解析NETSTAT -ban批量开关 [英] Parsing NETSTAT -ban switches in batch

问题描述

多方查找，结果发现一批无解解析 netstat的-bano （同​​一交换机为 -nab ， -bna ， -anb ， -nba ，纳博等），因此从给定的网络连接的所有信息是对的同一行的

Extensive searches found no solution in batch to parse netstat -bano (same switch as -nab, -bna, -anb, -nba, nabo, etc.) so all info from a given network connection is on the same line.

用netstat 的 -ban 开关用于：

-b =显示可执行

= -a显示所有连接和侦听端口

-a = display all connections and listening ports

-N =显示地址和端口以数字形式。

-n = display addresses and ports in numerical form.

-o =显示每个连接拥有进程ID（即PID）

-o = display owning process ID for each connection (i.e., PID)

但netstat的添加文件名到的下次的线条，使得处理输出非常困难。广泛的搜索没有发现任何批次的答案。

But netstat adds the file name to the next line, making processing the output very difficult. Extensive searches didn't find any answers in batch.

我创建了一个通过寻找]（右括号）作为行的最后一个字符来分析它。如果是]，然后基本上输出组合拳路线，它现在包含可执行文件。

I created a way to parse it by looking for a ] (right bracket) as the last character on a line. If it is a ], then basically output the "combined" line, which now contains the executable.

我的code被张贴作为一个答案，但确实一个丑陋的工作，因为它使用的文​​件来处理，而不是分析变量。

My code is posted as an answer, but does an ugly job since it has to use files to handle the parsing instead of variables.

推荐答案

在批量创建解决方案来连接所有输出一个给定的连接，因此它在一行上。保存脚本（下）作为一个批处理文件并运行时，它会创建一个名为NETSTAT - ％计算机％的.txt文件在同一文件夹中的脚本，其中％计算机％将与计算机的主机名代替它的运行上。

Created solution in batch to concatenate all output for a given connection so it's on one line. Save script (below) as a batch file and when run it will create a file called "NETSTAT--%computername%.txt" in the same folder as the script, where %computername% will be replaced with the hostname of computer it's run on.

@ECHO OFF
SetLocal
REM Method of finding last character-of-a-string-from-a-variable
REM http://stackoverflow.com/a/15662607/1569434

REM Get the script's path so all needed files can sit in the same folder
SET SCRIPTPATH=%~p0
CD %SCRIPTPATH%

REM Read and pass each line in file one at a time to sub 'FindEXE'
SET CONCATLINE=
SET HEADERROW=
SET /A LINECOUNT = 0
@echo LINECOUNT = %LINECOUNT%
del %SCRIPTPATH%\netstat*.txt /q 2>nul

netstat -bano>%SCRIPTPATH%\netstat0.txt
REM Copy all lines except those with "TIME_WAIT" into text file
FINDSTR /V /I /C:"TIME_WAIT" %SCRIPTPATH%\netstat0.txt>%SCRIPTPATH%\netstat1.txt
REM Delete first two lines, which are a header and a blank line
for /f "skip=2 delims=*" %%a in (%SCRIPTPATH%\netstat1.txt) do (echo %%a>>%SCRIPTPATH%\netstat2.txt)

REM Search for and process file based on matching text
REM This sub begins putting each netstat connection on one line
for /f "delims=*" %%A in (%SCRIPTPATH%\netstat2.txt) do call :FindTXT1 %%A

REM netstat3 will have all data from given connection on one line
SET /A LINECOUNT = 0
for /f "delims=*" %%A in (%SCRIPTPATH%\netstat3.txt) do call :FindTXT2 %%A

REM Keep only header and unique (i.e., those with "[::]") 'listening' connections
FINDSTR /I /C:"LISTENING" /C:"Local Address" %SCRIPTPATH%\netstat4.TXT>%SCRIPTPATH%\netstat5.TXT
FINDSTR /I /C:"[::]:" /C:"Local Address" %SCRIPTPATH%\netstat5.TXT>%SCRIPTPATH%\netstat6.TXT

MOVE /Y %SCRIPTPATH%\netstat6.txt %SCRIPTPATH%\NETSTAT--%computername%.txt
del %SCRIPTPATH%netstat*.txt /q 2>nul
@echo off

echo done.

EndLocal
goto :EOF




:FindTXT1
REM We've got a line sent to us. Set variable to entire line using * (instead of %1)
SET CURRENTLINE=%*
SET /A LINECOUNT = %LINECOUNT% + 1
REM Add line feed after header row and return to main script
IF "%LINECOUNT%" == "1" (
    SET HEADERROW=%CURRENTLINE%
    @ECHO %CURRENTLINE%> %SCRIPTPATH%\netstat3.txt
    goto :eof
    )

REM Append a comma and CURRENTLINE to CONCATLINE. NOTE: Script expecting comma; don't use semi-colon
SET CONCATLINE=%CONCATLINE%,%CURRENTLINE%

REM When echo line, remove first char (comma, inserted above) using:
REM http://ss64.com/nt/syntax-substring.html
REM If last char is "]" then print, otherwise append
IF "%CURRENTLINE:~-1%"=="]" (
    REM @echo right bracket=FOUND
    @echo %CONCATLINE:~1%>>%SCRIPTPATH%\netstat3.txt
    SET CONCATLINE=
        ) else (
    REM @echo right bracket=NOT found
    )

REM If line = "Can not obtain ownership information" then print, otherwise append
IF "%CURRENTLINE%"=="Can not obtain ownership information" (
    REM @echo No Ownership=TRUE
    @echo %CONCATLINE:~1%>>%SCRIPTPATH%\netstat3.txt
    SET CONCATLINE=
    )

goto :eof


:FindTXT2
REM We've got a line sent to us. Set variable to entire line using * (instead of %1)
SET CURRENTLINE=%*
SET /A LINECOUNT = %LINECOUNT% + 1
REM Add line feed after header row and return to main script
IF "%LINECOUNT%" == "1" (
    SET HEADERROW=%CURRENTLINE%
    @ECHO %CURRENTLINE%> %SCRIPTPATH%\netstat4.txt
    goto :eof
    )

REM If last char is "]" then search, otherwise append.
REM Without "DelayedExp...", variable sets to value from previous FOR loop
IF "%CURRENTLINE:~-1%"=="]" (
    SetLocal ENABLEDELAYEDEXPANSION
    REM IP6 EXEs result in 3 sets of [], so find and set var to last one, which is where EXE lives
    FOR /f "tokens=1,2,3,4,5,6 delims=[]" %%a in ("%CURRENTLINE%") do (
        SET BINNAME1=%%b
        SET BINNAME2=%%f
        IF "!BINNAME1!" == "::" (
            REM @ECHO BINNAME1=!BINNAME1!>>%SCRIPTPATH%\netstat4.txt
            SET BINNAME=!BINNAME2!
            REM @echo %CURRENTLINE%;BINNAME=!BINNAME2!>>%SCRIPTPATH%\netstat4.txt
            ) else (
            SET BINNAME=!BINNAME1!
            REM @echo %CURRENTLINE%;BINNAME=!BINNAME1!>>%SCRIPTPATH%\netstat4.txt
            )
        @echo %CURRENTLINE%;BINNAME=!BINNAME!>>%SCRIPTPATH%\netstat4.txt
        )
    ) else (
    @echo %CURRENTLINE%>>%SCRIPTPATH%\netstat4.txt
    SetLocal DISABLEDELAYEDEXPANSION
)

goto :eof

这篇关于解析NETSTAT -ban批量开关的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！