批量解析 NETSTAT -ban 开关

Question

大量搜索未找到批量解析 netstat -bano 的解决方案(与 -nab、-bna、- 相同的开关anb、-nba、nabo 等)，因此来自给定网络连接的所有信息都在同一行上。

Netstat 的 -ban 开关用于:

-b = 显示可执行文件

-a = 显示所有连接和监听端口

-n = 以数字形式显示地址和端口。

-o = 显示每个连接的拥有进程 ID(即 PID)

但是 netstat 将文件名添加到下 行，使得处理输出非常困难。批量搜索没有找到任何答案。

我创建了一种通过查找 ](右括号)作为一行中的最后一个字符来解析它的方法。如果是 ]，则基本上输出“组合”行，该行现在包含可执行文件。

我的代码作为答案发布，但做得很丑陋，因为它必须使用文件而不是变量来处理解析。

Answer 1

此脚本的先前版本缺少反斜杠。此外，脚本会删除输出文件。将文件创建为 %computername%--NETSTAT.txt 而不是 NETSTAT--%computername%.txt 可以解决问题。

@ECHO OFF
SetLocal
REM Method of finding last character-of-a-string-from-a-variable
REM http://stackoverflow.com/a/15662607/1569434

REM Get the script's path so all needed files can sit in the same folder
SET SCRIPTPATH=%~p0
CD %SCRIPTPATH%

REM Read and pass each line in file one at a time to sub 'FindEXE'
SET CONCATLINE=
SET HEADERROW=
SET /A LINECOUNT = 0
@echo LINECOUNT = %LINECOUNT%
del %SCRIPTPATH%\netstat*.txt /q 2>nul

netstat -bano>%SCRIPTPATH%\netstat0.txt
REM Copy all lines except those with "TIME_WAIT" into text file
FINDSTR /V /I /C:"TIME_WAIT" %SCRIPTPATH%\netstat0.txt>%SCRIPTPATH%\netstat1.txt
REM Delete first two lines, which are a header and a blank line
for /f "skip=2 delims=*" %%a in (%SCRIPTPATH%\netstat1.txt) do (echo %%a>>%SCRIPTPATH%\netstat2.txt)

REM Search for and process file based on matching text
REM This sub begins putting each netstat connection on one line
for /f "delims=*" %%A in (%SCRIPTPATH%\netstat2.txt) do call :FindTXT1 %%A

REM netstat3 will have all data from given connection on one line
SET /A LINECOUNT = 0
for /f "delims=*" %%A in (%SCRIPTPATH%\netstat3.txt) do call :FindTXT2 %%A

REM Keep only header and unique (i.e., those with "[::]") 'listening' connections
FINDSTR /I /C:"LISTENING" /C:"Local Address" %SCRIPTPATH%\netstat4.txt>%SCRIPTPATH%\netstat5.txt
FINDSTR /I /C:"[::]:" /C:"Local Address" %SCRIPTPATH%\netstat5.txt>%SCRIPTPATH%\netstat6.txt

MOVE /Y %SCRIPTPATH%\netstat6.txt %SCRIPTPATH%\%computername%--NETSTAT.txt
del %SCRIPTPATH%\netstat*.txt /q 2>nul
@echo off

echo done.

EndLocal
goto :EOF




:FindTXT1
REM We've got a line sent to us. Set variable to entire line using * (instead of %1)
SET CURRENTLINE=%*
SET /A LINECOUNT = %LINECOUNT% + 1
REM Add line feed after header row and return to main script
IF "%LINECOUNT%" == "1" (
    SET HEADERROW=%CURRENTLINE%
    @ECHO %CURRENTLINE%> %SCRIPTPATH%\netstat3.txt
    goto :eof
    )

REM Append a comma and CURRENTLINE to CONCATLINE. NOTE: Script expecting comma; don't use semi-colon
SET CONCATLINE=%CONCATLINE%,%CURRENTLINE%

REM When echo line, remove first char (comma, inserted above) using:
REM http://ss64.com/nt/syntax-substring.html
REM If last char is "]" then print, otherwise append
IF "%CURRENTLINE:~-1%"=="]" (
    REM @echo right bracket=FOUND
    @echo %CONCATLINE:~1%>>%SCRIPTPATH%\netstat3.txt
    SET CONCATLINE=
        ) else (
    REM @echo right bracket=NOT found
    )

REM If line = "Can not obtain ownership information" then print, otherwise append
IF "%CURRENTLINE%"=="Can not obtain ownership information" (
    REM @echo No Ownership=TRUE
    @echo %CONCATLINE:~1%>>%SCRIPTPATH%\netstat3.txt
    SET CONCATLINE=
    )

goto :eof


:FindTXT2
REM We've got a line sent to us. Set variable to entire line using * (instead of %1)
SET CURRENTLINE=%*
SET /A LINECOUNT = %LINECOUNT% + 1
REM Add line feed after header row and return to main script
IF "%LINECOUNT%" == "1" (
    SET HEADERROW=%CURRENTLINE%
    @ECHO %CURRENTLINE%> %SCRIPTPATH%\netstat4.txt
    goto :eof
    )

REM If last char is "]" then search, otherwise append.
REM Without "DelayedExp...", variable sets to value from previous FOR loop
IF "%CURRENTLINE:~-1%"=="]" (
    SetLocal ENABLEDELAYEDEXPANSION
    REM IP6 EXEs result in 3 sets of [], so find and set var to last one, which is where EXE lives
    FOR /f "tokens=1,2,3,4,5,6 delims=[]" %%a in ("%CURRENTLINE%") do (
        SET BINNAME1=%%b
        SET BINNAME2=%%f
        IF "!BINNAME1!" == "::" (
            REM @ECHO BINNAME1=!BINNAME1!>>%SCRIPTPATH%\netstat4.txt
            SET BINNAME=!BINNAME2!
            REM @echo %CURRENTLINE%;BINNAME=!BINNAME2!>>%SCRIPTPATH%\netstat4.txt
            ) else (
            SET BINNAME=!BINNAME1!
            REM @echo %CURRENTLINE%;BINNAME=!BINNAME1!>>%SCRIPTPATH%\netstat4.txt
            )
        @echo %CURRENTLINE%;BINNAME=!BINNAME!>>%SCRIPTPATH%\netstat4.txt
        )
    ) else (
    @echo %CURRENTLINE%>>%SCRIPTPATH%\netstat4.txt
    SetLocal DISABLEDELAYEDEXPANSION
)

goto :eof