Type a page name and press Enter. You'll jump to the page if it exists, or you can create it if it doesn't.
To create a page in a module other than IphlpApi, prefix the name with the module name and a period.
GetExtendedTcpTable (IphlpApi)
.
C# Signature:
[DllImport("iphlpapi.dll", SetLastError=true)]
static extern uint GetExtendedTcpTable(IntPtr pTcpTable, ref int dwOutBufLen, bool sort, int ipVersion, TCP_TABLE_CLASS tblClass,uint reserved = 0);
VB Signature:
<DllImport("iphlpapi.dll", SetLastError:=True)> _
Public Shared Function GetExtendedTcpTable(ByVal pTcpTable As IntPtr, ByRef dwOutBufLen As Integer, ByVal sort As Boolean, ByVal ipVersion As Integer, ByVal tblClass As TCP_TABLE_CLASS, ByVal reserved As Integer) As UInteger
End Function
When you do not need the PID information look at IPGlobalProperties.GetActiveTcpListeners and IPGlobalProperties.GetActiveTcpConnections methods from the System.Net.NetworkInformation namespace
public const int AF_INET = 2; // IP_v4 = System.Net.Sockets.AddressFamily.InterNetwork
public const int AF_INET6 = 23; // IP_v6 = System.Net.Sockets.AddressFamily.InterNetworkV6
public static List<MIB_TCPROW_OWNER_PID> GetAllTCPConnections()
{
return GetTCPConnections<MIB_TCPROW_OWNER_PID, MIB_TCPTABLE_OWNER_PID>(AF_INET);
}
public static List<MIB_TCP6ROW_OWNER_PID> GetAllTCPv6Connections()
{
return GetTCPConnections<MIB_TCP6ROW_OWNER_PID, MIB_TCP6TABLE_OWNER_PID>(AF_INET6);
}
private static List<IPR> GetTCPConnections<IPR, IPT>(int ipVersion)//IPR = Row Type, IPT = Table Type
{
IPR[] tableRows;
int buffSize = 0;
var dwNumEntriesField = typeof(IPT).GetField("dwNumEntries");
// how much memory do we need?
uint ret = GetExtendedTcpTable(IntPtr.Zero, ref buffSize, true, ipVersion, TCP_TABLE_CLASS.TCP_TABLE_OWNER_PID_ALL);
IntPtr tcpTablePtr = Marshal.AllocHGlobal(buffSize);
try
{
ret = GetExtendedTcpTable(tcpTablePtr, ref buffSize, true, ipVersion, TCP_TABLE_CLASS.TCP_TABLE_OWNER_PID_ALL);
if (ret != 0)
return new List<IPR>();
// get the number of entries in the table
IPT table = (IPT)Marshal.PtrToStructure(tcpTablePtr, typeof(IPT));
int rowStructSize = Marshal.SizeOf(typeof(IPR));
uint numEntries = (uint)dwNumEntriesField.GetValue(table);
// buffer we will be returning
tableRows = new IPR[numEntries];
IntPtr rowPtr = (IntPtr)((long)tcpTablePtr + 4);
for (int i = 0; i < numEntries; i++)
{
IPR tcpRow = (IPR)Marshal.PtrToStructure(rowPtr, typeof(IPR));
tableRows[i] = tcpRow;
rowPtr = (IntPtr)((long)rowPtr + rowStructSize); // next entry
}
}
finally
{
// Free the Memory
Marshal.FreeHGlobal(tcpTablePtr);
}
return tableRows != null ? tableRows.ToList() : new List<IPR>();
}
Sample Code:
Previous sample
public MIB_TCPROW_OWNER_PID[] GetAllTcpConnections()
{
MIB_TCPROW_OWNER_PID[] tTable;
int AF_INET = 2; // IP_v4
int buffSize = 0;
// how much memory do we need?
