标题: [已解决] 指定进程如何使用netstat [打印本页]
作者: zb1007zb 时间: 2008-8-17 05:39 标题: [已解决] 指定进程如何使用netstat
求个 批处理
希望能输出指定进程的 netstat IP和端口
Last edited by zb1007zb on 2008-8-18 at 05:35 PM ]
希望能输出指定进程的 netstat IP和端口
Last edited by zb1007zb on 2008-8-18 at 05:35 PM ]
作者: zb1007zb 时间: 2008-8-17 10:53
没人会么 ....
作者: HAT 时间: 2008-8-17 11:18
可能是没人看懂你的题目吧,能否举个例子?
作者: zb1007zb 时间: 2008-8-17 19:35
我就是希望 能用 netstat 输出 1条我想要的那个进程的IP和端口
作者: qwertl 时间: 2008-8-17 19:46
手动还是可以。先用tasklist 从程序名取得PID,再用netstat -ano找到相同pid的一行显示,写批处理语句还不会,应该可以实现。
作者: HAT 时间: 2008-8-17 20:07 标题: Re 5楼
@echo off
for /f "tokens=1-2" %%a in ('tasklist^|findstr "IEXPLORE.EXE"') do (
for /f "tokens=3,6 delims=: " %%h in ('netstat -ano^|findstr "%%b"') do (
echo Process: %%a
echo PID: %%b
echo Port: %%h
)
)
作者: zb1007zb 时间: 2008-8-18 11:56
Originally posted by HAT at 2008-8-17 08:07 PM:
@echo off
for /f "tokens=1-2" %%a in ('tasklist^|findstr "IEXPLORE.EXE"') do (
for /f "tokens=3,6 delims=: " %%h in ('netstat -ano^|findstr "%%b"') ...
我运行了 没反应呀
作者: HAT 时间: 2008-8-18 11:59
如果你是双击运行的,记得在最后加一行:
pause
pause
作者: zb1007zb 时间: 2008-8-18 15:42
搞定了...感谢大家
echo 正在搜索进程相关信息...
for /f "tokens=1-2" %%a in ('tasklist^|findstr /i "IEXPLORE.EXE"') do (
for /f "tokens=4,5 delims=: " %%h in ('netstat -ano^|findstr "%%b"') do (
echo.
echo 查询的进程名为: %%a
echo.
echo 该进程IP端口为:
echo.
echo %%h:%%i
)>ice-g_IP.txt
)
ice-g_IP.txt
Last edited by zb1007zb on 2008-8-18 at 04:55 PM ]
echo 正在搜索进程相关信息...
for /f "tokens=1-2" %%a in ('tasklist^|findstr /i "IEXPLORE.EXE"') do (
for /f "tokens=4,5 delims=: " %%h in ('netstat -ano^|findstr "%%b"') do (
echo.
echo 查询的进程名为: %%a
echo.
echo 该进程IP端口为:
echo.
echo %%h:%%i
)>ice-g_IP.txt
)
ice-g_IP.txt
Last edited by zb1007zb on 2008-8-18 at 04:55 PM ]
作者: HAT 时间: 2008-8-18 17:03
是这个意思吗?
@echo off
echo 正在搜索进程相关信息...
for /f "tokens=1-2" %%a in ('tasklist^|findstr /i "IEXPLORE.EXE"') do (
for /f "tokens=4,5 delims=: " %%h in ('netstat -ano^|findstr /i "%%b ESTABLISHED"') do (
echo.
echo 查询的进程名为: %%a
echo.
echo 该进程IP端口为:
echo.
echo %%h:%%i
)>ice-g_IP.txt
)
ice-g_IP.txt
作者: HAT 时间: 2008-8-18 17:12
这个呢?
@echo off
echo 正在搜索进程相关信息...
for /f "tokens=1-2" %%a in ('tasklist^|findstr /i "IEXPLORE.EXE"') do (
for /f "tokens=4,5 delims=: " %%h in ('netstat -ano^|findstr "%%b"^|findstr /i "ESTABLISHED"') do (
echo.
echo 查询的进程名为: %%a
echo.
echo 该进程IP端口为:
echo.
