How to monitor TCP connections over time

I have an application which is a windows service. It accesses a number of other services using TCP/IP. E.g. sql server databases, informix databases, mail servers, etc.

For instance it will also access multiple SQL server instances on different servers.

In the course of a day if I want to log all of the different services it has connected to how would I do that?

If I use TCPView I can see all the information I want, e.g. remote address, port, but it is a real time view, so the data is not saved.


Solution 1:

Process Monitor will do exactly what you are looking for

enter image description here

Once you have your filters set up be sure you to go to File->Backing Files... and choose a file to save the logs to, otherwise it will start deleting old logs once it runs out of virtual memory or close the program.

Be sure to restart the program once you set a new backing source, the change does not take affect till you close and reopen the program!

Solution 2:

I think Wireshark would do exactly what you want.

You can use its powerful filters to choose only tcp traffic from certain ports or ip. In short you can let it run and collect only the data that is important to you. You can see packet-level communication for everything that goes through your network adapter.

Solution 3:

If you are running Windows, you can setup scheduled job which runs script:

netstat -t > C:\your_output_path

your_output_path file can contain variable %time% and %date% so that every time script runs it outputs data to a file with time and date in its name.

If you install tool like UnixUtils you will be able to use grep and gawk command to filter out records which you do not need and leave only desirable once. For example, to get PostgreSQL connection you would do

netstat -t | grep 5432

Run this script as frequent as you want and you will have bunch of files with running record of your connection during the time.