Original address-Small sea: http://www.cnblogs.com/xxcanghai/p/4958577.html Preface
To be exact, he is a network connection Port viewer, which can check the port according to the process, or check the process according to the port. At the beginning of the period is due to the use of fiddler when the Discovery can not start, the port is occupied, but do not know what method to find out which program occupies the fiddler port, then use the command line netstat command with the Find command to find, Then I wanted to write a similar tool to help us speed up the location of similar port problems.
PS: It can be predicted that many people will say why not use 360 web link Viewer, or other similar software, more powerful interface more beautiful Balabala ...?
A: Because I like the bat batch, I like the command line, like can be done with a few commands to do not use a different software to do, more importantly, enjoy the process of writing code.
How to use
The main functions are two:
1. Query which port numbers are used by a process, including all instances of the same process name, and the TCP and UDP ports they occupy separately.
2. See which process is used by a port, including remote IP and local IP, and all TCP and UDP ports
How to read the display list
Program Interface:
This program returns values using the netstat command under the Windows command line.
What is the netstat command?
Netstat, in the Internet RFC standard, NETSTAT is defined as: Netstat is a program that accesses the network and related information in the kernel, and it provides reports on TCP connections, TCP and UDP snooping, and process memory management.
The specific usage of the netstat command can be found in: netstat Baidu Encyclopedia, WIKI, how to use the netstat command to view port occupancy issues, etc.
What is PID?
The PID (ProcessID) operating system refers to the process ID number. Each program opened in the operating system will create a process ID, which is the PID.
PID is the identity of each process, and the program is automatically assigned to the process of a unique PID. After the process aborts, the PID is reclaimed by the system and may continue to be assigned to the new running program.
The PID column represents the process ID of each process, that is, the PID is the identity of each process.
What are the types and meanings of the status field?
Connection status. In the original mode there is no state, in the User Datagram Protocol also often has no state, so the status column can be empty. If there is a status, the value is usually:
LISTEN
Listening for connection requests from a remote TCP port
Syn-sent
Wait for a matching connection request after sending a connection request
Syn-received
Wait for the connection request after receiving and sending a connection request indeed
Established
Represents an open connection
Fin-wait-1
Waiting for a remote TCP connection to interrupt the request, or the acknowledgement of a previous connection interrupt request
Fin-wait-2
Waiting for connection interrupt request from remote TCP
Close-wait
Waiting for a connection interrupt request from a local user
CLOSING
Wait for the remote TCP acknowledgement of the connection interruption
Last-ack
Acknowledgement of the connection interrupt request waiting for the original send to remote TCP
Time-wait
Wait enough time to ensure that the remote TCP receives a connection interrupt request acknowledgement
CLOSED
No connection Status
What is a local address, an external address?
Simply put, the local address is the current IP address and port that is linked to your native communication, and the external address is the current remote server address and port to which this link is linked.
Of course, both local and external addresses may be local addresses, and general ports are different. A typical application is the agent service software
See also: The explanation of the relevant address in Port encyclopedia, or the four-class address concept in the NAT concept, is helpful to understand.
Query the port number occupied by a process
Here we query the port number occupied by Fiddler.exe, select 1 in the main interface, enter. Re-enter Fiddler return
You can see the red box, fiddler occupies the local IPv4 and IPv6 8888 ports, and has been in the listening (LISTENING) state.
Note: The last line of [::] represents all addresses of the IPv6, equivalent to the 0.0.0.0 address of the IPV4
This address has different names in different environments, and in the routing table he represents the default route. In network programming, if you listen to the port of this address, it can be equivalent to a port that listens to both the local loopback address 127.0.0.1 and the localhost address as well as the local address of all network cards on this computer (such as 192.168.1.100).
Conversely, if you only listen to the current network card local address 192.168.1.100 port, the use of 127.0.0.1 address will not access
Reference to what is 0.0.0.0 address: WIKI, here
The differences between 0.0.0.0 and 127.0.0.1 can be found in the following: Red-black, library, StackOverflow, and informed discussions
Okay, pull it off. Bat usage, see the local full 0 address, and listening status, you can tell this program fiddler in the use of 8888 port, at this time if there are other programs such as IIS, Tom Cat and other programs to start the same port will be an error.
Then look at the occupation of QQ:
You can see that there are currently two processes called QQ.exe, their respective link cases and TCP, UDP links.
Query which process is occupied by a port
Here we still test fiddler 8888 Port, here Enter 2 return car, input port number 8,888 return car, view results:
You can see that port 8888 is occupied by Fiddler.exe (listening) on IPv4 and IPv6.
Help information:
Note: If you are unable to use or the query is unresponsive, enable this batch with administrator privileges by referencing the article I wrote earlier: How to create a CMD command Prompt window for administrator rights
Program source Code
How to use: Copy all of the following code after saving to the. bat file, run directly.