echo %%h:%%i
)>ice-g_IP.txt
)
ice-g_IP.txt
作者: zb1007zb 时间: 2008-8-18 17:30
tasklist
图像名 PID 会话名 会话# 内存使用
========================= ====== ================ ======== ============
System Idle Process 0 Console 0 28 K
System 4 Console 0 340 K
smss.exe 772 Console 0 456 K
csrss.exe 844 Console 0 5,340 K
winlogon.exe 868 Console 0 3,844 K
services.exe 912 Console 0 5,092 K
lsass.exe 924 Console 0 1,772 K
svchost.exe 1108 Console 0 5,616 K
svchost.exe 1176 Console 0 5,008 K
svchost.exe 1276 Console 0 26,248 K
svchost.exe 1400 Console 0 4,644 K
svchost.exe 1536 Console 0 5,356 K
spoolsv.exe 1884 Console 0 5,420 K
AmdHpSrv.exe 616 Console 0 2,000 K
avp.exe 648 Console 0 6,072 K
explorer.exe 652 Console 0 14,008 K
sqlservr.exe 808 Console 0 3,436 K
nvsvc32.exe 828 Console 0 4,900 K
StarWindService.exe 972 Console 0 2,732 K
wdfmgr.exe 1368 Console 0 2,096 K
avp.exe 1976 Console 0 8,772 K
360tray.exe 176 Console 0 16 K
AntiArp.exe 236 Console 0 7,852 K
ctfmon.exe 208 Console 0 3,956 K
alg.exe 3072 Console 0 4,040 K
conime.exe 3844 Console 0 5,792 K
safeboxTray.exe 2568 Console 0 68 K
QQ.exe 3988 Console 0 44,492 K
TXPlatform.exe 832 Console 0 2,336 K
Maxthon.exe 300 Console 0 38,964 K
IEXPLORE.EXE 4996 Console 0 2,588 K
SOUL.EXE 6964 Console 0 163,308 K
360Safe.exe 2144 Console 0 18 K
notepad.exe 7248 Console 0 5,088 K
cmd.exe 6960 Console 0 2,828 K
wmiprvse.exe 7428 Console 0 6,156 K
tasklist.exe 6756 Console 0 4,880 K
图像名 PID 会话名 会话# 内存使用
========================= ====== ================ ======== ============
System Idle Process 0 Console 0 28 K
System 4 Console 0 340 K
smss.exe 772 Console 0 456 K
csrss.exe 844 Console 0 5,340 K
winlogon.exe 868 Console 0 3,844 K
services.exe 912 Console 0 5,092 K
lsass.exe 924 Console 0 1,772 K
svchost.exe 1108 Console 0 5,616 K
svchost.exe 1176 Console 0 5,008 K
svchost.exe 1276 Console 0 26,248 K
svchost.exe 1400 Console 0 4,644 K
svchost.exe 1536 Console 0 5,356 K
spoolsv.exe 1884 Console 0 5,420 K
AmdHpSrv.exe 616 Console 0 2,000 K
avp.exe 648 Console 0 6,072 K
explorer.exe 652 Console 0 14,008 K
sqlservr.exe 808 Console 0 3,436 K
nvsvc32.exe 828 Console 0 4,900 K
StarWindService.exe 972 Console 0 2,732 K
wdfmgr.exe 1368 Console 0 2,096 K
avp.exe 1976 Console 0 8,772 K
360tray.exe 176 Console 0 16 K
AntiArp.exe 236 Console 0 7,852 K
ctfmon.exe 208 Console 0 3,956 K
alg.exe 3072 Console 0 4,040 K
conime.exe 3844 Console 0 5,792 K
safeboxTray.exe 2568 Console 0 68 K
QQ.exe 3988 Console 0 44,492 K
TXPlatform.exe 832 Console 0 2,336 K
Maxthon.exe 300 Console 0 38,964 K
