MSFT_NetTCPConnection CIM 查询返回未知的 TCP 状态
Unknown tcp states being returned by MSFT_NetTCPConnection CIM Query
概览
下面的方法查询MSFT_NetTCPConnection CIM instance and returns a list of TCP Connections on the target machine. This is the CIM instance that underlies the powershell Get-NetTCPConnection命令。
问题
我注意到我得到了一些返回 TCP 状态 ID 100 的实例,据我所知这是 undocumented。这个状态是什么意思?我的猜测是这些是死连接,我可能可以将它们过滤掉,但我希望有人知道这个问题的答案。
public const string TcpConnectionNamespace = Wmi.StandardCimv2Namespace;
public const string TcpConnectionClassName = "MSFT_NetTCPConnection";
public const string ProcessIdKey = "OwningProcess";
public const string LocalAddressKey = "LocalAddress";
public const string LocalPortKey = "LocalPort";
public const string RemoteAddressKey = "RemoteAddress";
public const string RemotePortKey = "RemotePort";
public const string StateKey = "State";
public IEnumerable<TcpConnectionModel> GetTcpConnections()
{
var session = CimSession.Create(Server);
var instances = session.QueryInstances(
TcpConnection.TcpConnectionNamespace,
Wmi.QueryDialect,
$"Select * From {TcpConnection.TcpConnectionClassName}");
foreach (var instance in instances)
{
var processId = Convert.ToUInt32(instance.CimInstanceProperties[TcpConnection.ProcessIdKey].Value);
yield return new TcpConnectionModel()
{
ProcessId = processId,
ProcessName = _processService.GetProcessFromPid(processId).ProcessName,
LocalAddress = IPAddress.Parse(instance.CimInstanceProperties[TcpConnection.LocalAddressKey].Value.ToString()),
LocalPort = Convert.ToUInt16(instance.CimInstanceProperties[TcpConnection.LocalPortKey].Value.ToString()),
RemoteAddress = IPAddress.Parse(instance.CimInstanceProperties[TcpConnection.RemoteAddressKey].Value.ToString()),
RemotePort = Convert.ToUInt16(instance.CimInstanceProperties[TcpConnection.RemotePortKey].Value.ToString()),
State = TcpConnection.ConvertState(Convert.ToInt32(instance.CimInstanceProperties[TcpConnection.StateKey].Value))
};
}
}
TCP 状态
在Win Server 2008上的“Get-NetTCPConnection”输出中发现状态100。与相同命令在Win10上的输出相比,它似乎是“绑定”的意思。
输出
(LocalAddress = 0.0.0.0,LocalPort = [高端口] RemoteAddress = 0.0.0.0,RemotePort = 0,State = Bound,AppliedSetting = [未显示],...)
您的机器上还有一个 Cmdlet 定义 XML,您可以检查一下。 “C:\Windows\System32\WindowsPowerShell\v1.0\Modules\NetTCPIP\MSFT_NetTCPConnection.cdxml”(搜索 NetTCPConnection.State 以获取枚举值)。
概览
下面的方法查询MSFT_NetTCPConnection CIM instance and returns a list of TCP Connections on the target machine. This is the CIM instance that underlies the powershell Get-NetTCPConnection命令。
问题
我注意到我得到了一些返回 TCP 状态 ID 100 的实例,据我所知这是 undocumented。这个状态是什么意思?我的猜测是这些是死连接,我可能可以将它们过滤掉,但我希望有人知道这个问题的答案。
public const string TcpConnectionNamespace = Wmi.StandardCimv2Namespace;
public const string TcpConnectionClassName = "MSFT_NetTCPConnection";
public const string ProcessIdKey = "OwningProcess";
public const string LocalAddressKey = "LocalAddress";
public const string LocalPortKey = "LocalPort";
public const string RemoteAddressKey = "RemoteAddress";
public const string RemotePortKey = "RemotePort";
public const string StateKey = "State";
public IEnumerable<TcpConnectionModel> GetTcpConnections()
{
var session = CimSession.Create(Server);
var instances = session.QueryInstances(
TcpConnection.TcpConnectionNamespace,
Wmi.QueryDialect,
$"Select * From {TcpConnection.TcpConnectionClassName}");
foreach (var instance in instances)
{
var processId = Convert.ToUInt32(instance.CimInstanceProperties[TcpConnection.ProcessIdKey].Value);
yield return new TcpConnectionModel()
{
ProcessId = processId,
ProcessName = _processService.GetProcessFromPid(processId).ProcessName,
LocalAddress = IPAddress.Parse(instance.CimInstanceProperties[TcpConnection.LocalAddressKey].Value.ToString()),
LocalPort = Convert.ToUInt16(instance.CimInstanceProperties[TcpConnection.LocalPortKey].Value.ToString()),
RemoteAddress = IPAddress.Parse(instance.CimInstanceProperties[TcpConnection.RemoteAddressKey].Value.ToString()),
RemotePort = Convert.ToUInt16(instance.CimInstanceProperties[TcpConnection.RemotePortKey].Value.ToString()),
State = TcpConnection.ConvertState(Convert.ToInt32(instance.CimInstanceProperties[TcpConnection.StateKey].Value))
};
}
}
TCP 状态
在Win Server 2008上的“Get-NetTCPConnection”输出中发现状态100。与相同命令在Win10上的输出相比,它似乎是“绑定”的意思。
输出
(LocalAddress = 0.0.0.0,LocalPort = [高端口] RemoteAddress = 0.0.0.0,RemotePort = 0,State = Bound,AppliedSetting = [未显示],...)
您的机器上还有一个 Cmdlet 定义 XML,您可以检查一下。 “C:\Windows\System32\WindowsPowerShell\v1.0\Modules\NetTCPIP\MSFT_NetTCPConnection.cdxml”(搜索 NetTCPConnection.State 以获取枚举值)。