解决方案

Question 1

解决方案

使用-b参数：

  -b            Displays the executable involved in creating each connection or
                listening port. In some cases well-known executables host
                multiple independent components, and in these cases the
                sequence of components involved in creating the connection
                or listening port is displayed. In this case the executable
                name is in [] at the bottom, on top is the component it called,
                and so forth until TCP/IP was reached. Note that this option
                can be time-consuming and will fail unless you have sufficient
                permissions.

笔记netstat -b除非从提升的命令提示符运行，否则该命令将失败。

解决方法

过滤进程列表并找到您感兴趣的 PID：

tasklist | findstr /c:"PID"

替代解决方案

您可以改用Tcpvcon.exe。无需管理员权限。

控制协议使用方式与内置 Windowsnetstat实用程序类似。

Usage: tcpvcon [-a] [-c] [-n] [process name or PID]

 -a Show all endpoints (default is to show established TCP connections).
 -c Print output as CSV.
 -n Don't resolve addresses.

Answer

解决方案

使用-b参数：

  -b            Displays the executable involved in creating each connection or
                listening port. In some cases well-known executables host
                multiple independent components, and in these cases the
                sequence of components involved in creating the connection
                or listening port is displayed. In this case the executable
                name is in [] at the bottom, on top is the component it called,
                and so forth until TCP/IP was reached. Note that this option
                can be time-consuming and will fail unless you have sufficient
                permissions.

笔记netstat -b除非从提升的命令提示符运行，否则该命令将失败。

解决方法

过滤进程列表并找到您感兴趣的 PID：

tasklist | findstr /c:"PID"

替代解决方案

您可以改用Tcpvcon.exe。无需管理员权限。

控制协议使用方式与内置 Windowsnetstat实用程序类似。

Usage: tcpvcon [-a] [-c] [-n] [process name or PID]

 -a Show all endpoints (default is to show established TCP connections).
 -c Print output as CSV.
 -n Don't resolve addresses.

Question 2

我认为你正在寻找TCP查看器来自 SysInternals。

Answer

我认为你正在寻找TCP查看器来自 SysInternals。

Question 3

下面是一个 Windows 示例，用于FOR解析netstat输出，然后DO tasklist使用/fipid 进行过滤以显示进程名称。

最后的发现是删除tasklist标题。

FOR /F "usebackq tokens=5 delims= " %i IN (`netstat -ano ^|find "443"`) DO @tasklist /fi "pid eq %i" | find "%i"

打印记录输出如下

tomcat8.exe.x64               4240 Services                   0    931,864 K

netstat可以通过添加令牌来添加附加字段。

Answer

下面是一个 Windows 示例，用于FOR解析netstat输出，然后DO tasklist使用/fipid 进行过滤以显示进程名称。

最后的发现是删除tasklist标题。

FOR /F "usebackq tokens=5 delims= " %i IN (`netstat -ano ^|find "443"`) DO @tasklist /fi "pid eq %i" | find "%i"

打印记录输出如下

tomcat8.exe.x64               4240 Services                   0    931,864 K

netstat可以通过添加令牌来添加附加字段。

Question 4

尝试使用这个...

带有时间戳的进程名称：）在一行中...无需快速轻松地编写脚本...

您可以通过 ESTABLISHED 或 LISTENING 更改参数 SYN_SENT

filter timestamp {"$(Get-Date -Format G): $_"};netstat -abno 1 | Select-String -Context 0,1 -Pattern LISTENING|timestamp

filter timestamp {"$(Get-Date -Format G): $_"};netstat -abno 1 | Select-String -Context 0,1 -Pattern SYN_SENT|timestamp

Answer

尝试使用这个...

带有时间戳的进程名称：）在一行中...无需快速轻松地编写脚本...

您可以通过 ESTABLISHED 或 LISTENING 更改参数 SYN_SENT

filter timestamp {"$(Get-Date -Format G): $_"};netstat -abno 1 | Select-String -Context 0,1 -Pattern LISTENING|timestamp

filter timestamp {"$(Get-Date -Format G): $_"};netstat -abno 1 | Select-String -Context 0,1 -Pattern SYN_SENT|timestamp

解决方案

答案1

解决方案

解决方法

替代解决方案

答案2

答案3

答案4

相关内容