IEXPLORE.EXE 4996 Console 0 2,588 K
SOUL.EXE 6964 Console 0 163,308 K
360Safe.exe 2144 Console 0 18 K
notepad.exe 7248 Console 0 5,088 K
cmd.exe 6960 Console 0 2,828 K
wmiprvse.exe 7428 Console 0 6,156 K
tasklist.exe 6756 Console 0 4,880 K
作者: zb1007zb 时间: 2008-8-18 17:30
netstat -ano
Active Connections
Proto Local Address Foreign Address State PID
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 1176
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:1110 0.0.0.0:0 LISTENING 648
TCP 0.0.0.0:3260 0.0.0.0:0 LISTENING 972
TCP 0.0.0.0:3261 0.0.0.0:0 LISTENING 972
TCP 0.0.0.0:19780 0.0.0.0:0 LISTENING 648
TCP 127.0.0.1:1025 0.0.0.0:0 LISTENING 3072
TCP 127.0.0.1:1110 127.0.0.1:4235 ESTABLISHED 648
TCP 127.0.0.1:1110 127.0.0.1:4622 TIME_WAIT 0
TCP 127.0.0.1:1110 127.0.0.1:4628 TIME_WAIT 0
TCP 127.0.0.1:1110 127.0.0.1:4643 TIME_WAIT 0
TCP 127.0.0.1:1110 127.0.0.1:4676 ESTABLISHED 648
TCP 127.0.0.1:1110 127.0.0.1:4715 TIME_WAIT 0
TCP 127.0.0.1:1110 127.0.0.1:4727 TIME_WAIT 0
TCP 127.0.0.1:2916 127.0.0.1:1110 CLOSE_WAIT 6964
TCP 127.0.0.1:4235 127.0.0.1:1110 ESTABLISHED 3988
TCP 127.0.0.1:4616 127.0.0.1:1110 TIME_WAIT 0
TCP 127.0.0.1:4619 127.0.0.1:1110 TIME_WAIT 0
TCP 127.0.0.1:4631 127.0.0.1:1110 TIME_WAIT 0
TCP 127.0.0.1:4634 127.0.0.1:1110 TIME_WAIT 0
TCP 127.0.0.1:4640 127.0.0.1:1110 TIME_WAIT 0
TCP 127.0.0.1:4645 127.0.0.1:1110 TIME_WAIT 0
TCP 127.0.0.1:4646 127.0.0.1:1110 TIME_WAIT 0
TCP 127.0.0.1:4648 127.0.0.1:1110 TIME_WAIT 0
TCP 127.0.0.1:4655 127.0.0.1:1110 TIME_WAIT 0
TCP 127.0.0.1:4657 127.0.0.1:1110 TIME_WAIT 0
TCP 127.0.0.1:4661 127.0.0.1:1110 TIME_WAIT 0
TCP 127.0.0.1:4664 127.0.0.1:1110 TIME_WAIT 0
TCP 127.0.0.1:4666 127.0.0.1:1110 TIME_WAIT 0
TCP 127.0.0.1:4670 127.0.0.1:1110 TIME_WAIT 0
TCP 127.0.0.1:4673 127.0.0.1:1110 TIME_WAIT 0
TCP 127.0.0.1:4676 127.0.0.1:1110 ESTABLISHED 300
TCP 127.0.0.1:4679 127.0.0.1:1110 TIME_WAIT 0
TCP 127.0.0.1:4682 127.0.0.1:1110 TIME_WAIT 0
TCP 127.0.0.1:4685 127.0.0.1:1110 TIME_WAIT 0
TCP 127.0.0.1:4688 127.0.0.1:1110 TIME_WAIT 0
TCP 127.0.0.1:4691 127.0.0.1:1110 TIME_WAIT 0
TCP 127.0.0.1:4692 127.0.0.1:1110 TIME_WAIT 0
TCP 127.0.0.1:4697 127.0.0.1:1110 TIME_WAIT 0
TCP 127.0.0.1:4700 127.0.0.1:1110 TIME_WAIT 0
TCP 127.0.0.1:4703 127.0.0.1:1110 TIME_WAIT 0
TCP 127.0.0.1:4706 127.0.0.1:1110 TIME_WAIT 0
TCP 127.0.0.1:4709 127.0.0.1:1110 TIME_WAIT 0
TCP 192.168.0.101:139 0.0.0.0:0 LISTENING 4
TCP 192.168.0.101:1492 59.57.142.150:4018 CLOSE_WAIT 3988
TCP 192.168.0.101:2915 220.162.246.32:5816 ESTABLISHED 6964