uint ret = GetExtendedTcpTable(IntPtr.Zero, ref buffSize, true, AF_INET, TCP_TABLE_CLASS.TCP_TABLE_OWNER_PID_ALL);
IntPtr buffTable = Marshal.AllocHGlobal(buffSize);
try
{
ret = GetExtendedTcpTable(buffTable, ref buffSize, true, AF_INET, TCP_TABLE_CLASS.TCP_TABLE_OWNER_PID_ALL);
if (ret != 0)
{
return null;
}
// get the number of entries in the table
MIB_TCPTABLE_OWNER_PID tab = (MIB_TCPTABLE_OWNER_PID)Marshal.PtrToStructure(buffTable, typeof(MIB_TCPTABLE_OWNER_PID));
IntPtr rowPtr = (IntPtr)((long)buffTable + Marshal.SizeOf(tab.dwNumEntries));
tTable = new MIB_TCPROW_OWNER_PID[tab.dwNumEntries];
for (int i = 0; i < tab.dwNumEntries; i++)
{
MIB_TCPROW_OWNER_PID tcpRow = (MIB_TCPROW_OWNER_PID)Marshal.PtrToStructure(rowPtr, typeof(MIB_TCPROW_OWNER_PID));
tTable[i] = tcpRow;
rowPtr = (IntPtr)((long)rowPtr + Marshal.SizeOf(tcpRow)); // next entry
}
}
finally
{
// Free the Memory
Marshal.FreeHGlobal(buffTable);
}
return tTable;
}
// https://msdn2.microsoft.com/en-us/library/aa366913.aspx
[StructLayout(LayoutKind.Sequential)]
public struct MIB_TCPROW_OWNER_PID {
public uint state;
public uint localAddr;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 4)]
public byte[] localPort;
public uint remoteAddr;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 4)]
public byte[] remotePort;
public uint owningPid;
}
// https://msdn2.microsoft.com/en-us/library/aa366921.aspx
[StructLayout(LayoutKind.Sequential)]
public struct MIB_TCPTABLE_OWNER_PID {
public uint dwNumEntries;
[MarshalAs(UnmanagedType.ByValArray, ArraySubType = UnmanagedType.Struct, SizeConst = 1)]
public MIB_TCPROW_OWNER_PID[] table;
}
// https://msdn.microsoft.com/en-us/library/aa366896
[StructLayout(LayoutKind.Sequential)]
public struct MIB_TCP6ROW_OWNER_PID {
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 16)]
public byte[] localAddr;
public uint localScopeId;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 4)]
public byte[] localPort;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 16)]
public byte[] remoteAddr;
public uint remoteScopeId;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 4)]
public byte[] remotePort;
public uint state;
public uint owningPid;
}
// https://msdn.microsoft.com/en-us/library/windows/desktop/aa366905
[StructLayout(LayoutKind.Sequential)]
public struct MIB_TCP6TABLE_OWNER_PID {
public uint dwNumEntries;
[MarshalAs(UnmanagedType.ByValArray, ArraySubType = UnmanagedType.Struct, SizeConst = 1)]
public MIB_TCP6ROW_OWNER_PID[] table;
}
public static class IPHelperAPI {
[DllImport("iphlpapi.dll", SetLastError = true)]
internal static extern uint GetExtendedTcpTable(
IntPtr tcpTable,
ref int tcpTableLength,
bool sort,
int ipVersion,
TCP_TABLE_CLASS tcpTableType,
int reserved=0);
}
public class IPHelperWrapper : IDisposable {
public const int AF_INET = 2; // IP_v4 = System.Net.Sockets.AddressFamily.InterNetwork
public const int AF_INET6 = 23; // IP_v6 = System.Net.Sockets.AddressFamily.InterNetworkV6
// Creates a new wrapper for the local machine
public IPHelperWrapper() { }
// Disposes of this wrapper
public void Dispose() { GC.SuppressFinalize(this); }
public List<MIB_TCPROW_OWNER_PID> GetAllTCPv4Connections() {
return GetTCPConnections<MIB_TCPROW_OWNER_PID, MIB_TCPTABLE_OWNER_PID>(AF_INET);
}
public List<MIB_TCP6ROW_OWNER_PID> GetAllTCPv6Connections() {
return GetTCPConnections<MIB_TCP6ROW_OWNER_PID, MIB_TCP6TABLE_OWNER_PID>(AF_INET6);
}
public List<IPR> GetTCPConnections<IPR, IPT>(int ipVersion) { //IPR = Row Type, IPT = Table Type
IPR[] tableRows;
int buffSize = 0;
var dwNumEntriesField = typeof(IPT).GetField("dwNumEntries");
// how much memory do we need?
