{"id":18315297,"url":"https://github.com/wiresock/tcpinspector","last_synced_at":"2025-06-12T21:33:05.405Z","repository":{"id":172822388,"uuid":"649409120","full_name":"wiresock/TcpInspector","owner":"wiresock","description":"TcpInspector: TCP Connection Viewer \u0026 Dropper","archived":false,"fork":false,"pushed_at":"2024-03-17T15:15:11.000Z","size":15,"stargazers_count":9,"open_issues_count":0,"forks_count":2,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-03-21T09:35:17.586Z","etag":null,"topics":["drop","tcp","view","windows"],"latest_commit_sha":null,"homepage":"","language":"C++","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/wiresock.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-06-04T18:47:50.000Z","updated_at":"2024-07-14T14:17:59.000Z","dependencies_parsed_at":null,"dependency_job_id":"bb9ae805-ae6b-47f2-954e-9b2ce3f04546","html_url":"https://github.com/wiresock/TcpInspector","commit_stats":null,"previous_names":["wiresock/tcpinspector"],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wiresock%2FTcpInspector","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wiresock%2FTcpInspector/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wiresock%2FTcpInspector/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wiresock%2FTcpInspector/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/wiresock","download_url":"https://codeload.github.com/wiresock/TcpInspector/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247393502,"owners_count":20931807,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["drop","tcp","view","windows"],"created_at":"2024-11-05T16:39:15.747Z","updated_at":"2025-04-05T19:35:18.558Z","avatar_url":"https://github.com/wiresock.png","language":"C++","funding_links":[],"categories":[],"sub_categories":[],"readme":"# TcpInspector\n\nTcpInspector is a utility that provides functionality similar to the TCPView utility developed by Mark Russinovich. It allows you to list and drop TCP sessions for a target application based on a regular expression pattern. A notable enhancement includes its capability to manage IPv6 TCP sessions, even allowing for the termination of these sessions - an option that is not available in TCPView.\n\n## Usage\n\n```\nTcpInspector \u003ctarget_application_regex\u003e \u003clist_or_drop\u003e\n```\n\n- `target_application_regex`: A regular expression pattern to match the target application.\n- `list_or_drop`: Specifies whether to list or drop the TCP sessions. Use `list` to list the sessions and `drop` to drop the sessions.\n\n## How it works\n\n1. TcpInspector takes two command-line arguments: the target application regular expression and the command (list or drop).\n2. If the required arguments are not provided, an error message is displayed, and the program exits.\n3. The utility uses the `process_lookup` class from the `iphelper` library to retrieve information about TCP sessions for both IPv4 and IPv6 addresses.\n4. If the command is `list`, TcpInspector lists the TCP sessions for both IPv4 and IPv6 addresses that match the target application regular expression.\n5. If the command is `drop`, TcpInspector drops the TCP sessions for both IPv4 and IPv6 addresses that match the target application regular expression.\n6. For each TCP session, the utility displays the local and remote IP addresses and ports.\n7. If an error occurs during the session drop process, an error message is displayed.\n\n## Demo Run\n\nThis section provides examples of using TcpInspector to list and drop TCP sessions.\n\n### Listing TCP Sessions\n\nCommand to list TCP sessions for Firefox:\n```\nPS D:\\projects\\github.com\\TcpInspector\\x64\\Release\u003e ./tcpinspector f.* list\n```\n\nOutput:\n```\nTCP IPv4 sessions for regex pattern: f.