Finding remote PC IP Address

Question

0.00/5 (No votes)

See more:

Good Day All

I would just like to find out if it is possible to track the IP address of a remote pc accessing(coping,creating,deleting,renaming) a file on a server.

Just a quick scenario:
I have a server with files on it, limited amount of people have access to the shared files. I would like to track who is accessing(as above) the files in the shared folder.

I already got to the part of which files are being accessed and how they are being accessed using FileSystemWatcher. This works great for what I need. Now I just need to know who is accessing the files.

If anyone has a code snippet or a link to where I can figure this out It would be greatly appreciated.

Please keep in mind that this is not for a web based application. I am writing it in a console application.

Thank you in advance

Posted 16-Feb-15 18:55pm

BulletVictim

Add a Solution

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Dave Kreskowiak · Answer 1 · 2015-02-16T19:01:00

Solution 1

There really isn't any code to write for this. This is just a matter of turning on auditing on the server and everything shows up in the Security event log. Read this[^].

Posted 16-Feb-15 19:01pm

Dave Kreskowiak

Comments

BulletVictim 17-Feb-15 2:04am

Shouldn't there be some way? Doesn't windows check for those details in the packet transfers for authentication? If not for the IP Address, at the very least for windows username and access rights to the shared file?

Dave Kreskowiak 17-Feb-15 12:50pm

Sure, you just have to write a packet capture software with a packet sniffer that can decode SMB session traffic and figure out how to decrypt a kerberos session in mid-flight. No, you don't get the username of the person doing the operation in clear text. You get a security token, which does not contain anything useful for your specified requirements.

Good luck with that!

BulletVictim 23-Feb-15 2:28am

I went ahead and included a packet sniffer to extract the IP address of the remote computer in the IP header of the Packet and this does display. Now I just need to get it a bit more precise by determining what packet is being used for the file being modified, So I need to compare the packet data to the file...Since I already have the file name that is being altered, It should not be too long of a compare to run on the packets being transferred at the time of the file being edited. Any Ideas or links that could point me in the right direction?

Dave Kreskowiak 23-Feb-15 8:48am

Nope. You're in uncharted territory. Nobody does this.

Instead of a compare of the file contents against what is in the network traffic, you should just assume that what is being written to the file is a change.

Kats2512 17-Feb-15 2:13am

you could try this:
http://abundantcode.com/how-to-get-the-ip-address-in-winformsconsole-application-using-c/

BulletVictim 23-Feb-15 2:31am

Thanks for the hint but that code only helps me to get the local IP address of the machine running the code. Which would be fine if I could install the application on all the computers accessing the server, but unfortunately with it being an ever changing number of users that get and lose access to the files, this way would not really help. The intended code should only be run on the server.