資料結構
網路
關係資料庫管理系統 (RDBMS)
作業系統
Java
MS Excel
iOS
HTML
CSS
Android
Python
C語言程式設計
C++
C#
MongoDB
MySQL
Javascript
PHP
物理學
化學
生物學
數學
英語
經濟學
心理學
社會學
服裝學
法學如何使用PowerShell獲取程序的埠號?
當我們在PowerShell中使用Get-Process cmdlet時,它沒有屬性來獲取程序使用的埠號。因此,我們將編寫一個函式來提供與程序關聯的埠號。
有一個Windows命令**NETSTAT**可以提供埠號和關聯的程序ID,但它不提供程序名稱。我們有Get-Process命令,它提供程序名稱和PID(程序ID),因此我們可以編寫一個程式來關聯這兩個命令,我們可以檢索程序ID、本地地址、遠端地址以及埠的狀態(例如LISTENING、ESTABLISHED等)。
讓我們看看**NETSTAT**命令是什麼樣的。
PS C:\WINDOWS\system32> netstat Active Connections Proto Local Address Foreign Address State TCP 127.0.0.1:9012 DESKTOP-9435KM9:56668 ESTABLISHED TCP 127.0.0.1:29885 DESKTOP-9435KM9:56733 ESTABLISHED TCP 127.0.0.1:49676 DESKTOP-9435KM9:58748 ESTABLISHED TCP 127.0.0.1:49676 DESKTOP-9435KM9:58755 ESTABLISHED TCP 127.0.0.1:49676 DESKTOP-9435KM9:58766 ESTABLISHED TCP 127.0.0.1:49676 DESKTOP-9435KM9:58772 ESTABLISHED TCP 127.0.0.1:49676 DESKTOP-9435KM9:58780 ESTABLISHED TCP 127.0.0.1:49676 DESKTOP-9435KM9:58782 ESTABLISHED TCP 127.0.0.1:49676 DESKTOP-9435KM9:58788 ESTABLISHED TCP 127.0.0.1:49676 DESKTOP-9435KM9:58797 ESTABLISHED TCP 127.0.0.1:49676 DESKTOP-9435KM9:58799 ESTABLISHED TCP 127.0.0.1:49676 DESKTOP-9435KM9:58801 ESTABLISHED TCP 127.0.0.1:49676 DESKTOP-9435KM9:58810 ESTABLISHED TCP 127.0.0.1:49676 DESKTOP-9435KM9:58815 ESTABLISHED TCP 127.0.0.1:49676 DESKTOP-9435KM9:58833 ESTABLISHED TCP 127.0.0.1:49676 DESKTOP-9435KM9:58835 ESTABLISHED TCP 127.0.0.1:49676 DESKTOP-9435KM9:58836 ESTABLISHED TCP 127.0.0.1:49676 DESKTOP-9435KM9:58837 ESTABLISHED TCP 127.0.0.1:49676 DESKTOP-9435KM9:58838 ESTABLISHED TCP 127.0.0.1:49676 DESKTOP-9435KM9:58843 ESTABLISHED TCP 127.0.0.1:49676 DESKTOP-9435KM9:58845 ESTABLISHED
在上述命令中,我們需要獲取埠號、本地地址和遠端地址,因此我們將使用**NETSTAT –ano**命令。要了解更多關於此命令的資訊,請檢視下面的連結。
https://www.ionos.com/digitalguide/server/tools/introduction-to-netstat/
此命令的輸出將是:
PS C:\WINDOWS\system32> netstat -ano Active Connections Proto Local Address Foreign Address State PID TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 1208 TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4 TCP 0.0.0.0:2869 0.0.0.0:0 LISTENING 4 TCP 0.0.0.0:5040 0.0.0.0:0 LISTENING 7864 TCP 0.0.0.0:5700 0.0.0.0:0 LISTENING 4 TCP 0.0.0.0:16861 0.0.0.0:0 LISTENING 26860 TCP 0.0.0.0:49664 0.0.0.0:0 LISTENING 760 TCP 0.0.0.0:49665 0.0.0.0:0 LISTENING 912 TCP 0.0.0.0:49666 0.0.0.0:0 LISTENING 1704 TCP 0.0.0.0:49667 0.0.0.0:0 LISTENING 2976 TCP 0.0.0.0:49668 0.0.0.0:0 LISTENING 3868 TCP 0.0.0.0:49669 0.0.0.0:0 LISTENING 3996 TCP 0.0.0.0:49670 0.0.0.0:0 LISTENING 720 TCP 127.0.0.1:515 0.0.0.0:0 LISTENING 9276 TCP 127.0.0.1:1001 0.0.0.0:0 LISTENING 4 TCP 127.0.0.1:8884 0.0.0.0:0 LISTENING 4 TCP 127.0.0.1:9012 0.0.0.0:0 LISTENING 15532 TCP 127.0.0.1:9012 127.0.0.1:56668 ESTABLISHED 15532 TCP 127.0.0.1:29885 0.0.0.0:0 LISTENING 26860
