1

I'm working on a graphical windows application. So solutions on c++ and c# are prefered.

For my application, I need to get the remote address and port from active udp connection from a specific process.

I tried IP Helper API but the methods for UDP don't give remote address and port.

I've already see these posts Get Destination Ip/Port of active udp Connection? and Remote address of active UDP connections in Windows using IP Helper.

I understand why IP Helper can't do the job (udp is connectionless and need to capture packet) but I found nothing concrete how to accomplish that.

Have you a solution ready to use or something close to it?

Jonathan
  • 61
  • 6
  • Are you using Broadcast? Broadcast does not have a remote IP address? There are two types of UDP. Broadcast which is connectionless and non broadcast which has a connecton. – jdweng Apr 09 '19 at 14:45
  • Normally with UDP, you get the remote address and port together with each packet you receive. – super Apr 09 '19 at 14:50
  • 2
    There is no such thing as a UDP connection. Rethink your design. – SergeyA Apr 09 '19 at 14:52
  • As you say yourself, UDP is a connectionless protocol. That means that there is no "active connection". – molbdnilo Apr 09 '19 at 14:55
  • 1
    @jdweng "*There are two types of UDP. Broadcast which is connectionless and non broadcast which has a connecton*" - not true. All UDP traffic is connectionless, whether it is broadcast or not. – Remy Lebeau Apr 10 '19 at 02:20

1 Answers1

1

As you have already discovered, UDP is connectionless, so the OS doesn't track remote party info, like it does for TCP. Unlike a TCP socket, a UDP socket can communicate with multiple remote parties at a time, where sendto() specifies a destination ip/port, and recvfrom() reports a sender's ip/port.

I understand why IP Helper can't do the job (udp is connectionless and need to capture packet) but I found nothing concrete how to accomplish that.

You need to use a packet capture library, such as libpcap, and manually keep track of the ips/ports of outgoing packets you see.

Remy Lebeau
  • 555,201
  • 31
  • 458
  • 770
  • This reply is not entirely correct. The OS _does_ track the connection if the application calls connect() for the UDP socket. This happens in practice: ``` netstat -ap udp | grep -v '\*:\*' Active Connections Proto Local Address Foreign Address State UDP 0.0.0.0:49775 0.0.0.95:443 UDP 0.0.0.0:50146 0.0.32.3:443 UDP 0.0.0.0:56207 0.0.0.101:443 UDP 0.0.0.0:58457 0.0.0.95:443 UDP 0.0.0.0:59344 0.0.0.95:443 UDP 0.0.0.0:61905 0.0.0.2:443 ``` How do we get this info? – capveg Aug 31 '23 at 18:42
  • @capveg yes, you can statically assign a peer IP/Port to a UDP socket using `connect()` (ie to enable use of `send()` and `recv()` on that socket), and you can use `getpeername()` to retrieve the peer IP/Port from a `connect`'ed UDP socket, but AFAIK there is no API that allows you to get that same peer info externally from the OS's routing tables, because for UDP they only report the locally bound IP/Port, not the peer IP/Port. – Remy Lebeau Aug 31 '23 at 19:41
  • See https://stackoverflow.com/questions/77029015/remote-ips-in-netstat-for-udp-in-windows-where-to-get-them-and-why-are-they-w for more details, but 'netstat -a p udp' outputs values for the remote IP + port for UDP... I'm just trying to understand where they come from (and why they're buggy). – capveg Sep 02 '23 at 16:12