom application to fill a gap where traditional applications and scripts were not an option. In this specific instance, the common netstat.exe [netstat -b in this case] commands were just not cutting it for me. I was able to get the data I needed, but was not able to manipulate the information in a more precise manner to fit my needs. And after repeating the same task over and over a multitude of times, I decided this repetitive task would be better suited for a .NET form app that would perform the same type of network endpoint analysis from netstat I needed, and would do it very quickly. As a result, I created the IO Endpoint Connection Analysis and wanted to share it with our 15 readers.

IO Connection Analysis allows you to quickly perform the following tasks:

  1. Query all inbound and outbound network traffic endpoints with precision [IP/Hostname/Port].
  2. Map each connection to an application [process id].
  3. Map each application or process to a user account [process owner].
  4. Provide a memory and processing footprint per connection.

Here is a quick capture on how to use the application.

  1. Copy ioca.exe to any directory and launch. Administrative rights are not needed to see a users connections, but if you would like to see the ports and processes other accounts are utilizing, its necessary to run under administrative credentials. Upon launch you will see a splash screen indicating components are loading. Upon a successful initialization the main form will promptly appear.
  2. When you are ready, click on the “Acquire Data” button to begin the analysis. Please note; if you are running on a server or terminal server, it may take a little time to compile the connection/port mappings (this is expected).
  3. Upon activating the analysis, all local and remote traffic and various other data points will be populated in the “inbound\outbound {all traffic} tab. And once the process is complete, it will jump over to the “Filtered Data [only remote traffic] which will give you a more granular approach\analysis to the traffic at hand.
  4. To disable the notification for long running queries, simply place a check next to “disable launch notification”
  5. to acquire memory and processor stats per ip/port/process, simply place a check next to “acquire memory/processor stats”

Once complete you will get a decent mapping of inbound and outbound TCP/UDP communications [see sample below].

Should you decide to run an additional report, simply click on the “Acquire data” button again and the request will be processed.

This application is a great example of how to use native API [iphlpapi.dll} in an effort to pull in and scrub information via data grids attached to a .NET form. No need to fork over any cash because this application is completely open source and ready to adapt to your unique situation if needed. Or its ready to use right out of the box.

To download the latest version, either logon and click on the “downloads” tab or point your browser to our SourceForge site –> here

  4 Responses to “TCP/UDP endpoint analysis tool”

  1. Thanks for posting this application. We have been looking for something that could quickly map inbound/outbound connections for quite some time. Netstat will always do the trick but its good to have a GUI representation of the data which allows us to easily export the connection data into excel. Do you by chance have any plans on adding any features or accepting requests for feature updates?

    If at all possible, it would be great to see some type of timer feature here the application would pull the data every x seconds. And, perhaps add a highlight feature and tally the connection count and port counts.

    Thanks again. Well done!

  2. Well done and thank you for providing this application. We use this specifically to map out our vSphere footprint and tag potential port conflicts. I especially like the user to process to port mapping!

  3. This application works like a champ! I had a massive gap and needed to process this exact port data, thank you for filling it! I especially like having the ability to map a port to a user.

  4. The “port to application” feature of this code is awesome! Only one request if I may, can you add a timer and export feature? This application is small, but powerful!

    I signed up to contribute code on your Sourceforge.net site! Please consider accepting my request :)

 Leave a Reply

(required)

(required)

Optimized by SEO Ultimate