在另一篇文章中,我们解释了计算机端口及其用途(explained computer ports and what they’re used for)。除此之外,我们还能用端口信息做什么?由于所有进出计算机的流量都通过端口,我们可以检查它们以了解它们在做什么。也许端口没有监听流量?也许某些东西正在使用不应该使用的端口?
我们将使用Windows命令netstat查看我们的监听端口和PID(进程 ID(Process ID))。我们还将看看我们可以用这些信息做什么。
什么是 Netstat?(What Is Netstat?)
netstat 命令是单词“network”和“statistics”的组合。netstat 命令适用于从Windows XP到Windows 10的所有(Windows 10)Windows版本。它也用于Unix(Unix)和Linux等其他操作系统 (OS) ,但我们将在这里坚持使用Windows。
Netstat 可以为我们提供:
- 端口使用的协议的名称(TCP或UDP)。
- 计算机的本地 IP 地址和名称以及正在使用的端口号。
- 我们要连接的 IP 地址和端口号。
- TCP连接的状态。有关这些状态的详细信息,请阅读RFC 793 的事件处理部分(Event Processing section of RFC 793)。
使用 Netstat 查看监听端口和 PID(Using Netstat To See Listening Ports & PID)
- 使用组合键Win Key + X。在打开的菜单中,选择Command Prompt。
- 输入(Enter)命令
netstat -a -n -o
. netstat 的参数前面有一个连字符,而不是像许多其他命令一样的正斜杠。-a 告诉它向我们显示所有活动连接和计算机正在侦听的端口。
-n 告诉 netstat 仅将 IP 地址和端口显示为数字。我们告诉它不要尝试解析名称。这使得显示更快速、更整洁。-o 告诉 netstat 包括PID。稍后我们将使用PID来找出正在使用特定端口的进程。
- 查看(View)结果并记下地址、端口号、状态和PID。假设我们想知道什么在使用端口 63240。请注意,它的PID是 8552,它连接到端口 443 上的 IP 地址 172.217.12.138。
那个端口在用什么?(What’s Using That Port?)
- 打开任务管理器(Task Manager)。Ctrl + Shift + Esc最容易做到这一点。
- 单击详细信息(Details )选项卡。为了便于查找,请单击PID列标题以对PID(PIDs)进行数字排序。
- 向下滚动到 PID 8552并查看它是什么进程。在这种情况下,它是googledrivesync.exe。但真的是这样吗?有时病毒可以使自己看起来像合法进程。
- 在网络浏览器中,转到ipinfo.io。输入 IP 地址172.217.12.138。如我们所见,IP 地址已注册到Google。所以这个 googledrivesync.exe 是合法的。
如何在 PowerShell 中获取端口、PID 和进程名称(How To Get Port, PID, & Process Name In PowerShell)
PowerShell是 Microsoft 在(PowerShell)Windows中使用命令行界面的新方法。我们说更新,但它已经有好几个版本了。即使您是家庭用户,也(learn PowerShell even if you’re a home user)应该学习 PowerShell 。
大多数Windows命令也可以在PowerShell中使用,而且我们可以将它们与PowerShell的 cmdlet 结合使用——发音为command-lets。Winteltools.com的Joe提供了此方法的脚本。
$netstat = netstat -aon | Select-String -pattern "(TCP|UDP)"
$processList = Get-Process
foreach ($result in $netstat) {
$splitArray = $result -split " "
$procID = $splitArray[$splitArray.length – 1]
$processName = $processList | Where-Object {$_.id -eq $procID} | select processname
$splitArray[$splitArray.length – 1] = $procID + " " + $processName.processname
$splitArray -join " "
}
- 将文件另存为get-NetstatProcessName.ps1。请务必记下它的保存位置。将Save as type:(Save as type: )更改为All Files (*.*)很重要,否则它将保存为 get-NetstatProcessName.ps1 .txt并且对我们不起作用。
- 打开PowerShell并导航到保存脚本的位置。在这种情况下,它是 <pre>cd C:Scripts</pre>。按Enter运行命令。
- 现在我们可以看到所有传统的 netstat 信息加上进程名称。不再需要打开任务管理器(Task Manager)。
去拿他们(Go Get Them)
我们已经介绍了两种使用 netstat 命令查看监听端口的方法。它可以在旧的命令提示符(Command Prompt)或PowerShell脚本中使用。通过它可以提供给我们的信息,我们研究了它如何帮助我们弄清楚我们的计算机在做什么。
如果您认为 netstat 是一个很棒的实用程序,请查看其他一些Windows TCP/IP 实用程序,例如 tracert、ipconfig 和 nslookup。或者使用资源监视器更好地查看隐藏的网站和 Internet 连接(use Resource Monitor to get a better look into hidden website and Internet connections)。您可以做很多事情来准确了解您的计算机在做什么。
您是否使用过 netstat 来解决问题?请(Please)告诉我们你做了什么。有关如何使用 netstat 的任何问题?请(Please)在下面的评论中询问我们。
Use Netstat to See Listening Ports and PID in Windows
In another artіcle, we explained computer ports and what they’re used for. Other than that, what can we do with port information? Since all traffic in and out of the computer goes through ports, we can check on them to see what they’re doing. Maybe the port isn’t listening for traffic? Maybe something is using a port that shouldn’t be?
