在 Powershell 中查询给定进程的 TCP 连接数
Querying count of TCP Connections for a given process in Powershell
class 似乎是MSFT_NetTransportConnection。
但是我无法通过 Get-WmiObject 查询此 class:
C:\Users\Justin Dearing> Get-WmiObject MSFT_NetTransportConnection
Get-WmiObject : Invalid class "MSFT_NetTransportConnection"
At line:1 char:1
+ Get-WmiObject MSFT_NetTransportConnection
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidType: (:) [Get-WmiObject], ManagementException
+ FullyQualifiedErrorId : GetWMIManagementException,Microsoft.PowerShell.Commands.GetWmiObjectCommand
C:\Users\Justin Dearing> Get-WmiObject MSFT_NetTransportConnection -Namespace "root/StandardCimv2"
Get-WmiObject : Not supported
At line:1 char:1
+ Get-WmiObject MSFT_NetTransportConnection -Namespace "root/StandardC ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [Get-WmiObject], ManagementException
+ FullyQualifiedErrorId : GetWMIManagementException,Microsoft.PowerShell.Commands.GetWmiObjectCommand
C:\Users\Justin Dearing> Get-WmiObject MSFT_NetTransportConnection -Namespace "fff"
Get-WmiObject : Invalid namespace "fff"
At line:1 char:1
+ Get-WmiObject MSFT_NetTransportConnection -Namespace "fff"
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (:) [Get-WmiObject], ManagementException
+ FullyQualifiedErrorId : GetWMIManagementException,Microsoft.PowerShell.Commands.GetWmiObjectCommand
我做错了什么?
我也没有 WMI/CIM class。您可能需要弄清楚它所在的命名空间才能使用它。
您可以使用 Get-NetTCPConnection 并在 OwningProcess 属性.
上分组来获取每个进程拥有的网络连接数
Get-NetTCPConnection -State Established, TimeWait -ErrorAction SilentlyContinue |
Group-Object OwningProcess
MSFT_NetTcpConnectionclass可以合适吗?
Get-WmiObject -Namespace 'ROOT/StandardCimv2' -ClassName MSFT_NetTCPConnection |
Group-Object OwningProcess
对连接数最多的进程进行排序
您还可以使用 Sort-Object 对连接数最多的进程列表进行排序。这使得更容易直观地发现哪些进程具有最多的连接。
Get-CimInstance -Namespace root/standardcimv2 -ClassName MSFT_NetTCPConnection |
Group-Object -Property OwningProcess |
Sort-Object -Property Count
class 似乎是MSFT_NetTransportConnection。
但是我无法通过 Get-WmiObject 查询此 class:
C:\Users\Justin Dearing> Get-WmiObject MSFT_NetTransportConnection
Get-WmiObject : Invalid class "MSFT_NetTransportConnection"
At line:1 char:1
+ Get-WmiObject MSFT_NetTransportConnection
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidType: (:) [Get-WmiObject], ManagementException
+ FullyQualifiedErrorId : GetWMIManagementException,Microsoft.PowerShell.Commands.GetWmiObjectCommand
C:\Users\Justin Dearing> Get-WmiObject MSFT_NetTransportConnection -Namespace "root/StandardCimv2"
Get-WmiObject : Not supported
At line:1 char:1
+ Get-WmiObject MSFT_NetTransportConnection -Namespace "root/StandardC ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [Get-WmiObject], ManagementException
+ FullyQualifiedErrorId : GetWMIManagementException,Microsoft.PowerShell.Commands.GetWmiObjectCommand
C:\Users\Justin Dearing> Get-WmiObject MSFT_NetTransportConnection -Namespace "fff"
Get-WmiObject : Invalid namespace "fff"
At line:1 char:1
+ Get-WmiObject MSFT_NetTransportConnection -Namespace "fff"
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (:) [Get-WmiObject], ManagementException
+ FullyQualifiedErrorId : GetWMIManagementException,Microsoft.PowerShell.Commands.GetWmiObjectCommand
我做错了什么?
我也没有 WMI/CIM class。您可能需要弄清楚它所在的命名空间才能使用它。
您可以使用 Get-NetTCPConnection 并在 OwningProcess 属性.
Get-NetTCPConnection -State Established, TimeWait -ErrorAction SilentlyContinue |
Group-Object OwningProcess
MSFT_NetTcpConnectionclass可以合适吗?
Get-WmiObject -Namespace 'ROOT/StandardCimv2' -ClassName MSFT_NetTCPConnection |
Group-Object OwningProcess
对连接数最多的进程进行排序
您还可以使用 Sort-Object 对连接数最多的进程列表进行排序。这使得更容易直观地发现哪些进程具有最多的连接。
Get-CimInstance -Namespace root/standardcimv2 -ClassName MSFT_NetTCPConnection |
Group-Object -Property OwningProcess |
Sort-Object -Property Count