Tutorial :Developing a tool to know who connected to remote machine?


Scenario: We are a team of 22 members who daily log on to their local machines with their unique IDs and then connect to remote machines with a set of Logins.

Here the logins used to connect to remote machines are not unique..I mean more than one machine can be connected with same user name..

In one line 22 remote machines will have only 5- 6 logins which are used by 22 members..

Problem: As the remote machines are not dedicated to each employee..Everyday we need to send a mail to all the group asking who is connected to specific remote machine..And if any one replies yes..we will ask them to disconnect..

I want to develop a small tool using java, which runs on every machine and displays which machine is used by which one..

The code which is mentioned in this site is useful but it does not specify as the who used that login? Link : http://lazynetworkadmin.com/content/view/34/6/

I hope i made my point clear :)

Please guide me as how i can proceed?..Do you think it is possible?

NOTE: Forgot about mentioning the operating system, it is: Windows XP


On the remote machine you can run the netstat program, which outputs something like this:

C:\> netstat -n | find ":80"    TCP      ESTABLISHED    TCP       ESTABLISHED    TCP      TIME_WAIT  

From this output you can see all network connections that are established. In the third column you see the IP address and port of the other host. The find only keeps the lines that contain ":80" (which in my case is all the remote HTTP hosts I'm connected to). Since you know the port that the remote hosts will connect to, you can filter by that port number. The third column will then contain the IP addresses and ports of all the computers that are connected to this host.

From the IP address it should be easy to find out whose computer it is.


As you want to use Java, it should be straight-forward what to do:

  1. Run the netstat -n command.
  2. Capture the output in a List<String>.
  3. Split each line into words.
  4. Keep only those lines whose word[0] is TCP, word[1] ends with :3389 and words[3] is ESTABLISHED.
  5. Split the word[2] of these lines at the colon. The first element is then the IP address.
  6. Report the list of these IP addresses to a central server.

On the central server, have a little program accessible via a web server:

  1. The server keeps a list of active connections. Each consists of the remote host, the client host and the timestamp it has been updated the last time.
  2. Accept incoming connections from the remote machines.
  3. Receive a list of client IP addresses from one connection.
  4. Remove from the "active list" all client IP addresses that have been reported from that IP.
  5. Display the resulting list.

For example:

  • Initially, the list of active connections is empty.
  • remote0 sends, as its active clients.
  • The list of active connections now contains remote0:, remote0:
  • Some time later, remote0 sends `` (an empty response) as its active clients.
  • Now the list of active connections is empty, too.

The web server therefore needs to process two URLs:

  • /connections/list for listing all the active connections
  • /connections/update for updating the connections for a single remote host

Sounds like a bit of work, but this is certainly doable. And when it's finished it feels quite usable to me.


Go through a local proxy. Then the proxy knows which connections are active.

Note:If u also have question or solution just comment us below or mail us on toontricks1994@gmail.com
Next Post »