*:\nC:\\Program Files\\Mozilla Firefox\\firefox.exe :[7900]: 10.9.0.2 : 60783 \u003c---\u003e 172.64.154.86 : 443\nC:\\Program Files\\Mozilla Firefox\\firefox.exe :[7900]: 10.9.0.2 : 60633 \u003c---\u003e 80.68.253.2 : 443\nC:\\Program Files\\Mozilla Firefox\\firefox.exe :[7900]: 127.0.0.1 : 60572 \u003c---\u003e 127.0.0.1 : 60571\nC:\\Program Files\\Mozilla Firefox\\firefox.exe :[7900]: 127.0.0.1 : 60571 \u003c---\u003e 127.0.0.1 : 60572\nC:\\Program Files\\Mozilla Firefox\\firefox.exe :[4528]: 127.0.0.1 : 60574 \u003c---\u003e 127.0.0.1 : 60573\nC:\\Program Files\\Mozilla Firefox\\firefox.exe :[4528]: 127.0.0.1 : 60573 \u003c---\u003e 127.0.0.1 : 60574\nC:\\Program Files\\Mozilla Firefox\\firefox.exe :[7900]: 10.9.0.2 : 60580 \u003c---\u003e 140.82.113.26 : 443\nC:\\Program Files\\Mozilla Firefox\\firefox.exe :[7900]: 10.9.0.2 : 60593 \u003c---\u003e 20.88.154.143 : 443\nC:\\Program Files\\Mozilla Firefox\\firefox.exe :[7900]: 10.9.0.2 : 60602 \u003c---\u003e 34.107.243.93 : 443\nC:\\Program Files\\Mozilla Firefox\\firefox.exe :[7900]: 10.9.0.2 : 60603 \u003c---\u003e 34.107.243.93 : 443\nC:\\Program Files\\Mozilla Firefox\\firefox.exe :[7900]: 10.9.0.2 : 60632 \u003c---\u003e 80.68.253.2 : 443\nC:\\Program Files\\Mozilla Firefox\\firefox.exe :[7900]: 10.9.0.2 : 60634 \u003c---\u003e 34.120.208.123 : 443\nC:\\Program Files\\Mozilla Firefox\\firefox.exe :[7900]: 10.9.0.2 : 60680 \u003c---\u003e 185.199.110.154 : 443\nC:\\Program Files\\Mozilla Firefox\\firefox.exe :[7900]: 10.9.0.2 : 60688 \u003c---\u003e 185.199.110.133 : 443\nC:\\Program Files\\Mozilla Firefox\\firefox.exe :[7900]: 10.9.0.2 : 60773 \u003c---\u003e 188.114.99.229 : 443\nC:\\Program Files\\Mozilla Firefox\\firefox.exe :[7900]: 10.9.0.2 : 60784 \u003c---\u003e 172.64.154.86 : 443\n[...other session details...]\n```\n\n### Dropping TCP Sessions\n\nCommand to drop TCP sessions for Firefox:\n```\nPS D:\\projects\\github.com\\TcpInspector\\x64\\Release\u003e ./tcpinspector f.* drop\n```\n\nOutput:\n```\nDropped TCP session: C:\\Program Files\\Mozilla Firefox\\firefox.exe :[7900]: 10.9.0.2 : 60783 \u003c---\u003e 172.64.154.86 : 443\nDropped TCP session: C:\\Program Files\\Mozilla Firefox\\firefox.exe :[7900]: 10.9.0.2 : 60633 \u003c---\u003e 80.68.253.2 : 443\nDropped TCP session: C:\\Program Files\\Mozilla Firefox\\firefox.exe :[7900]: 127.0.0.1 : 60572 \u003c---\u003e 127.0.0.1 : 60571\nFailed to drop TCP session: C:\\Program Files\\Mozilla Firefox\\firefox.exe :[7900]: 127.0.0.1 : 60571 \u003c---\u003e 127.0.0.1 : 60572 Error code: 317\nDropped TCP session: C:\\Program Files\\Mozilla Firefox\\firefox.exe :[4528]: 127.0.0.1 : 60574 \u003c---\u003e 127.0.0.1 : 60573\nFailed to drop TCP session: C:\\Program Files\\Mozilla Firefox\\firefox.exe :[4528]: 127.0.0.1 : 60573 \u003c---\u003e 127.0.0.1 : 60574 Error code: 317\nDropped TCP session: C:\\Program Files\\Mozilla Firefox\\firefox.exe :[7900]: 10.9.0.2 : 60580 \u003c---\u003e 140.82.113.26 : 443\nDropped TCP session: C:\\Program Files\\Mozilla Firefox\\firefox.exe :[7900]: 10.9.0.2 : 60593 \u003c---\u003e 20.88.154.143 : 443\nDropped TCP session: C:\\Program Files\\Mozilla Firefox\\firefox.exe :[7900]: 10.9.0.2 : 60602 \u003c---\u003e 34.107.243.93 : 443\nDropped TCP session: C:\\Program Files\\Mozilla Firefox\\firefox.exe :[7900]: 10.9.0.2 : 60603 \u003c---\u003e 34.107.243.93 : 443\nDropped TCP session: C:\\Program Files\\Mozilla Firefox\\firefox.exe :[7900]: 10.9.0.2 : 60632 \u003c---\u003e 80.68.253.2 : 443\nDropped TCP session: C:\\Program Files\\Mozilla Firefox\\firefox.exe :[7900]: 10.9.0.2 : 60634 \u003c---\u003e 34.120.208.123 : 443\nDropped TCP session: C:\\Program Files\\Mozilla Firefox\\firefox.exe :[7900]: 10.9.0.2 : 60680 \u003c---\u003e 185.199.110.154 : 443\nDropped TCP session: C:\\Program Files\\Mozilla Firefox\\firefox.exe :[7900]: 10.9.0.2 : 60688 \u003c---\u003e 185.199.110.133 : 443\nDropped TCP session: C:\\Program Files\\Mozilla Firefox\\firefox.exe :[7900]: 10.9.0.2 : 60773 \u003c---\u003e 188.114.99.229 : 443\nDropped TCP session: C:\\Program Files\\Mozilla Firefox\\firefox.exe :[7900]: 10.9.0.2 : 60784 \u003c---\u003e 172.64.154.86 : 443\n[...other session details...]\n```\n\nThis demonstration shows how TcpInspector effectively lists and drops TCP sessions based on the specified regular expression, providing clear insights into its operation.\n\n## Credits\n\nThe approach used in TcpInspector is inspired by Mark Russinovich's TCPView utility.\n\n## License\n\nTcpInspector is released under the [MIT License](LICENSE).","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwiresock%2Ftcpinspector","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fwiresock%2Ftcpinspector","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwiresock%2Ftcpinspector/lists"}