黑客必会：Windows上的netstat命令大全

netstat 是一种命令线网络工具，是一种方便的故障排除命令。它的跨平台实用工具意味着你可以在Linux，macOS或视窗上使用它。

netstat 可以非常方便在以下。

• 显示传入和传出网络连接
• 显示路由表
• 显示网络接口数量
• 显示网络协议统计

让我们开始吧...

显示所有连接

要从 netstat 开始，请参阅显示所有连接的命令。

netstat -a

键入上述命令并点击输入。您将看到来自不同状态的所有活动连接（如下图所示）。

C:\Windows\system32>netstat -a

Active Connections

Proto Local Address Foreign Address State
TCP 192.168.43.15:139 DESKTOP-A0PM5GD:0 LISTENING
TCP 192.168.43.15:52484 153:https ESTABLISHED
TCP 192.168.43.15:52532 ec2-13-228-49-204:https TIME_WAIT
UDP [fe80::998c:d2d:17df:65d9%12]:58903 *:*

您将看到一个头与原教旨，本地地址，外国地址，和国家。让我们看看关于他们的简短信息。

• Proto • 定义了插座的协议类型 （TCP、UDP 等）。
• 本地地址 • 显示您的计算机 IP 地址和端口、插座的本地端端。
• 外来地址 - 显示计算机连接到的远程计算机，插座的远程端。
• 状态 • 定义插座状态（听、已建立、CLOSE_WAIT、TIME_WAIT）。

我们可以以不同的方式过滤连接。让我们看看他们。

仅显示已建立的连接

我们已经在连接信息中看到了状态。您可以使用以下语法查看 Windows 服务器/到 Windows 服务器的所有已建立连接。

netstat | findstr ESTABLISHED

C:\Windows\system32>netstat | findstr ESTABLISHED
 TCP 172.16.179.128:49375 a23-77-202-113:http ESTABLISHED
C:\Windows\system32>

注意：要查看"听"，CLOSE_WAIT，TIME_WAIT，您可以使用如下内容。

要查看处于收听状态的连接更改已确定以前命令中"收听"的关键字。您将获得有关处于监听状态的连接的信息，具体如下。

netstat | findstr LISTENING

C:\Windows\system32>netstat | findstr LISTENING
  TCP 192.168.43.15:139 DESKTOP-A0PM5GD:0 LISTENING

同样，运行以下命令以查看处于CLOSE_WAIT状态的所有连接。

netstat | findstr CLOSE_WAIT

C:\Windows\system32>netstat | findstr CLOSE_WAIT
  TCP 192.168.43.15:52581 ec2-52-1-183-160:https CLOSE_WAIT
  TCP 192.168.43.15:52584 ec2-34-227-121-63:https CLOSE_WAIT

Finally, use the TIME_WAIT flag to get information about all the connections that are in TIME_WAIT state.

netstat | findstr TIME_WAIT

C:\Windows\system32>netstat | findstr TIME_WAIT
 TCP 192.168.43.15:52590 server-13-33-179-97:https TIME_WAIT

显示端口号使用的 PID

每个连接都是内部的过程。每个过程都有一个ID，它被称为PID。我们可以通过以下命令查看每个插座连接的 PID。

netstat -o

上述命令显示与 PID 的所有连接。让我们运行命令，看看我们如何获得结果。

C:\Windows\system32>netstat -o

Active Connections

Proto Local Address Foreign Address State PID
TCP 192.168.43.15:50664 40.90.189.152:https ESTABLISHED 3676
TCP 192.168.43.15:50733 40.90.189.152:https ESTABLISHED 10556

我们得到了一个额外的专栏称为PID。这是过程标识符。

当您必须找出哪个 PID 正在使用特定端口编号时，非常方便。

netstat –o | findstr $portnumber

如果您使用上述命令，您可以查看以下信息。

C:\Windows\system32>netstat -o | findstr 50664
  TCP 192.168.43.15:50664 40.90.189.152:https ESTABLISHED 3676

显示所有协议的统计数据

当您必须找出任何收到的头错误，收到地址错误，丢弃的包等有用的。它将列出来自 IPv4、IPv6、ICMPv4、ICMPv6、TCP、UDP 等的统计数据。

netstat –s

您将看到以下显示的所有协议的统计数据。

C:\Windows\system32>netstat -s
IPv4 Statistics

Packets Received = 1097370
Received Header Errors = 0
Received Address Errors = 9
Datagrams Forwarded = 0
Unknown Protocols Received = 0
Received Packets Discarded = 1425
Received Packets Delivered = 1098173
Output Requests = 743601
Routing Discards = 0
Discarded Output Packets = 43
Output Packet No Route = 23
Reassembly Required = 0
Reassembly Successful = 0
Reassembly Failures = 0
Datagrams Successfully Fragmented = 0
Datagrams Failing Fragmentation = 0
Fragments Created = 0

IPv6 Statistics

Packets Received = 24
Received Header Errors = 0
Received Address Errors = 0
Datagrams Forwarded = 0
Unknown Protocols Received = 0
Received Packets Discarded = 208
Received Packets Delivered = 519
Output Requests = 1507
Routing Discards = 0
Discarded Output Packets = 0
Output Packet No Route = 0
Reassembly Required = 0
Reassembly Successful = 0
Reassembly Failures = 0
Datagrams Successfully Fragmented = 0
Datagrams Failing Fragmentation = 0
Fragments Created = 0