We’re going to use the Windows command netstat to see our listening ports and PID (Process ID). We’re also going to see what we can do with that information.
What Is Netstat?
The netstat command is a combination of the words ‘network’ and ‘statistics’. The netstat command works in all versions of Windows from Windows XP right up to Windows 10. It’s also used in other operating systems (OS) like Unix and Linux, but we’ll stick to Windows here.
Netstat can provide us with:
- The name of the protocol the port is using (TCP or UDP).
- The local IP address and name of the computer and the port number being used.
- The IP address and port number to which we’re connecting.
- The state of a TCP connection. For details on what these states are, read the Event Processing section of RFC 793.
Using Netstat To See Listening Ports & PID
- Use the key combination Win Key + X. In the menu that opens, select Command Prompt.
- Enter the command <pre>netstat -a -n -o</pre>. The parameters for netstat are preceded with a hyphen, not a forward slash like many other commands. The -a tells it to show us all active connections and the ports on which the computer is listening.
The -n tells netstat to show the IP addresses and ports as numbers only. We’re telling it to not try to resolve the names. This makes for a quicker and neater display. The -o tells netstat to include the PID. We’ll use the PID later to find out what process is using a specific port.
- View the results and take note of the addresses, port numbers, state, and PID. Let’s say we want to know what’s using port 63240. Note that its PID is 8552 and it’s connecting to the IP address 172.217.12.138 on port 443.
What’s Using That Port?
- Open Task Manager. That’s most easily done by using the key combination Ctrl + Shift + Esc.
- Click on the Details tab. To make this easier to find, click on the PID column header to sort the PIDs numerically.
- Scroll down to PID 8552 and see what process it is. In this case, it’s googledrivesync.exe. But is it really? Sometimes viruses can make themselves look like legitimate processes.
- In a web browser, go to ipinfo.io. Enter the IP address 172.217.12.138. As we can see, the IP address is registered to Google. So this googledrivesync.exe is a legitimate one.
How To Get Port, PID, & Process Name In PowerShell
PowerShell is Microsoft’s newer way to use a command-line interface with Windows. We say newer, but it’s been around for several versions. You should learn PowerShell even if you’re a home user.
Most Windows commands also work in PowerShell, plus we can combine them with PowerShell’s cmdlets – pronounced command-lets. Joe at Winteltools.com provides the script for this method.
- Open Notepad and enter the following code:
$netstat = netstat -aon | Select-String -pattern "(TCP|UDP)"
$processList = Get-Process
foreach ($result in $netstat) {
$splitArray = $result -split " "
$procID = $splitArray[$splitArray.length – 1]
$processName = $processList | Where-Object {$_.id -eq $procID} | select processname
$splitArray[$splitArray.length – 1] = $procID + " " + $processName.processname
$splitArray -join " "
}
- Save the file as get-NetstatProcessName.ps1. Make sure to note where it’s being saved. It’s important to change the Save as type: to All Files (*.*) or it will get saved as get-NetstatProcessName.ps1.txt and it won’t work for us.
- Open PowerShell and navigate to the location in which the script was saved. In this case, it’s <pre>cd C:\Scripts</pre>. Hit Enter to run the command.
- Run the script using dot-sourcing to make it work. That means use ./ before the name of the file. The command will be <pre>./get-NetstatProcessName.ps1</pre>
- Now we can see all the traditional netstat info plus the process name. No need to open Task Manager anymore.
Go Get Them
We’ve covered two ways to use the netstat command to see listening ports. It can be used either in the old Command Prompt or within a PowerShell script. With the information it can give us, we’ve looked at how it can help us figure out what our computer is doing.
If you thought netstat is a great utility, take a look at some other Windows TCP/IP utilities like tracert, ipconfig, and nslookup. Or use Resource Monitor to get a better look into hidden website and Internet connections. There is a lot you can do to see exactly what your computer is doing.
Have you used netstat to solve a problem? Please tell us what you did. Any questions about how to use netstat? Please ask us in the comments below.