数据结构
网络
关系数据库管理系统 (RDBMS)
操作系统
Java
MS Excel
iOS
HTML
CSS
Android
Python
C语言编程
C++
C#
MongoDB
MySQL
Javascript
PHP
物理学
化学
生物学
数学
英语
经济学
心理学
社会学
服装学
法学如何使用PowerShell获取进程的端口号?
当我们在PowerShell中使用Get-Process cmdlet时,它没有属性来获取进程使用的端口号。因此,我们将编写一个函数来提供与进程关联的端口号。
有一个Windows命令**NETSTAT**可以提供端口号和关联的进程ID,但它不提供进程名称。我们有Get-Process命令,它提供进程名称和PID(进程ID),因此我们可以编写一个程序来关联这两个命令,我们可以检索进程ID、本地地址、远程地址以及端口的状态(例如LISTENING、ESTABLISHED等)。
让我们看看**NETSTAT**命令是什么样的。
PS C:\WINDOWS\system32> netstat Active Connections Proto Local Address Foreign Address State TCP 127.0.0.1:9012 DESKTOP-9435KM9:56668 ESTABLISHED TCP 127.0.0.1:29885 DESKTOP-9435KM9:56733 ESTABLISHED TCP 127.0.0.1:49676 DESKTOP-9435KM9:58748 ESTABLISHED TCP 127.0.0.1:49676 DESKTOP-9435KM9:58755 ESTABLISHED TCP 127.0.0.1:49676 DESKTOP-9435KM9:58766 ESTABLISHED TCP 127.0.0.1:49676 DESKTOP-9435KM9:58772 ESTABLISHED TCP 127.0.0.1:49676 DESKTOP-9435KM9:58780 ESTABLISHED TCP 127.0.0.1:49676 DESKTOP-9435KM9:58782 ESTABLISHED TCP 127.0.0.1:49676 DESKTOP-9435KM9:58788 ESTABLISHED TCP 127.0.0.1:49676 DESKTOP-9435KM9:58797 ESTABLISHED TCP 127.0.0.1:49676 DESKTOP-9435KM9:58799 ESTABLISHED TCP 127.0.0.1:49676 DESKTOP-9435KM9:58801 ESTABLISHED TCP 127.0.0.1:49676 DESKTOP-9435KM9:58810 ESTABLISHED TCP 127.0.0.1:49676 DESKTOP-9435KM9:58815 ESTABLISHED TCP 127.0.0.1:49676 DESKTOP-9435KM9:58833 ESTABLISHED TCP 127.0.0.1:49676 DESKTOP-9435KM9:58835 ESTABLISHED TCP 127.0.0.1:49676 DESKTOP-9435KM9:58836 ESTABLISHED TCP 127.0.0.1:49676 DESKTOP-9435KM9:58837 ESTABLISHED TCP 127.0.0.1:49676 DESKTOP-9435KM9:58838 ESTABLISHED TCP 127.0.0.1:49676 DESKTOP-9435KM9:58843 ESTABLISHED TCP 127.0.0.1:49676 DESKTOP-9435KM9:58845 ESTABLISHED
在上述命令中,我们需要获取端口号、本地地址和远程地址,因此我们将使用**NETSTAT –ano**命令。要了解更多关于此命令的信息,请查看下面的链接。
https://www.ionos.com/digitalguide/server/tools/introduction-to-netstat/
此命令的输出将是:
PS C:\WINDOWS\system32> netstat -ano Active Connections Proto Local Address Foreign Address State PID TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 1208 TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4 TCP 0.0.0.0:2869 0.0.0.0:0 LISTENING 4 TCP 0.0.0.0:5040 0.0.0.0:0 LISTENING 7864 TCP 0.0.0.0:5700 0.0.0.0:0 LISTENING 4 TCP 0.0.0.0:16861 0.0.0.0:0 LISTENING 26860 TCP 0.0.0.0:49664 0.0.0.0:0 LISTENING 760 TCP 0.0.0.0:49665 0.0.0.0:0 LISTENING 912 TCP 0.0.0.0:49666 0.0.0.0:0 LISTENING 1704 TCP 0.0.0.0:49667 0.0.0.0:0 LISTENING 2976 TCP 0.0.0.0:49668 0.0.0.0:0 LISTENING 3868 TCP 0.0.0.0:49669 0.0.0.0:0 LISTENING 3996 TCP 0.0.0.0:49670 0.0.0.0:0 LISTENING 720 TCP 127.0.0.1:515 0.0.0.0:0 LISTENING 9276 TCP 127.0.0.1:1001 0.0.0.0:0 LISTENING 4 TCP 127.0.0.1:8884 0.0.0.0:0 LISTENING 4 TCP 127.0.0.1:9012 0.0.0.0:0 LISTENING 15532 TCP 127.0.0.1:9012 127.0.0.1:56668 ESTABLISHED 15532 TCP 127.0.0.1:29885 0.0.0.0:0 LISTENING 26860