ICMPv4 Statistics

Received Sent
Messages 52 143
Errors 0 0
Destination Unreachable 52 143
Time Exceeded 0 0
Parameter Problems 0 0
Source Quenches 0 0
Redirects 0 0
Echo Replies 0 0
Echos 0 0
Timestamps 0 0
Timestamp Replies 0 0
Address Masks 0 0
Address Mask Replies 0 0
Router Solicitations 0 0
Router Advertisements 0 0

ICMPv6 Statistics

Received Sent
Messages 0 25
Errors 0 0
Destination Unreachable 0 0
Packet Too Big 0 0
Time Exceeded 0 0
Parameter Problems 0 0
Echos 0 0
Echo Replies 0 0
MLD Queries 0 0
MLD Reports 0 0
MLD Dones 0 0
Router Solicitations 0 15
Router Advertisements 0 0
Neighbor Solicitations 0 5
Neighbor Advertisements 0 5
Redirects 0 0
Router Renumberings 0 0

TCP Statistics for IPv4

Active Opens = 4405
Passive Opens = 5
Failed Connection Attempts = 164
Reset Connections = 347
Current Connections = 19
Segments Received = 980542
Segments Sent = 674787
Segments Retransmitted = 5759

TCP Statistics for IPv6

Active Opens = 48
Passive Opens = 10
Failed Connection Attempts = 38
Reset Connections = 2
Current Connections = 0
Segments Received = 680
Segments Sent = 552
Segments Retransmitted = 128

UDP Statistics for IPv4

Datagrams Received = 117977
No Ports = 1385
Receive Errors = 1
Datagrams Sent = 54516

UDP Statistics for IPv6

Datagrams Received = 1036
No Ports = 208
Receive Errors = 0
Datagrams Sent = 1131

要快速找出任何错误，您可以使用语法。

netstat -s | findstr Errors

C:\Windows\system32>netstat -s | findstr Errors
 Received Header Errors = 0
 Received Address Errors = 0
 Received Header Errors = 0
 Received Address Errors = 0
 Errors 0 0
 Errors 0 0
 Receive Errors = 0
 Receive Errors = 0
C:\Windows\system32>

上述命令会过滤所有协议统计中的所有错误。

显示路由信息

要显示路由表，您可以使用以下语法。以下语法还将列出所有接口。

netstat –r

如果您使用上述命令，则您将看到下文所示的路由信息。

C:\Windows\system32>netstat -r

===========================================================================
Interface List
4...8c 16 45 32 4d 3c ......Realtek PCIe GBE Family Controller
16...d4 6d 6d 27 8a 9a ......Microsoft Wi-Fi Direct Virtual Adapter
5...d6 6d 6d 27 8a 99 ......Microsoft Wi-Fi Direct Virtual Adapter #2
12...d4 6d 6d 27 8a 99 ......Intel(R) Dual Band Wireless-AC 3165
10...d4 6d 6d 27 8a 9d ......Bluetooth Device (Personal Area Network)
1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.43.1 192.168.43.15 55
127.0.0.0 255.0.0.0 On-link 127.0.0.1 331
127.0.0.1 255.255.255.255 On-link 127.0.0.1 331
127.255.255.255 255.255.255.255 On-link 127.0.0.1 331
192.168.43.0 255.255.255.0 On-link 192.168.43.15 311
192.168.43.15 255.255.255.255 On-link 192.168.43.15 311
192.168.43.255 255.255.255.255 On-link 192.168.43.15 311
224.0.0.0 240.0.0.0 On-link 127.0.0.1 331
224.0.0.0 240.0.0.0 On-link 192.168.43.15 311
255.255.255.255 255.255.255.255 On-link 127.0.0.1 331
255.255.255.255 255.255.255.255 On-link 192.168.43.15 311
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 10.30.28.1 Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 331 ::1/128 On-link
12 311 fe80::/64 On-link
12 311 fe80::998c:d2d:17df:65d9/128
On-link
1 331 ff00::/8 On-link
12 311 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

显示界面统计

要查看所有界面的状态，您可以使用以下语法。这将显示已收到和发送的详细信息。

netstat -e

C:\Windows\system32>netstat -e
Interface Statistics
 Received Sent
Bytes 8988576 2105244
Unicast packets 12972 11880
Non-unicast packets 0 0
Discards 0 0
Errors 0 0
Unknown protocols 0
C:\Windows\system32>

显示完全合格的外国地址域名（远程主机）

如果您正在跟踪一些问题，并希望了解远程主机的 FQDN，则您可以使用以下语法。

netstat –f

如果您运行上述命令，则将看到类似的结果如下。

C:\Windows\system32>netstat -f
Proto Local Address Foreign Address State
TCP 192.168.43.15:50664 40.90.189.152:https LISTENING
TCP 192.168.43.15:51437 104.27.119.115:https ESTABLISHED

注意：您可以结合查找字句来显示以下精确的结果。

netstat –f | findstr ESTABLISHED

上述命令将过滤连接，仅显示已建立的连接。让我们看看一个例子。

C:\Windows\system32>netstat -f | findstr ESTABLISHED
TCP 192.168.43.15:51437 104.27.119.115:https ESTABLISHED

我们可以使用以下命令过滤使用域的连接。

netstat –f | findstr $domainnameifyouknow

指定命令中的域，您将看到以下过滤连接。

C:\Windows\system32>netstat -f | findstr ec2-52-202-6-97.compute-1.amazonaws.com
TCP 192.168.43.15:52573 ec2-52-202-6-97.compute-1.amazonaws.com:https ESTABLISHED

我希望这有助于您熟悉 Windows 上的 Netstat 命令使用情况。