如何在本地地址中没有 0 的情况下在 powershell 中显示 netstat 命令?
How can I show the netstat command in powershell without the 0 in the Local address?
我希望我能解释一下,对不起我的英文
Proto Local Address Foreign Address State PID
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 1160
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:5040 0.0.0.0:0 LISTENING 8864
TCP 0.0.0.0:5357 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:7680 0.0.0.0:0 LISTENING 14052
TCP 0.0.0.0:49664 0.0.0.0:0 LISTENING 964
TCP 0.0.0.0:49665 0.0.0.0:0 LISTENING 872
TCP 0.0.0.0:49666 0.0.0.0:0 LISTENING 1696
TCP 0.0.0.0:49667 0.0.0.0:0 LISTENING 1448
TCP 0.0.0.0:49668 0.0.0.0:0 LISTENING 3380
TCP 0.0.0.0:49710 0.0.0.0:0 LISTENING 944
但我想要的
Local Address
135
445
5040
5357
7680
49664
49665
49666
49667
49668
49710
还有,我怎样才能用什么代码在屏幕上显示这个?
Get-NetTCPConnection 是 netstat 的 powershell 等价物,它有助于区分您要查找的端口号。例如,这是正常情况下的样子:
Get-NetTCPConnection -LocalAddress 0.0.0.0 -State Listen
LocalAddress LocalPort RemoteAddress RemotePort State AppliedSetting OwningProcess
------------ --------- ------------- ---------- ----- -------------- -------------
0.0.0.0 58369 0.0.0.0 0 Listen 3892
0.0.0.0 49677 0.0.0.0 0 Listen 792
0.0.0.0 49672 0.0.0.0 0 Listen 3900
然后要仅显示端口号,您可以添加 Select-Object:
Get-NetTCPConnection -State Listen |
Select-Object -ExpandProperty LocalPort
58369
49677
49672
编辑:通过监听地址过滤,可以使用-LocalAddress参数,或者使用Where-Object:
# Using LocalAddress
Get-NetTCPConnection -LocalAddress 0.0.0.0,127.0.*,192.168.* -State Listen
LocalAddress LocalPort RemoteAddress RemotePort State AppliedSetting OwningProcess
------------ --------- ------------- ---------- ----- -------------- -------------
127.0.0.1 62522 0.0.0.0 0 Listen 3432
0.0.0.0 58369 0.0.0.0 0 Listen 3892
127.0.0.1 50595 0.0.0.0 0 Listen 16596
如果字符串输出是可接受的,那么获得所需结果的最简单方法之一就是使用 regex 简单地删除不需要的字符串。但是它会弄乱格式。
(netstat -ano) -replace '0\.0\.0\.0:'
Proto Local Address Foreign Address State PID
TCP 135 0 LISTENING 868
TCP 445 0 LISTENING 4
TCP 5040 0 LISTENING 7288
TCP 5357 0 LISTENING 4
TCP 5985 0 LISTENING 4
TCP 6783 0 LISTENING 5128
TCP 47001 0 LISTENING 4
TCP 49664 0 LISTENING 976
TCP 127.0.0.1:6463 0 LISTENING 14660
TCP 127.0.0.1:6800 0 LISTENING 7468
TCP 127.0.0.1:8094 0 LISTENING 4348
这是 Powershell 基于对象的输出的一个巨大缺点。如果您愿意,可以尝试手动更正对齐方式..
