Click here to Skip to main content
15,124,449 members
Articles / Desktop Programming / MFC
Posted 16 Nov 2003


36 bookmarked

Enhance netstat

Rate me:
Please Sign up or sign in to vote.
4.64/5 (11 votes)
16 Nov 2003
This article shows an implementation of the main TCP/UDP functions of the IP Helper API that is used to get info about active connections including the process attached to a connection.

Sample Image - enetstat.jpg


The main idea of this project was already implemented and presented by some guys around here: using GetTcpTable and GetUdpTable to read connection states of running processes. Yet another thing that is mentioned in this kind of articles are two undocumented APIs from iphlpapi.dll: AllocateAndGetTcpExTableFromStack and AllocateAndGetUdpExTableFromStack. Using these APIs, we can get access to the name of the process that holds the running connection. Unfortunately it does work only with Win2000, WinXP or newer versions.


First of all, I'd like to mention there is something new regarding this subject. Enetstat will allow the user to close any "established" connection using the following API function:

DWORD SetTcpEntry(

Having an established connection, we can close it using the following state: MIB_TCP_STATE_DELETE_TCB.

sKillConn.dwLocalAddr = (DWORD)ulLocIP; //local ip
sKillConn.dwLocalPort = (DWORD)usLocalPort; //local port
sKillConn.dwRemoteAddr = (DWORD)ulRemIP; //remote ip
sKillConn.dwRemotePort = (DWORD)usRemPort; //remote port

DWORD dwRez = SetTcpEntry(&sKillConn);

That's all about it. My piece of code is not described in detail and I suppose there is no need for that as long as we already have a cool and detailed description made by Axel Charpentier.

Well, if you need any good reference about this subject you'll find it here:

Getting active TCP/UDP connections on a box, by Axel Charpentier.


This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here


About the Author

Web Developer
Romania Romania
No Biography provided

Comments and Discussions

GeneralMy vote of 5 Pin
Giovefi20-Sep-12 14:40
MemberGiovefi20-Sep-12 14:40 
QuestionAlways 87!!! Pin
eRRaTuM16-Mar-08 5:18
MembereRRaTuM16-Mar-08 5:18 
GeneralNot in 2000, deprecated in Vista Pin
ldsandon6-Dec-06 1:44
Memberldsandon6-Dec-06 1:44 
GeneralRe: Not in 2000, deprecated in Vista Pin
y0da6-Dec-06 2:01
Membery0da6-Dec-06 2:01 
GeneralRe: Not in 2000, deprecated in Vista Pin
Leo Davidson28-Mar-09 2:48
MemberLeo Davidson28-Mar-09 2:48 
"The GetTcpTable or GetExtendedTcpTable functions should be used to retrieve the TCP connection table instead of using the AllocateAndGetTcpExTableFromStack function."

Don't know if the replacement APIs existed at the time of writing but I thought someone searching for this issue might like to know that there are APIs for Vista which do the same job in a slightly different way.

GetTcpTable is also supported and documented for Win2k, and there's an IPv6 version too, so it looks like the way to go.
Generalprinter Pin
Kutti Ra30-Sep-05 16:59
MemberKutti Ra30-Sep-05 16:59 
GeneralMonitoring Internet client Pin
Kutti Ra30-Sep-05 16:56
MemberKutti Ra30-Sep-05 16:56 
GeneralTcpTable does not return all connections Pin
bigga16-Sep-05 5:16
Memberbigga16-Sep-05 5:16 
GeneralRe: TcpTable does not return all connections Pin
y0da16-Sep-05 5:32
Membery0da16-Sep-05 5:32 
QuestionWhat about speed ? Pin
Smart K85-Feb-05 22:29
professionalSmart K85-Feb-05 22:29 
AnswerRe: What about speed ? Pin
y0da5-Feb-05 23:25
Membery0da5-Feb-05 23:25 
GeneralRe: What about speed ? Pin
Smart K86-Feb-05 23:18
professionalSmart K86-Feb-05 23:18 
Generalstack Memory Leak Pin
Member 39200426-Jan-05 16:43
MemberMember 39200426-Jan-05 16:43 
GeneralRe: stack Memory Leak Pin
y0da26-Jan-05 21:22
Membery0da26-Jan-05 21:22 
GeneralRe: stack Memory Leak Pin
Member 39200427-Jan-05 16:17
MemberMember 39200427-Jan-05 16:17 
GeneralRe: stack Memory Leak Pin
y0da27-Jan-05 21:19
Membery0da27-Jan-05 21:19 
Generalenetstat on winnt and Win2k and NT4 Pin
y0da27-Apr-04 21:25
Membery0da27-Apr-04 21:25 
GeneralAllocateAndGetTcpExTableFromStack for Windows 2000 Pin
blakeo2314-Apr-04 9:39
Memberblakeo2314-Apr-04 9:39 
GeneralRe: AllocateAndGetTcpExTableFromStack for Windows 2000 Pin
Anonymous14-Apr-04 21:01
MemberAnonymous14-Apr-04 21:01 
GeneralRe: AllocateAndGetTcpExTableFromStack for Windows 2000 Pin
blakeo2315-Apr-04 1:10
Memberblakeo2315-Apr-04 1:10 
QuestionHow to close UDP ports ? Pin
marcosvelasco16-Dec-03 6:21
Membermarcosvelasco16-Dec-03 6:21 
AnswerRe: How to close UDP ports ? Pin
Anonymous19-Dec-03 11:29
MemberAnonymous19-Dec-03 11:29 
GeneralA free tool called Active Ports can work under Windows 2K Pin
Member 39201419-Nov-03 20:25
MemberMember 39201419-Nov-03 20:25 
GeneralRe: A free tool called Active Ports can work under Windows 2K Pin
y0da20-Nov-03 1:30
Membery0da20-Nov-03 1:30 
GeneralWindows 2000 and XP... Pin
marcosvelasco18-Nov-03 8:00
Membermarcosvelasco18-Nov-03 8:00 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.