uint ret = IPHelperAPI.GetExtendedTcpTable(IntPtr.Zero, ref buffSize, true, ipVersion, TCP_TABLE_CLASS.TCP_TABLE_OWNER_PID_ALL);
IntPtr tcpTablePtr = Marshal.AllocHGlobal(buffSize);
try {
ret = IPHelperAPI.GetExtendedTcpTable(tcpTablePtr, ref buffSize, true, ipVersion, TCP_TABLE_CLASS.TCP_TABLE_OWNER_PID_ALL);
if (ret != 0) return new List<IPR>();
// get the number of entries in the table
IPT table = (IPT)Marshal.PtrToStructure(tcpTablePtr, typeof(IPT));
int rowStructSize = Marshal.SizeOf(typeof(IPR));
uint numEntries = (uint)dwNumEntriesField.GetValue(table);
// buffer we will be returning
tableRows = new IPR[numEntries];
IntPtr rowPtr = (IntPtr)((long)tcpTablePtr + 4);
for (int i = 0; i < numEntries; i++) {
IPR tcpRow = (IPR)Marshal.PtrToStructure(rowPtr, typeof(IPR));
tableRows[i] = tcpRow;
rowPtr = (IntPtr)((long)rowPtr + rowStructSize); // next entry
}
}
finally {
// Free the Memory
Marshal.FreeHGlobal(tcpTablePtr);
}
return tableRows != null ? tableRows.ToList() : new List<IPR>();
}
// Occurs on destruction of the Wrapper
~IPHelperWrapper() { Dispose(); }
<StructLayout(LayoutKind.Sequential)> _
Public Structure in_addr
Public s_b1 As Byte
Public s_b2 As Byte
Public s_b3 As Byte
Public s_b4 As Byte
End Structure
<StructLayout(LayoutKind.Explicit)> _
Public Structure MIB_TCPTABLE_OWNER_PID
Public dwNumEntries As UInteger
Public table() As MIB_TCPROW_OWNER_PID
End Structure
' note: functions added to this struct to demonstrate how to convert the addresses and ports into the form you would want them
<StructLayout(LayoutKind.Explicit)> _
Public Structure MIB_TCPROW_OWNER_PID
Public dwState As UInteger
Public dwLocalAddr As in_addr
Public dwLocalPort As UInteger
Public dwRemoteAddr As in_addr
Public dwRemotePort As UInteger
Public dwOwningPid As UInteger
Public Function LocalAddress() As System.Net.IPAddress
Return System.Net.IPAddress.Parse(dwLocalAddr.s_b1.ToString & "." & _
dwLocalAddr.s_b2.ToString & "." & _
dwLocalAddr.s_b3.ToString & "." & _
dwLocalAddr.s_b4.ToString)
End Function
Public Function LocalPort() As Integer
If dwLocalPort > 0 Then
Dim b() As Byte = BitConverter.GetBytes(dwLocalPort)
Array.Reverse(b, 0, 2)
Return BitConverter.ToInt32(b, 0)
Else
Return 0
End If
End Function
Public Function RemoteAddress() As System.Net.IPAddress
Return System.Net.IPAddress.Parse(dwRemoteAddr.s_b1.ToString & "." & _
dwRemoteAddr.s_b2.ToString & "." & _
dwRemoteAddr.s_b3.ToString & "." & _
dwRemoteAddr.s_b4.ToString)
End Function
Public Function RemotePort() As Integer
If dwRemotePort > 0 Then
Dim b() As Byte = BitConverter.GetBytes(dwRemotePort)
Array.Reverse(b, 0, 2)
Return BitConverter.ToInt32(b, 0)
Else
Return 0
End If
End Function
End Structure
' This example gets a list of all TCP connections and their owner PIDs
' Credit: partially based upon the C# example above
Public Sub GetExtendedTcpTableExample()
Dim dwNumEntriesField As System.Reflection.FieldInfo = GetType(MIB_TCPTABLE_OWNER_PID).GetField("dwNumEntries")
Dim BufLen As Integer = 0
' Because we have to marshal our structure pointer to a specific size, we'll have to call the function twice.
