Can't find the information you are looking for here? Then leave a message over on our WinBatch Tech Support Forum.
Keywords: tcp port status tcpstat netstat
; tcpstat.wbt Return information similar to 'netstat -anp tcp' ; ; The purpose of referencing the DLL was to avoid the need for relying on ; external commands (other than the DLL) to get netstat results and two ; commands which run in the POSIX subsystem to parse the data (grep and wc). ; ; ;The GetTcpTable function retrieves the TCP connection table. ; ;DWORD GetTcpTable( ; PMIB_TCPTABLE pTcpTable, // buffer for the connection table ; PDWORD pdwSize, // size of the buffer ; BOOL bOrder // sort the table? ;); ; ;Parameters ;pTcpTable ; [out] Pointer to a buffer that receives the TCP connection table as a MIB_TCPTABLE structure. ;pdwSize ; [in, out] On input, specifies the size of the buffer pointed to by the pTcpTable parameter. ; On output, if the buffer is not large enough to hold the returned connection table, ; the function sets this parameter equal to the required buffer size. ; ;bOrder ; [in] Specifies whether the connection table should be sorted. If this parameter is TRUE, ; the table is sorted in the order of: ; Local IP address ; Local port ; Remote IP address ; Remote port ; ;Return Values ; If the function succeeds, the return value is NO_ERROR. ; If the function fails, use FormatMessage to obtain the message string for the returned error. system32dir=DirWindows(1) dllname=StrCat(system32dir,"iphlpapi.dll") entrypoint="GetTcpTable" Run("f:\tcpstat\tcpstat.cmd","") ; pipe 'netstat -anp tcp' into a file for comparison ; The GetTcpTable states that if the buffer to hold the data is too small, the function returns ; the necessary buffer size which is why the function is first called with lpnull and a pointer ; to a binary buffer to receive the required buffer size. bbdwSize=BinaryAlloc(4) ; create 4 byte buffer BinaryPoke4(bbdwSize,0,0) ; set first byte in buffer to zero DLLCall(dllname,long:entrypoint,lpnull,lpbinary:bbdwsize,long:0) ; call function size=BinaryPeek4(bbdwsize,0) ; read buffer size populated by the DLL function binbuf=BinaryAlloc(size) ; create a binary buffer with the required size BinaryEodSet(binbuf,size) ; set end of buffer to match its size outputbuf=BinaryAlloc(size+300) ; create a binary buffer to use for output outputheader=StrCat("Port State,Local IP,Local Port,Remote IP,Remote Port",@CRLF) BinaryPokeStr(outputbuf,0,outputheader) result=DLLCall(dllname,long:entrypoint,lpbinary:binbuf,lpbinary:bbdwsize,long:1) ; call function ;result=DLLCall(dllhnd,long:"GetTcpStatistics",lpbinary:binbuf) ; Function filled the binary buffer with the number of entries and a table with their values ; as specified by PMIB_TCPTABLE above. ; ;The MIB_TCPTABLE structure contains a table of TCP connections. ; ;typedef struct _MIB_TCPTABLE { ; DWORD dwNumEntries; // number of entries in the table ; MIB_TCPROW table[ANY_SIZE]; // array of TCP connections ;} MIB_TCPTABLE, *PMIB_TCPTABLE; ;Members ; dwNumEntries ; Specifies the number of entries in the table. ; table[ANY_SIZE] ; Pointer to a table of TCP connections implemented as an array of MIB_TCPROW structures. ; numberofentries=BinaryPeek4(binbuf,0) ; Get number of entries ; ; ;The MIB_TCPROW structure contains information for a TCP connection. ; ;typedef struct _MIB_TCPROW { ; DWORD dwState; // state of the connection ; DWORD dwLocalAddr; // address on local computer ; DWORD dwLocalPort; // port number on local computer ; DWORD dwRemoteAddr; // address on remote computer ; DWORD dwRemotePort; // port number on remote computer ;} MIB_TCPROW, *PMIB_TCPROW; ; ;dwstate -- Specifies the state of the TCP connection. This member can have one of the following values. ; as defined in the header file iprtrmib.h. ; ; #define MIB_TCP_STATE_CLOSED 1 ; #define MIB_TCP_STATE_LISTEN 2 ; #define MIB_TCP_STATE_SYN_SENT 3 ; #define MIB_TCP_STATE_SYN_RCVD 4 ; #define MIB_TCP_STATE_ESTAB 5 ; #define MIB_TCP_STATE_FIN_WAIT1 6 ; #define MIB_TCP_STATE_FIN_WAIT2 7 ; #define MIB_TCP_STATE_CLOSE_WAIT 8 ; #define MIB_TCP_STATE_CLOSING 9 ; #define MIB_TCP_STATE_LAST_ACK 10 ; #define MIB_TCP_STATE_TIME_WAIT 11 ; #define MIB_TCP_STATE_DELETE_TCB 12 ; ;dwLocalAddr -- Specifies the address for the connection on the local computer. ;dwLocalPort -- Specifies the port number for the connection on the local computer. ;dwRemoteAddr -- Specifies the address for the connection on the remote computer. ;dwRemotePort -- Specifies the port number the connection on the remote computer. ; x=4 ; buffer start location for connection table information for y = 1 to numberofentries ; loop through binary structure for entry info (20 byte increments [5 entries of 4 byte values]) portstate=BinaryPeek(binbuf,x) ; first byte of first 32bit entry (port status) localaddr1=BinaryPeek(binbuf,x + 4) ; first byte of second 32bit entry (first IP octet) localaddr2=BinaryPeek(binbuf,x + 5) ; second byte of second 32bit entry (second IP octet) localaddr3=BinaryPeek(binbuf,x + 6) ; third byte of second 32bit entry (third IP octet) localaddr4=BinaryPeek(binbuf,x + 7) ; fourth byte of second 32bit entry (fourth IP octet) localaddr=StrCat(localaddr1,".",localaddr2,".",localaddr3,".",localaddr4) ; append octets to form local IP address portv1=BinaryPeek(binbuf,x + 8) ; first byte of third 32bit entry (first port value) portv2=BinaryPeek(binbuf,x + 9) ; second byte of third 32bit entry (second port value) localport=(portv1 << 8) + portv2 ; shift first byte over 8 plus second byte to get local port If portstate == 2 ;Listening port doesn't have remote connection remoteaddr="0.0.0.0" remoteport="0" Else remoteaddr1=BinaryPeek(binbuf,x + 12) ; first byte of fourth 32bit entry (first IP octet) remoteaddr2=BinaryPeek(binbuf,x + 13) ; second byte of fourth 32bit entry (second IP octet) remoteaddr3=BinaryPeek(binbuf,x + 14) ; third byte of fourth 32bit entry (third IP octet) remoteaddr4=BinaryPeek(binbuf,x + 15) ; fourth byte of fourth 32bit entry (fourth IP octet) remoteaddr=StrCat(remoteaddr1,".",remoteaddr2,".",remoteaddr3,".",remoteaddr4) ; append octets to form remote IP address portv1=BinaryPeek(binbuf,x + 16) ; first byte of fifth 32bit entry (first port value) portv2=BinaryPeek(binbuf,x + 17) ; second byte of fifth 32bit entry (second port value) remoteport= (portv1 << 8 ) + portv2 ; shift first byte over 8 plus second byte to get remote port Endif values=StrCat(portstate,",",localaddr,",",localport,",",remoteaddr,",",remoteport,@CRLF); append table row entries together outputbufend=BinaryEODGet(outputbuf) ; get end of output buffer information BinaryPokeStr(outputbuf,outputbufend,values) ; insert row entry information into output buffer x=x+20 ; increment row entry start position by offset of 20 next BinaryWrite(binbuf,"f:\tcpstat\debug.bin") ; write buffer information from 'GetTcpTable' as a hex file to debug BinaryWrite(outputbuf,"f:\tcpstat\tcpstat.txt") ; write processed buffer info into a results file BinaryFree(binbuf) BinaryFree(bbdwsize) ; parse output buffer for statistics here and send results to SQL database BinaryFree(outputbuf) exit
Article ID: W14976
File Created: 2001:11:08:12:41:16
Last Updated: 2001:11:08:12:41:16