我们在这个表中得到了进程ID (PID),我们可以用Get-Process命令检索具有PID的进程,并为此编写一个可以关联两者的程序。
function Get-ProcessPorts{
[cmdletbinding()]
Param(
[parameter(Mandatory=$True, ValueFromPipeLine=$True)]
[AllowEmptyCollection()]
[string[]]$ProcessName
)
Begin{
Write-Verbose "Declaring empty array to store the output"
$portout = @()
}
Process{
Write-Verbose "Processes to get the port information"
$processes = Get-Process $ProcessName
foreach($proc in $processes){
# Get the port for the process.
$mports = Netstat -ano | findstr $proc.ID
# Separate each instance
foreach($sport in $mports)
# Split the netstat output and remove empty lines from the output.
$out = $sport.Split('') | where{$_ -ne ""}
$LCount = $out[1].LastIndexOf(':')
$RCount = $out[2].LastIndexOf(':')
$portout += [PSCustomObject]@{
'Process' = $proc.Name
'PID' = $proc.ID
'Protocol' = $out[0]
'LocalAddress' = $out[1].SubString(0,$LCount)
'LocalPort' = $out[1].SubString($Lcount+1,($out[1].Length-$Lcount-1))
'RemoteAddress' = $out[2].SubString(0,$RCount)
'RemotePort' = $out[2].SubString($RCount+1,($out[2].Length-$Rcount-1))
'Connection' = $(
# Checking if the connection contains any empty string.
if(!($out[3] -match '\d')){$out[3]}
)
}
}
}
$portout | ft -AutoSize
}
End{
Write-Verbose "End of the program"
}
}输出:
Process PID Protocol LocalAddress LocalPort RemoteAddress RemotePort Connection ------- --- -------- ------------ --------- ------------- ---------- ---------- avp 4252 TCP 127.0.0.1 49676 0.0.0.0 0 LISTENING avp 4252 TCP 127.0.0.1 49676 127.0.0.1 50304 ESTABLISHED avp 4252 TCP 127.0.0.1 49676 127.0.0.1 50338 ESTABLISHED avp 4252 TCP 127.0.0.1 49676 127.0.0.1 50347 ESTABLISHED avp 4252 TCP 127.0.0.1 49676 127.0.0.1 50357 ESTABLISHED avp 4252 TCP 127.0.0.1 49676 127.0.0.1 50366 ESTABLISHED avp 4252 TCP 127.0.0.1 49676 127.0.0.1 50370 ESTABLISHED avp 4252 TCP 127.0.0.1 49676 127.0.0.1 50375 ESTABLISHED avp 4252 TCP 127.0.0.1 49676 127.0.0.1 50376 ESTABLISHED avp 4252 TCP 127.0.0.1 49676 127.0.0.1 50377 ESTABLISHED avp 4252 TCP 127.0.0.1 49676 127.0.0.1 50378 ESTABLISHED avp 4252 TCP 127.0.0.1 49676 127.0.0.1 50379 ESTABLISHED avp 4252 TCP 127.0.0.1 49676 127.0.0.1 50380 ESTABLISHED avp 4252 TCP 127.0.0.1 49676 127.0.0.1 50385 ESTABLISHED avp 4252 TCP 127.0.0.1 49676 127.0.0.1 50387 ESTABLISHED WINWORD 25852 TCP 192.168.0.107 53584 99.83.135.170 443 ESTABLISHED WINWORD 25852 TCP 192.168.0.107 53592 99.83.135.170 443 ESTABLISHED VERBOSE: End of the program
更新于:2020年5月4日
3K+ 次浏览
广告