TCP 192.168.0.101:4237 219.133.60.243:8000 ESTABLISHED 648
TCP 192.168.0.101:4678 66.249.89.127:80 ESTABLISHED 648
UDP 0.0.0.0:445 *:* 4
UDP 0.0.0.0:500 *:* 924
UDP 0.0.0.0:1489 *:* 3988
UDP 0.0.0.0:3083 *:* 3988
UDP 0.0.0.0:3240 *:* 3988
UDP 0.0.0.0:4000 *:* 3988
UDP 0.0.0.0:4001 *:* 3988
UDP 0.0.0.0:4002 *:* 3988
UDP 0.0.0.0:4500 *:* 924
UDP 0.0.0.0:6000 *:* 3988
UDP 127.0.0.1:123 *:* 1276
UDP 127.0.0.1:1027 *:* 176
UDP 127.0.0.1:1060 *:* 3988
UDP 127.0.0.1:1153 *:* 300
UDP 127.0.0.1:1900 *:* 1536
UDP 127.0.0.1:2651 *:* 4996
UDP 127.0.0.1:2925 *:* 2144
UDP 192.168.0.101:123 *:* 1276
UDP 192.168.0.101:137 *:* 4
UDP 192.168.0.101:138 *:* 4
UDP 192.168.0.101:1900 *:* 1536
Active Connections
Proto Local Address Foreign Address State PID
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 1176
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:1110 0.0.0.0:0 LISTENING 648
TCP 0.0.0.0:3260 0.0.0.0:0 LISTENING 972
TCP 0.0.0.0:3261 0.0.0.0:0 LISTENING 972
TCP 0.0.0.0:19780 0.0.0.0:0 LISTENING 648
TCP 127.0.0.1:1025 0.0.0.0:0 LISTENING 3072
TCP 127.0.0.1:1110 127.0.0.1:4235 ESTABLISHED 648
TCP 127.0.0.1:1110 127.0.0.1:4622 TIME_WAIT 0
TCP 127.0.0.1:1110 127.0.0.1:4628 TIME_WAIT 0
TCP 127.0.0.1:1110 127.0.0.1:4643 TIME_WAIT 0
TCP 127.0.0.1:1110 127.0.0.1:4676 ESTABLISHED 648
TCP 127.0.0.1:1110 127.0.0.1:4715 TIME_WAIT 0
TCP 127.0.0.1:1110 127.0.0.1:4727 TIME_WAIT 0
TCP 127.0.0.1:2916 127.0.0.1:1110 CLOSE_WAIT 6964
TCP 127.0.0.1:4235 127.0.0.1:1110 ESTABLISHED 3988
TCP 127.0.0.1:4616 127.0.0.1:1110 TIME_WAIT 0
TCP 127.0.0.1:4619 127.0.0.1:1110 TIME_WAIT 0
TCP 127.0.0.1:4631 127.0.0.1:1110 TIME_WAIT 0
TCP 127.0.0.1:4634 127.0.0.1:1110 TIME_WAIT 0
TCP 127.0.0.1:4640 127.0.0.1:1110 TIME_WAIT 0
TCP 127.0.0.1:4645 127.0.0.1:1110 TIME_WAIT 0
TCP 127.0.0.1:4646 127.0.0.1:1110 TIME_WAIT 0
TCP 127.0.0.1:4648 127.0.0.1:1110 TIME_WAIT 0
TCP 127.0.0.1:4655 127.0.0.1:1110 TIME_WAIT 0
TCP 127.0.0.1:4657 127.0.0.1:1110 TIME_WAIT 0
TCP 127.0.0.1:4661 127.0.0.1:1110 TIME_WAIT 0
TCP 127.0.0.1:4664 127.0.0.1:1110 TIME_WAIT 0
TCP 127.0.0.1:4666 127.0.0.1:1110 TIME_WAIT 0
TCP 127.0.0.1:4670 127.0.0.1:1110 TIME_WAIT 0
TCP 127.0.0.1:4673 127.0.0.1:1110 TIME_WAIT 0
TCP 127.0.0.1:4676 127.0.0.1:1110 ESTABLISHED 300
TCP 127.0.0.1:4679 127.0.0.1:1110 TIME_WAIT 0
TCP 127.0.0.1:4682 127.0.0.1:1110 TIME_WAIT 0
TCP 127.0.0.1:4685 127.0.0.1:1110 TIME_WAIT 0
TCP 127.0.0.1:4688 127.0.0.1:1110 TIME_WAIT 0
TCP 127.0.0.1:4691 127.0.0.1:1110 TIME_WAIT 0
TCP 127.0.0.1:4692 127.0.0.1:1110 TIME_WAIT 0
TCP 127.0.0.1:4697 127.0.0.1:1110 TIME_WAIT 0