我們在這個表中得到了程序ID (PID),我們可以用Get-Process命令檢索具有PID的程序,併為此編寫一個可以關聯兩者的程式。
function Get-ProcessPorts{
[cmdletbinding()]
Param(
[parameter(Mandatory=$True, ValueFromPipeLine=$True)]
[AllowEmptyCollection()]
[string[]]$ProcessName
)
Begin{
Write-Verbose "Declaring empty array to store the output"
$portout = @()
}
Process{
Write-Verbose "Processes to get the port information"
$processes = Get-Process $ProcessName
foreach($proc in $processes){
# Get the port for the process.
$mports = Netstat -ano | findstr $proc.ID
# Separate each instance
foreach($sport in $mports)
# Split the netstat output and remove empty lines from the output.
$out = $sport.Split('') | where{$_ -ne ""}
$LCount = $out[1].LastIndexOf(':')
$RCount = $out[2].LastIndexOf(':')
$portout += [PSCustomObject]@{
'Process' = $proc.Name
'PID' = $proc.ID
'Protocol' = $out[0]
'LocalAddress' = $out[1].SubString(0,$LCount)
'LocalPort' = $out[1].SubString($Lcount+1,($out[1].Length-$Lcount-1))
'RemoteAddress' = $out[2].SubString(0,$RCount)
'RemotePort' = $out[2].SubString($RCount+1,($out[2].Length-$Rcount-1))
'Connection' = $(
# Checking if the connection contains any empty string.
if(!($out[3] -match '\d')){$out[3]}
)
}
}
}
$portout | ft -AutoSize
}
End{
Write-Verbose "End of the program"
}
}輸出:
Process PID Protocol LocalAddress LocalPort RemoteAddress RemotePort Connection ------- --- -------- ------------ --------- ------------- ---------- ---------- avp 4252 TCP 127.0.0.1 49676 0.0.0.0 0 LISTENING avp 4252 TCP 127.0.0.1 49676 127.0.0.1 50304 ESTABLISHED avp 4252 TCP 127.0.0.1 49676 127.0.0.1 50338 ESTABLISHED avp 4252 TCP 127.0.0.1 49676 127.0.0.1 50347 ESTABLISHED avp 4252 TCP 127.0.0.1 49676 127.0.0.1 50357 ESTABLISHED avp 4252 TCP 127.0.0.1 49676 127.0.0.1 50366 ESTABLISHED avp 4252 TCP 127.0.0.1 49676 127.0.0.1 50370 ESTABLISHED avp 4252 TCP 127.0.0.1 49676 127.0.0.1 50375 ESTABLISHED avp 4252 TCP 127.0.0.1 49676 127.0.0.1 50376 ESTABLISHED avp 4252 TCP 127.0.0.1 49676 127.0.0.1 50377 ESTABLISHED avp 4252 TCP 127.0.0.1 49676 127.0.0.1 50378 ESTABLISHED avp 4252 TCP 127.0.0.1 49676 127.0.0.1 50379 ESTABLISHED avp 4252 TCP 127.0.0.1 49676 127.0.0.1 50380 ESTABLISHED avp 4252 TCP 127.0.0.1 49676 127.0.0.1 50385 ESTABLISHED avp 4252 TCP 127.0.0.1 49676 127.0.0.1 50387 ESTABLISHED WINWORD 25852 TCP 192.168.0.107 53584 99.83.135.170 443 ESTABLISHED WINWORD 25852 TCP 192.168.0.107 53592 99.83.135.170 443 ESTABLISHED VERBOSE: End of the program
更新於:2020年5月4日
3K+ 次瀏覽
廣告