locked
How to obtain the network access destination using Windows API? RRS feed

  • Question

  • Hello,

    I want to monitor the destination of network access in my system, such as destination IP, domain and so on.
    But I can't find a Windows API to help me achieve it.

    In some other articles, I find that I can capture the network log by the third party SDK WinPcap.

    Is there a method using API without installing any other package in my system?

    Thanks.



    Monday, November 2, 2020 9:14 AM

All replies

  • Hello,

    I want to monitor the destination of network access in my system, such as destination IP, domain and so on.
    But I can't find a Windows API to help me achieve it.

    In some other articles, I find that I can capture the network log by the third party SDK WinPcap.

    Is there a method using API without installing any other package in my system?

    Thanks.



    Monday, November 2, 2020 9:18 AM
  • https://docs.microsoft.com/en-us/windows/win32/api/wininet/nf-wininet-internetgetconnectedstate

    hpe issue resolved please mark as answer if resolved and vote

    Monday, November 2, 2020 9:52 AM
  • Hi KHURRAM RAHIM,

    Thanks for your reply.

    > https://docs.microsoft.com/en-us/windows/win32/api/wininet/nf-wininet-internetgetconnectedstate

    This API only shows whether there is an available connection to the Internet, but I want to monitor the destination address of all the network accesses.

    Do you have any other suggestions?

    Tuesday, November 3, 2020 1:53 AM
    • Edited by cheong00 Tuesday, November 3, 2020 2:43 AM
    Tuesday, November 3, 2020 2:42 AM
  • Hi cheong00,

    Thanks for your reply.

    >You need IPGlobalProperties.GetIPGlobalProperties().GetActiveTcpConnections() .

    From the link, I think the API is to get current status of TCP connections, it cannot monitor the changes of connections, such as fire an event when new connections created.

    If I want to monitor all the new added connections, is there any better selection?

    Tuesday, November 3, 2020 3:31 AM
  • In this case there's three ways:

    1) Implement Windows Firewall yourself and install it on the system, this will give you the opportunity to inspect all traffics. However this is obviously an overkill.

    2) Install event hook on WinSock DLL. The usual "you shouldn't write event hook for system component in .NET because they all run in the same memory space, and you'll fry the system if more than one such program running on different version of .NET framework runtime" applies.

    3) Put your network cards in promiscuous mode (that's what wireshark do) and make it listen to everything happen on your network. Note that it returns everything happening on the same network physical segment the machine sits on (some hubs will not propagate packets to all wires, that's what I mean "physical segment") and heuristic scan of some antivirus will mark your program as suspicious.
    • Edited by cheong00 Tuesday, November 3, 2020 6:20 AM
    Tuesday, November 3, 2020 6:05 AM
  • Hi cheong00,

    Thanks for your reply.

    I see the three ways you pointed out, and it is useful to me. I think the third way is more comfortable, which is also the same way as WinPcap.

    I will hear about any other suggestion, thank you very much. 

    Tuesday, November 3, 2020 7:21 AM
  • Hi Jeremy Zhu,

    Since your question is related to Windows API, youcan consider posting your question on the following forum for more help.

    winapi-general

    Thank you for your understanding.

    Best Regards,

    Xingyu Zhao


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Tuesday, November 3, 2020 8:33 AM
  • Hi Zhao,

    Thanks for your feedback.

    I have posting my question to winapi-general.

    Expect to more suggestions.

    Tuesday, November 3, 2020 8:45 AM