Batch-processing code:
::Netstatfilter Network Connection Viewer @ Little Sea xxcanghai.cnblogs.com by:2015 June 29@echo off: Starttitle Netstatfilter by: XxcanghaiSETLOCALenableextensions&SETLOCALenabledelayedexpansionCLS::##### #config ######SetPcename=SetPid=Setport=::Inner configSetErrorcode=0: MenuCLS&Echo----------Netstatfilter----------Echo[1] query Specifies the port number used by the process nameEcho[2] to see which process is using the specified portEcho[3] Help informationEcho.Set/p= Please enter the corresponding number:<nulSet Select=3&Set/PSelect=if/I "%select%" = = "Q"Exit/bif/I "%select%" = = "Exit"Exit/bif"%select%" = = "1"Goto : menuitem1if"%select%" = = "2"Goto : menuitem2if"%select%" = = "3"Goto : HelpCLS&Goto : Menu: menuitem1Set/p= Please enter the name of the process to query:<nulSetpcename=&Set/P Pcename=if/I "%pcename%" = = "Q"Goto : Menuif"%pcename%" = = ""Goto : menuitem1if"%pcename:.=%" = = "%pcename%"SetPcename=%pcename%.EXEPager : Getpid"%pcename%"PIDEchoProcess:%pcename%,pid:%pid%Pager : Getnetbypid"%pid%"Echo@1END&Pause>nul&Goto Start: menuitem2Set/p= Please enter the port number to query:<nulSetport=&Set/P port=if/I "%PORT%" = = "Q"Goto : Menuif"%PORT%" = = ""Goto : menuitem2Pager : Getnetbyport"%PORT%"Echo@2END&Pause>nul&Goto Start: HelpCLSEcho┏━━━━━━━━━━━━━━netstatfilter━━━━━━━━━━━━━━━━┓Echo┃netstat Command Auxiliary tool @ the little sea xxcanghai.cnblogs.Com┃Echo┃┃Echo┃1.you can query which ports a process uses, contain multiple instances of a process with the same name, and all TCP and UDP ports ┃Echo┃2. Can query which processes are being used by the specified port, and local/remote IP port and current connection status ┃Echo┃= Note =┃Echo┃※1.If you are unable to use or do not respond to queries please perform this batch with administrator privileges by referring to the above blog post ┃Echo┗━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┛EchoPress any key to return to the main menu &Pause>nul&Goto Start::# # # # #get pid by process#####::[Tasklist] Example::cmd.exe 11132 Console 1 3,000 K::cmd.exe 8204 Console 1 2,728 K::cmd.exe 10060 Console 1 2,996 K: Getpidif not"%~1" = = "" (SetPid= for/F "tokens=2 delims="%%i in (' Tasklist/fi "imagename eq%~1"/NH/FO table^|Find/i "%~1") Do(Setpid=! Pid!%%i,)if"! pid! " =="" (SetErrorcode=101Echo[ERROR] ProcessName "%~1" is notfoundPause>nul&Goto Start)Else(Setpid=! Pid:~0,-1! )Set %2=! Pid! Goto : EOF)::# # # # #get netstat by pid#####::[Netstat] example:::Proto Local Address Foreign address State PID::TCP 0.0.0.0:80 0.0.0.0:0 LISTENING 4::UDP [:: 1]:50575 *:* 5108: Getnetbypidif not"%~1" = = "" (SetPid=%~1 for/F "tokens=1,* delims=,"%%a in ("! pid! ") Do(SetSubpid=%%aSetPid=%%b::Get TCP Echo[pid-!subpid!]: for/F "delims="%%z in (' Netstat-a-n-o^|Find":"‘) Do(SetTline=%%z::netstat The IPv6 result contains the% symbol, the% symbol will be error in call delivery, then replace% with $ and then pass Settline=!tline:%%=$! Pager : Getnetinfo"!tline!"tproto tlocaladd tforeignadd tstate TPIDSettline=!tline:$=%%! ::Replace the $ symbol back with the% symbol when call is finished if"!tpid!" = = "!subpid!" (Echo!tline! ) ) )if not"! pid! " =="" (Pager %0"! pid! ")Goto : EOF)::# # # # #get netstat by port#####: Getnetbyportif not"%~1" = = "" (SetPort=%~1 for/F "tokens=1,* delims=,"%%a in ("! Port! ") Do(Setmyport=%%aSetport=%%b::port==8888 for/F "delims="%%z in (' Netstat-a-n-o^|Find/I ":!myport!" ') Do(SetTline=%%zSettline=!tline:%%=$! Pager : Getnetinfo"!tline!"tproto tlocaladd tforeignadd tstate TPIDSettline=!tline:$=%%! Echo!tline! for/F "Tokens=1 delims="%%j in (' Tasklist/nh/fi ' PID eq!tpid! "') Do(Echo[%%j]) ) ))Goto : EOFEcho END.&Pause>nul&Goto StartExit::# # # # #FUNCTION #####: Getnetinfo::to separate a row of Netstat-ano into different variables::call:getnetinfo "<netstat output line>" Tproto tlocaladd tforeignadd tstate TPIDif not"%~1" = = "" ( for/F "tokens=1,2,3,4,5 delims="%%i in ("%~1") Do(Set %2=%%iSet %3=%%jSet %4=%%kif"%%i" = = "TCP" (Set %5=%%lSet %6=%%m)Else(Set %5=Set %6=%%l) ))Goto : EOF::# # # # #FUNCTION #####: Split::%0 is the function name itself: split,%1 is the passed value,%~1 is the double quote in the delete variable "::in this sub-search function, the filter is separated by/symbol and the first value of the split is obtained .::The remaining value of the partition is then re-assigned to the filter and called itself until the filter is empty, returningSetSubf=%~1 for/F "tokens=1,* delims=,"%%j in ("%subf%") Do(Setsubf=%%k)if not"!subf!" =="" (Pager %0"!subf!")Goto : EOF::# # # # #FUNCTION #####: FUN1Goto : EOF
[Batch processing] Netstatfilter Quick Find port occupancy issues