November 5, 2003
By Karen Kenworthy
IN THIS ISSUE
What's up with the sun? You wouldn't know it by looking out the windows at the secluded Power Tools workshop. But somewhere, high above the rain clouds, our normally well-mannered old sun is behaving badly.
For the tenth time in recent days, Sol sent an enormous shower of x-rays and charged particles hurtling through space. The x-rays saturated one orbiting detector. Other cosmic rays are at record levels.
No one can say what the effects of this outburst will be. But one thing's for sure -- it's time to replace the protective, aluminum foil lining of my programmer's beanie. :)
Look Who's Talking
Hope you don't mind if we talk while I'm looking for that new roll of foil. It's been a long time since we've gotten together, and there's a lot we need to talk about.
Do you remember the LAN Monitor? That's right. It's the program I released last month. It detects a computer's "network adapters" -- those hardware gizmos that let computers talk to one another.
When it finds an adapter, the LAN Monitor displays all sorts of interesting information. You'll see the adapter's make and model, the IP (Internet Protocol) addresses it uses when sending data across the 'net, and a whole lot more.
The LAN Monitor also shows all active network connections between your computer and others. You'll see the IP address and name of each remote correspondent. And you'll discover the "port" used for each connection, revealing what our digital buddies are talking about.
The LAN Monitor also displays traffic statistics for each network adapter. You'll see the amount of data sent, and received, through each. Details include the number of transmission errors, alerting you if a particular network connection has become erratic. Other data displayed by the program reveals each adapter's "load" -- the percent of its data capacity it's recently sent or received.
That's a lot of information. But the original LAN Monitor omitted one important connection detail. When a connection was detected, the program didn't disclose which of our programs was chatting. Was the talker just our web browser, retrieving web pages at our behest? Or was it something more ominous, perhaps a spy program revealing our keystrokes to some malevolent dweeb?
There it is! This will only take a minute. I need a couple of feet off the roll. A few quick folds later, and my new foil hat will be ready.
Now where were we? Oh, I remember!
Certainly, Windows itself knows which programs are using its network services. How else could it route incoming data to the correct bit of software?
But getting Windows to spill the beans can be tricky. You see, none of the official, documented Windows functions names the programs making network connections. Microsoft wants programmers, and the programs they write, to believe this information is simply unavailable.
Fortunately, that's not the end of the story. You see, hundreds of functions don't appear in the Windows' official documentation. For example, Windows provides dozens of well-documented ways for programs to access the Registry. A quick search of Microsoft's online documentation at http://msdn.microsoft.com, for names such as "RegQueryValue" or "RegQueryInfoKey", will tell you all about them.
But don't bother looking for a function named "SynchronizeWindows31FilesAndWindowsNTRegistry". Even though it's been a part of Windows for years, Microsoft has never publicly revealed its purpose. Let alone, told programmers how to use it.
What does this have to do with LAN Monitor, and its need to display the names of programs making network connections? It turns out this information is sometimes available, via an undocumented Windows function!
I say "sometimes available" because the function, affectionately known as "AllocateAndGetTcpExTableFromStack", only appears in recent versions of Windows. As its name implies, this quirky function retrieves information about TCP (Transmission Control Protocol -- the most common Internet communication standard) connections, and stores its findings in the "stack". The stack, of course, is a region of memory programs often use to temporarily store small amounts of data.
I'm sure you've guessed the rest of the story. The newest version of the LAN Monitor checks, to see if it's running on a version of Windows that supports this secret function. If so, a new column appears in the program's table of network connections. The new column contains the name of the program that created, and is using, each connection!
Your Computer's Calling
Perfect! How does it look? The new lining feels great. And I like the way a little bit of foil shows below the border of my beanie. Effective and fashionable! Just the way I like it. :)
That reminds me of the new LAN Monitor. Did I mention it can now display information about your computer's dial-up network connections?
As I'm sure you know, dial-up connections are usually made over ordinary telephone lines. Using a device called a modem, one computer dials the telephone number of another. When the other computer answers the call, the two binary beasties exchange a small amount of information, verifying each other's identity and negotiating how they'll communicate during the rest of the call.
Windows stores information about your dial-up connections in special files called "phonebooks". Like the phonebook on your desk, Windows' phonebooks can contain several entries. Each entry describes a particular dial-up connection.
Believe it or not, a Windows phonebook entry can contain as many as 85 different settings! Click the "Phonebooks Entries" tab on the new LAN Monitor's main window, and you'll see all of them. They include the make and model of the modem used when making each connection. You'll see the phone number your computer dials, too.
Depending on the version of Windows you're running, you might see alternate phone numbers, dialed when the primary number is busy. Some entries contain encryption and compression options, used by Windows when sending data across this link. Other information often found in phonebook entries tells Windows how to log onto the remote computer.
If it's all too much to remember, don't despair. The new LAN Monitor can copy the information it displays to the Windows clipboard. Another new feature lets you save the LAN Monitor's information to a disk file.
Now you can preserve your network adapter details, active connections, phonebook entries, and network traffic statistics. Use them to document problems, amuse yourself, confound your boss, or entertain your friends. :)
If you'd like to put give the new LAN Monitor a try, visit its home page at:
As always, the program is free for home use. If you're a programmer, check out the program's free Visual Basic source code too. You'll enjoy some of the tricks it uses to sweat information from Windows.
Better yet, get the latest version of every Power Tool -- including the new LAN Monitor -- on a brand new CD. The disc also contains three bonus Power Tools, not available anywhere else. The source code of every Power Tool, the text of every back issue of my newsletter, and even some of my original Windows Magazine articles are included too! Owning the CD also grants you a special license that lets you use your Power Tools at work.
Best of all, buying a CD is the easiest way to support the KarenWare.com web site and this newsletter. To find out more, visit:
Until we meet again, don't get too close to the sun. Remember to wear your foil hat. And, if you see me on the 'net or in my fallout shelter, be sure to wave and say "Hi!"