(netstat -ano) -replace '0\.0\.0\.0:(\d+)',' '
Proto Local Address Foreign Address State PID
TCP 135 0 LISTENING 868
TCP 445 0 LISTENING 4
TCP 5040 0 LISTENING 7288
TCP 5357 0 LISTENING 4
TCP 5985 0 LISTENING 4
TCP 6783 0 LISTENING 5128
TCP 47001 0 LISTENING 4
TCP 127.0.0.1:8094 0 LISTENING 4348
TCP 127.0.0.1:8763 0 LISTENING 5128
TCP 127.0.0.1:9527 0 LISTENING 5128
TCP 127.0.0.1:37014 0 LISTENING 4576
同样,这些示例实际上只对查看它的用户有益。如果以后要使用这些数据,则必须对其进行解析。在这一点上,你真的应该看看 powershell 的替代方案,例如 Cpt.Whale's 显示。
如果不使用Get-NetTCPConnection
这是一个如何正确解析 netstats 输出的示例,类似于 Get-NetTCPConnection
对象是根据正则表达式的捕获组名称自动创建的
$RegexNetstat = @'
(?x)
# parse output from: "netstat -a -n -o
# you do not need to skip or filter lines like: "| Select-Object -Skip 4"
# because this correctly captures records with empty States
^\s+
(?<Protocol>\S+)
\s+
(?<LocalAddress>\S+)
\s+
(?<ForeignAddress>\S+)
\s+
(?<State>\S{0,})?
\s+
(?<Pid>\S+)$
'@
if (! $NetstatStdout) {
$NetstatStdout = & netstat -a -n -o
}
# If you're on Pwsh7 you can simplify it using null-*-operators
# $NetstatStdout ??= & netstat -a -n -o
function Format-NetStat {
param(
# stdin
[Parameter(Mandatory, ValueFromPipeline)]
[AllowEmptyString()]
[AllowNull()]
[Alias('Stdin')]
[string]$Text
)
process {
if ($Text -match $RegexNetstat) {
$Matches.Remove(0)
$hash = $Matches
$hash['Process'] = Get-Process -Id $hash.Pid
$hash['ProcessName'] = $hash['Process'].ProcessName
$hash['LocalPort'] = $hash['LocalAddress'] -split ':' | select -last 1
[pscustomobject]$Matches
}
}
}
管道结果
它们是真正的对象,因此您可以照常进行管道、过滤、分组等操作。 (我为这个演示缓存了 Stdout,所以你可以比较相同结果的输出)
用法:
$Stats = $NetstatStdout | Format-NetStat
$stats | Format-Table
您的原始栏布局
PS> $stats | Ft -AutoSize Protocol, LocalPort, ForeignAddress, State, PID
Protocol LocalPort ForeignAddress State Pid
-------- --------- -------------- ----- ---
TCP 135 0.0.0.0:0 LISTENING 1484
TCP 445 0.0.0.0:0 LISTENING 4
TCP 808 0.0.0.0:0 LISTENING 5608
TCP 5040 0.0.0.0:0 LISTENING 9300
TCP 5357 0.0.0.0:0 LISTENING 4
TCP 5432 0.0.0.0:0 LISTENING 7480
TCP 11629 0.0.0.0:0 LISTENING 14400
TCP 27036 0.0.0.0:0 LISTENING 9196
TCP 49664 0.0.0.0:0 LISTENING 1116
TCP 49665 0.0.0.0:0 LISTENING 880
TCP 49666 0.0.0.0:0 LISTENING 1012
TCP 49667 0.0.0.0:0 LISTENING 1272
TCP 49668 0.0.0.0:0 LISTENING 3440
TCP 49669 0.0.0.0:0 LISTENING 4892
TCP 49678 0.0.0.0:0 LISTENING 1096
TCP 57621 0.0.0.0:0 LISTENING 14400
TCP 1053 127.0.0.1:1054 ESTABLISHED 22328
TCP 1054 127.0.0.1:1053 ESTABLISHED 22328
TCP 5354 0.0.0.0:0 LISTENING 5556
TCP 5354 127.0.0.1:49671 ESTABLISHED 5556
TCP 5354 127.0.0.1:49672 ESTABLISHED 5556
TCP 6463 0.0.0.0:0 LISTENING 16780
TCP 7659 127.0.0.1:7660 ESTABLISHED 18428
TCP 7660 127.0.0.1:7659 ESTABLISHED 18428
TCP 7661 127.0.0.1:7662 ESTABLISHED 4792
TCP 7662 127.0.0.1:7661 ESTABLISHED 4792
TCP 7665 127.0.0.1:7666 ESTABLISHED 1340
TCP 7666 127.0.0.1:7665 ESTABLISHED 1340
TCP 7667 127.0.0.1:7668 ESTABLISHED 11212
TCP 7668 127.0.0.1:7667 ESTABLISHED 11212
我希望我能解释一下,对不起我的英文
Proto Local Address Foreign Address State PID
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 1160
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:5040 0.0.0.0:0 LISTENING 8864
TCP 0.0.0.0:5357 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:7680 0.0.0.0:0 LISTENING 14052
TCP 0.0.0.0:49664 0.0.0.0:0 LISTENING 964
TCP 0.0.0.0:49665 0.0.0.0:0 LISTENING 872
TCP 0.0.0.0:49666 0.0.0.0:0 LISTENING 1696
TCP 0.0.0.0:49667 0.0.0.0:0 LISTENING 1448
TCP 0.0.0.0:49668 0.0.0.0:0 LISTENING 3380
TCP 0.0.0.0:49710 0.0.0.0:0 LISTENING 944
但我想要的
Local Address
135
445
5040
5357
7680
49664
49665
49666
49667
49668
49710
还有,我怎样才能用什么代码在屏幕上显示这个?
