As the above says, basicly after alot of research I have been doing lately, alot of trojans, mostly remote adminstraition trojans connect to your computer via an open port that the server opens when the server side is ran.

Well I am attempting to stop some of the more basic trojans that script kiddie's would use from getting into your computer, by constantly checking for new sockets being opened, and possibly prompting the user and closing them.

So my first step towards this would be how to get the current computers socket status, and going from there. Any idea?

Does this help?

http://www.vbforums.com/showthread.php?t=231159

In a way, but I am looking for more of a list, that's just a port scanner, which scans your ports and try's to connect to them and gives you the ports that it succesfully connected to.

I remember something in one of the lessons I was reading, about going to Dos and typing in something like "stats -AN" and all your open connections would come up. Mabye get something like that. Then from there I could simply just have it's own basic firewall, and list everything that it should bypass and everything else it should prompt the user that's it's happened.

Try NETSTAT /?
It depends on your OS, but with XP SP2, you can use NETSTAT -ano

Yes, that's what I ment, could not remember it. So, how would I get a list like that in Vb? Im still kind of beta on exactly how I am doing this, but basicly I am thinking of having a list of ports to bypass, and anything not on it that has an established connection will be closed and the user prompted.

You've probably solved this by now, but what you could do is shell a dos command

netstat -an >ports.txt

this would save the list created by netstat to a text file, then you would write code to interpret the data found.

Like this:

Option Explicit

Private Sub Form_Load()
Shell ("C:\Windows\System32\cmd.exe /c C:\Windows\System32\netstat -n >> C:\myfile.txt"), vbNormalFocus
End Sub


then you could read it in and display it, or use shellexecute to open the file in notepad.

there are two ways to do this :

1. make a device driver so that all conections and all data will pass thru it.
2. using :

Private Declare Function GetTcpTable Lib "IPhlpAPI" (pTcpTable As MIB_TCPTABLE, pdwSize As Long, bOrder As Long) As Long

Private Declare Function SetTcpEntry Lib "IPhlpAPI" (pTcpRow As MIB_TCPROW) As Long



some examples you could find on planet source code.

Take a look at http://www.freevbcode.com/ShowCode.ASP?SearchString=netstat&ID=3759. The listed download file is called netstat.zip.

About 4 years ago I downloaded a file from this site called netstats.zip. Not sure if they are the same. I had to tweak that code a bit to get what I wanted.