I discovered almost accidentally that my machine was sending and receiving UDP packets to a machine in Poland. Not that I have any problem with Poland, I just don't know why my laptop has the need to communicate with a server there. Reverse DNS shows just the ISP providing the address to some end user. Using Wireshark, I can monitor the messages, which were indecipherable as they were probably encrypted. All packets sent from my machine had the same source port, so clearly the application that sent them opened this UDP socket to use it. I am searching for ways to:

我几乎是偶然发现我的机器正在向波兰的一台机器发送和接收 UDP 数据包。并不是说我对波兰有任何问题，我只是不知道为什么我的笔记本电脑需要与那里的服务器进行通信。反向 DNS 仅显示 ISP 向某些最终用户提供地址。使用 Wireshark，我可以监控无法破译的消息，因为它们可能是加密的。从我的机器发送的所有数据包都有相同的源端口，所以很明显，发送它们的应用程序打开了这个 UDP 套接字来使用它。我正在寻找以下方法：

1) enumerate all current sockets open in the system, including the process that created it and, for both TCP and UDP, what ports and addresses they are current bound to.

1) 枚举系统中所有当前打开的套接字，包括创建它的进程，以及对于 TCP 和 UDP，它们当前绑定到的端口和地址。

2) because applications can open these sockets, use them, and close them right away, I would love to find (or perhaps even write) a program that once started would somehow get notification each time a socket gets created, or really more importantly when bound to a source and/or destination address and port. For UDP, I would love to also be able to monitor/keep track of the destination IP addresses and ports that socket has sent messages to.

2）因为应用程序可以打开这些套接字，使用它们，然后立即关闭它们，我很想找到（或者甚至编写）一个程序，一旦启动就会在每次创建套接字时以某种方式收到通知，或者更重要的是绑定到源和/或目标地址和端口。对于 UDP，我还希望能够监视/跟踪套接字已将消息发送到的目标 IP 地址和端口。

I don't want to monitor the traffic itself, I have Wireshark if I want to view the traffic. I want to be able to then cross reference to discover what application is generating the packets. I want to know if it is from a process I trust, or if it is something I need to investigate further.

我不想监控流量本身，如果我想查看流量，我有 Wireshark。我希望能够然后交叉引用以发现哪个应用程序正在生成数据包。我想知道它是否来自我信任的过程，或者是否需要进一步调查。

Does anybody know of any applications (for the Windows platform) that can do this? If not, any ideas about a .NET or Windows API that provides this capability, should I want to write it myself?

有人知道可以执行此操作的任何应用程序（适用于 Windows 平台）吗？如果没有，关于提供此功能的 .NET 或 Windows API 的任何想法，我应该自己编写吗？

Edit: After further research - looks like the APIs to use are GetExtendedUdpTable and GetExtendedTcpTable, CodeProject.com has some samples wrapping these in .NET (see http://www.codeproject.com/Articles/14423/Getting-the-active-TCP-UDP-connections-using-the-G). So a combination of this API and some sniffer code would be needed to monitor and keep track of what hosts at what ports using what protocol any particular application on your machine is talking to. If I ever get some free time, I'll consider creating this, if you know of an app that does all this, please let me know.

编辑： 经过进一步研究 - 看起来要使用的 API 是 GetExtendedUdpTable 和 GetExtendedTcpTable，CodeProject.com 有一些示例将它们包装在 .NET 中（请参阅http://www.codeproject.com/Articles/14423/Getting-the-active- TCP-UDP-connections-using-the-G）。因此，需要结合使用此 API 和一些嗅探器代码来监视和跟踪哪些主机在哪些端口上使用什么协议，您的机器上的任何特定应用程序正在与之通信。如果我有空闲时间，我会考虑创建这个，如果你知道一个应用程序可以完成所有这些，请告诉我。