Get-NetTCPConnection 是 netstat 的 powershell 等价物,它有助于区分您要查找的端口号。例如,这是正常情况下的样子:
Get-NetTCPConnection -LocalAddress 0.0.0.0 -State Listen
LocalAddress LocalPort RemoteAddress RemotePort State AppliedSetting OwningProcess
------------ --------- ------------- ---------- ----- -------------- -------------
0.0.0.0 58369 0.0.0.0 0 Listen 3892
0.0.0.0 49677 0.0.0.0 0 Listen 792
0.0.0.0 49672 0.0.0.0 0 Listen 3900
然后要仅显示端口号,您可以添加 Select-Object:
Get-NetTCPConnection -State Listen |
Select-Object -ExpandProperty LocalPort
58369
49677
49672
编辑:通过监听地址过滤,可以使用-LocalAddress参数,或者使用Where-Object:
# Using LocalAddress
Get-NetTCPConnection -LocalAddress 0.0.0.0,127.0.*,192.168.* -State Listen
LocalAddress LocalPort RemoteAddress RemotePort State AppliedSetting OwningProcess
------------ --------- ------------- ---------- ----- -------------- -------------
127.0.0.1 62522 0.0.0.0 0 Listen 3432
0.0.0.0 58369 0.0.0.0 0 Listen 3892
127.0.0.1 50595 0.0.0.0 0 Listen 16596
如果字符串输出是可接受的,那么获得所需结果的最简单方法之一就是使用 regex 简单地删除不需要的字符串。但是它会弄乱格式。
(netstat -ano) -replace '0\.0\.0\.0:'
Proto Local Address Foreign Address State PID
TCP 135 0 LISTENING 868
TCP 445 0 LISTENING 4
TCP 5040 0 LISTENING 7288
TCP 5357 0 LISTENING 4
TCP 5985 0 LISTENING 4
TCP 6783 0 LISTENING 5128
TCP 47001 0 LISTENING 4
TCP 49664 0 LISTENING 976
TCP 127.0.0.1:6463 0 LISTENING 14660
TCP 127.0.0.1:6800 0 LISTENING 7468
TCP 127.0.0.1:8094 0 LISTENING 4348
这是 Powershell 基于对象的输出的一个巨大缺点。如果您愿意,可以尝试手动更正对齐方式..
(netstat -ano) -replace '0\.0\.0\.0:(\d+)',' '
Proto Local Address Foreign Address State PID
TCP 135 0 LISTENING 868
TCP 445 0 LISTENING 4
TCP 5040 0 LISTENING 7288
TCP 5357 0 LISTENING 4
TCP 5985 0 LISTENING 4
TCP 6783 0 LISTENING 5128
TCP 47001 0 LISTENING 4
TCP 127.0.0.1:8094 0 LISTENING 4348
TCP 127.0.0.1:8763 0 LISTENING 5128
TCP 127.0.0.1:9527 0 LISTENING 5128
TCP 127.0.0.1:37014 0 LISTENING 4576
同样,这些示例实际上只对查看它的用户有益。如果以后要使用这些数据,则必须对其进行解析。在这一点上,你真的应该看看 powershell 的替代方案,例如 Cpt.Whale's
如果不使用Get-NetTCPConnection
这是一个如何正确解析 netstats 输出的示例,类似于 Get-NetTCPConnection
对象是根据正则表达式的捕获组名称自动创建的
$RegexNetstat = @'
(?x)
# parse output from: "netstat -a -n -o
# you do not need to skip or filter lines like: "| Select-Object -Skip 4"
# because this correctly captures records with empty States
^\s+
(?<Protocol>\S+)
\s+
(?<LocalAddress>\S+)
\s+
(?<ForeignAddress>\S+)
\s+
(?<State>\S{0,})?