' The first time dumps the output into a null pointer, but it lets us get the buffer size we need to create the real pointer.
Dim Ret As UInteger = GetExtendedTcpTable(IntPtr.Zero, BufLen, True, AF_INET, TCP_TABLE_CLASS.TCP_TABLE_OWNER_PID_ALL, 0)
Dim TblPtr As IntPtr = Marshal.AllocHGlobal(BufLen)
' Call it again with our structure pointer and known buffer size in place
Ret = GetExtendedTcpTable(TblPtr, BufLen, True, AF_INET, TCP_TABLE_CLASS.TCP_TABLE_OWNER_PID_ALL, 0)
' convert the pointer into a table structure
Dim TblStruct As MIB_TCPTABLE_OWNER_PID = Marshal.PtrToStructure(TblPtr, GetType(MIB_TCPTABLE_OWNER_PID))
Dim RowStructSize As Integer = Marshal.SizeOf(GetType(MIB_TCPROW_OWNER_PID))
Dim TcpTableRows As New List(Of MIB_TCPROW_OWNER_PID)
' the pointer for the array holding the table rows is set to the end of the table pointer + the memory alignment offset of the row struct (if any)
Dim RowArrayPtr As IntPtr = CType((CLng(TblPtr) + CLng(Marshal.OffsetOf(GetType(MIB_TCPTABLE_OWNER_PID), "table"))), IntPtr)
For i As Integer = 0 To TblStruct.dwNumEntries
Dim TableRow As MIB_TCPROW_OWNER_PID = Marshal.PtrToStructure(RowArrayPtr, GetType(MIB_TCPROW_OWNER_PID))
TcpTableRows.Add(TableRow)
RowArrayPtr = CType((CLng(RowArrayPtr) + RowStructSize), IntPtr)
Next
End Sub
The MIB_TCPROW_OWNER_PID structure contains information that describes an ""IPv4"" TCP connection with ""IPv4"" addresses, ports used by the TCP connection, and the specific process ID (PID) associated with connection.
11/12/2015 8:48:58 AM - Polymaker-24.226.223.60
The MIB_TCPTABLE_OWNER_PID structure contains a table of process ""IDs"" (""PIDs"") and the ""IPv4"" TCP links that are context bound to these ""PIDs"".
11/12/2015 8:48:41 AM - Polymaker-24.226.223.60
The MIB_TCP6ROW_OWNER_PID structure contains information that describes an ""IPv6"" TCP connection associated with a specific process ID (PID).
11/12/2015 8:48:01 AM - Polymaker-24.226.223.60
The MIB_TCP6TABLE_OWNER_PID structure contains a table of process ""IDs"" (""PIDs"") and the ""IPv6"" TCP links that are context bound to these ""PIDs"".
11/12/2015 9:26:13 AM - anonymous
Please edit this page!
Do you have...
helpful tips or sample code to share for using this API in managed code?
corrections to the existing content?
variations of the signature you want to share?
additional languages you want to include?
Select "Edit This Page" on the right hand toolbar and edit it! Or add new pages containing supporting types needed for this API (structures, delegates, and more).
Revisions