解決方案

Question 1

解決方案

使用-b參數：

  -b            Displays the executable involved in creating each connection or
                listening port. In some cases well-known executables host
                multiple independent components, and in these cases the
                sequence of components involved in creating the connection
                or listening port is displayed. In this case the executable
                name is in [] at the bottom, on top is the component it called,
                and so forth until TCP/IP was reached. Note that this option
                can be time-consuming and will fail unless you have sufficient
                permissions.

筆記netstat -b除非從提升的命令提示字元執行，否則該命令將失敗。

解決方法

過濾進程列表並找到您感興趣的 PID：

tasklist | findstr /c:"PID"

替代解決方案

你可以用Tcpvcon.exe它代替。無需管理員權限。

Tcpvcon用法與內建 Windowsnetstat實用程式類似。

Usage: tcpvcon [-a] [-c] [-n] [process name or PID]

 -a Show all endpoints (default is to show established TCP connections).
 -c Print output as CSV.
 -n Don't resolve addresses.

Answer

解決方案

使用-b參數：

  -b            Displays the executable involved in creating each connection or
                listening port. In some cases well-known executables host
                multiple independent components, and in these cases the
                sequence of components involved in creating the connection
                or listening port is displayed. In this case the executable
                name is in [] at the bottom, on top is the component it called,
                and so forth until TCP/IP was reached. Note that this option
                can be time-consuming and will fail unless you have sufficient
                permissions.

筆記netstat -b除非從提升的命令提示字元執行，否則該命令將失敗。

解決方法

過濾進程列表並找到您感興趣的 PID：

tasklist | findstr /c:"PID"

替代解決方案

你可以用Tcpvcon.exe它代替。無需管理員權限。

Tcpvcon用法與內建 Windowsnetstat實用程式類似。

Usage: tcpvcon [-a] [-c] [-n] [process name or PID]

 -a Show all endpoints (default is to show established TCP connections).
 -c Print output as CSV.
 -n Don't resolve addresses.

Question 2

我想你正在尋找TCP視圖來自系統內部。

Answer

我想你正在尋找TCP視圖來自系統內部。

Question 3

下面是 Windows 的範例，用於FOR解析netstat輸出，然後DO tasklist使用/fipid 上的篩選器來顯示進程名稱。

最後的發現是刪除tasklist標頭。

FOR /F "usebackq tokens=5 delims= " %i IN (`netstat -ano ^|find "443"`) DO @tasklist /fi "pid eq %i" | find "%i"

列印記錄輸出，例如

tomcat8.exe.x64               4240 Services                   0    931,864 K

netstat可以透過新增標記來新增其他欄位。

Answer

下面是 Windows 的範例，用於FOR解析netstat輸出，然後DO tasklist使用/fipid 上的篩選器來顯示進程名稱。

最後的發現是刪除tasklist標頭。

FOR /F "usebackq tokens=5 delims= " %i IN (`netstat -ano ^|find "443"`) DO @tasklist /fi "pid eq %i" | find "%i"

列印記錄輸出，例如

tomcat8.exe.x64               4240 Services                   0    931,864 K

netstat可以透過新增標記來新增其他欄位。

Question 4

嘗試使用這個...

帶有時間戳記的進程名稱:) in oneliner...無需快速而簡單地編寫腳本...

您可以透過 ESTABLISHED 或 LISTENING 變更參數 SYN_SENT

filter timestamp {"$(Get-Date -Format G): $_"};netstat -abno 1 | Select-String -Context 0,1 -Pattern LISTENING|timestamp

filter timestamp {"$(Get-Date -Format G): $_"};netstat -abno 1 | Select-String -Context 0,1 -Pattern SYN_SENT|timestamp

Answer

嘗試使用這個...

帶有時間戳記的進程名稱:) in oneliner...無需快速而簡單地編寫腳本...

您可以透過 ESTABLISHED 或 LISTENING 變更參數 SYN_SENT

filter timestamp {"$(Get-Date -Format G): $_"};netstat -abno 1 | Select-String -Context 0,1 -Pattern LISTENING|timestamp

filter timestamp {"$(Get-Date -Format G): $_"};netstat -abno 1 | Select-String -Context 0,1 -Pattern SYN_SENT|timestamp

解決方案

答案1

解決方案

解決方法

替代解決方案

答案2

答案3

答案4

相關內容