\s+
(?<Pid>\S+)$
'@
if (! $NetstatStdout) {
$NetstatStdout = & netstat -a -n -o
}
# If you're on Pwsh7 you can simplify it using null-*-operators
# $NetstatStdout ??= & netstat -a -n -o
function Format-NetStat {
param(
# stdin
[Parameter(Mandatory, ValueFromPipeline)]
[AllowEmptyString()]
[AllowNull()]
[Alias('Stdin')]
[string]$Text
)
process {
if ($Text -match $RegexNetstat) {
$Matches.Remove(0)
$hash = $Matches
$hash['Process'] = Get-Process -Id $hash.Pid
$hash['ProcessName'] = $hash['Process'].ProcessName
$hash['LocalPort'] = $hash['LocalAddress'] -split ':' | select -last 1
[pscustomobject]$Matches
}
}
}
管道结果
它们是真正的对象,因此您可以照常进行管道、过滤、分组等操作。 (我为这个演示缓存了 Stdout,所以你可以比较相同结果的输出)
用法:
$Stats = $NetstatStdout | Format-NetStat
$stats | Format-Table
您的原始栏布局
PS> $stats | Ft -AutoSize Protocol, LocalPort, ForeignAddress, State, PID
Protocol LocalPort ForeignAddress State Pid
-------- --------- -------------- ----- ---
TCP 135 0.0.0.0:0 LISTENING 1484
TCP 445 0.0.0.0:0 LISTENING 4
TCP 808 0.0.0.0:0 LISTENING 5608
TCP 5040 0.0.0.0:0 LISTENING 9300
TCP 5357 0.0.0.0:0 LISTENING 4
TCP 5432 0.0.0.0:0 LISTENING 7480
TCP 11629 0.0.0.0:0 LISTENING 14400
TCP 27036 0.0.0.0:0 LISTENING 9196
TCP 49664 0.0.0.0:0 LISTENING 1116
TCP 49665 0.0.0.0:0 LISTENING 880
TCP 49666 0.0.0.0:0 LISTENING 1012
TCP 49667 0.0.0.0:0 LISTENING 1272
TCP 49668 0.0.0.0:0 LISTENING 3440
TCP 49669 0.0.0.0:0 LISTENING 4892
TCP 49678 0.0.0.0:0 LISTENING 1096
TCP 57621 0.0.0.0:0 LISTENING 14400
TCP 1053 127.0.0.1:1054 ESTABLISHED 22328
TCP 1054 127.0.0.1:1053 ESTABLISHED 22328
TCP 5354 0.0.0.0:0 LISTENING 5556
TCP 5354 127.0.0.1:49671 ESTABLISHED 5556
TCP 5354 127.0.0.1:49672 ESTABLISHED 5556
TCP 6463 0.0.0.0:0 LISTENING 16780
TCP 7659 127.0.0.1:7660 ESTABLISHED 18428
TCP 7660 127.0.0.1:7659 ESTABLISHED 18428
TCP 7661 127.0.0.1:7662 ESTABLISHED 4792
TCP 7662 127.0.0.1:7661 ESTABLISHED 4792
TCP 7665 127.0.0.1:7666 ESTABLISHED 1340
TCP 7666 127.0.0.1:7665 ESTABLISHED 1340
TCP 7667 127.0.0.1:7668 ESTABLISHED 11212
TCP 7668 127.0.0.1:7667 ESTABLISHED 11212