TCP 127.0.0.1:4700 127.0.0.1:1110 TIME_WAIT 0
TCP 127.0.0.1:4703 127.0.0.1:1110 TIME_WAIT 0
TCP 127.0.0.1:4706 127.0.0.1:1110 TIME_WAIT 0
TCP 127.0.0.1:4709 127.0.0.1:1110 TIME_WAIT 0
TCP 192.168.0.101:139 0.0.0.0:0 LISTENING 4
TCP 192.168.0.101:1492 59.57.142.150:4018 CLOSE_WAIT 3988
TCP 192.168.0.101:2915 220.162.246.32:5816 ESTABLISHED 6964
TCP 192.168.0.101:4237 219.133.60.243:8000 ESTABLISHED 648
TCP 192.168.0.101:4678 66.249.89.127:80 ESTABLISHED 648
UDP 0.0.0.0:445 *:* 4
UDP 0.0.0.0:500 *:* 924
UDP 0.0.0.0:1489 *:* 3988
UDP 0.0.0.0:3083 *:* 3988
UDP 0.0.0.0:3240 *:* 3988
UDP 0.0.0.0:4000 *:* 3988
UDP 0.0.0.0:4001 *:* 3988
UDP 0.0.0.0:4002 *:* 3988
UDP 0.0.0.0:4500 *:* 924
UDP 0.0.0.0:6000 *:* 3988
UDP 127.0.0.1:123 *:* 1276
UDP 127.0.0.1:1027 *:* 176
UDP 127.0.0.1:1060 *:* 3988
UDP 127.0.0.1:1153 *:* 300
UDP 127.0.0.1:1900 *:* 1536
UDP 127.0.0.1:2651 *:* 4996
UDP 127.0.0.1:2925 *:* 2144
UDP 192.168.0.101:123 *:* 1276
UDP 192.168.0.101:137 *:* 4
UDP 192.168.0.101:138 *:* 4
UDP 192.168.0.101:1900 *:* 1536
作者: zb1007zb 时间: 2008-8-18 17:34
11L 可以了 感谢版主
我纠结了这么久
还那么有耐心
我纠结了这么久
还那么有耐心
作者: HAT 时间: 2008-8-18 17:37
@echo off
echo 正在搜索进程相关信息...
for /f "tokens=1-2" %%a in ('tasklist^|findstr /i "IEXPLORE.EXE"') do (
for /f "tokens=4,5 delims=: " %%h in ('netstat -ano^|findstr "%%b"^|findstr /i "ESTABLISHED"') do (
set Process=%%a
set Port=%%i
)
)
echo 查询的进程名为: %Process%
echo 该进程IP端口为: %Port%
作者: HAT 时间: 2008-8-18 17:38
Originally posted by zb1007zb at 2008-8-18 05:34 PM:
11L 可以了 感谢版主
我纠结了这么久
还那么有耐心
我不是版主,我不是黄蓉,我也不会武功。
作者: tempuser 时间: 2008-8-20 10:29
Originally posted by HAT at 2008-8-18 17:37:
@echo off
echo 正在搜索进程相关信息...
for /f "tokens=1-2" %%a in ('tasklist^|findstr /i "IEXPLORE.EXE"') do (
for /f "tokens=4,5 delims=: " %%h i ...
我运行了该批处理.怎么没有任何显示结果呢?执行结果如下:
查询的进程名:
该进程IP的端口:
作者: qwertl 时间: 2008-8-25 23:18
运行C:\>fport
Process: IEXPLORE.EXE
@echo off
for /f "tokens=1-2" %%a in ('tasklist^|findstr "IEXPLORE.EXE"') do (
for /f "tokens=3,6 delims=: " %%h in ('netstat -ano^|findstr "%%b"') do (
echo Process: %%a
echo PID: %%b
echo Port: %%h
)
)
显示:
C:\>fport
Process: IEXPLORE.EXE
PID: 612
Port: 1034
Process: IEXPLORE.EXE
PID: 1532
Port: 1601
是不是电脑有木马,怎两个PID同一程序?
Process: IEXPLORE.EXE
@echo off
for /f "tokens=1-2" %%a in ('tasklist^|findstr "IEXPLORE.EXE"') do (
for /f "tokens=3,6 delims=: " %%h in ('netstat -ano^|findstr "%%b"') do (
echo Process: %%a
echo PID: %%b
echo Port: %%h
)
)
显示:
C:\>fport
Process: IEXPLORE.EXE
PID: 612
Port: 1034
Process: IEXPLORE.EXE
PID: 1532
Port: 1601
是不是电脑有木马,怎两个PID同一程序?