核心思想是调用 WinAPI 中的
GetExtendedTcpTable 方法来获取所有活动的 TCP 连接的信息,包括进程ID等等,主要实现如下:
TcpConnectionTableHelper.cs:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading.Tasks;
namespace TcpConnectionMonitor
{
public class TcpConnectionTableHelper
{
[DllImport("Ws2_32.dll")]
static extern ushort ntohs(ushort netshort);
[DllImport("iphlpapi.dll", SetLastError = true)]
static extern uint GetExtendedTcpTable(IntPtr pTcpTable, ref int dwOutBufLen, bool sort, int ipVersion, TCP_TABLE_TYPE tblClass, int reserved);
[StructLayout(LayoutKind.Sequential)]
public struct MIB_TCPROW_OWNER_PID
{
public uint state;
public uint localAddr;
public byte localPort1;
public byte localPort2;
public byte localPort3;
public byte localPort4;
public uint remoteAddr;
public byte remotePort1;
public byte remotePort2;
public byte remotePort3;
public byte remotePort4;
public int owningPid;
public ushort LocalPort
{
get
{
return BitConverter.ToUInt16(new byte[2] { localPort2, localPort1 }, 0);
}
}
public ushort RemotePort
{
get
{
return BitConverter.ToUInt16(new byte[2] { remotePort2, remotePort1 }, 0);
}
}
}
[StructLayout(LayoutKind.Sequential)]
public struct MIB_TCPTABLE_OWNER_PID
{
public uint dwNumEntries;
MIB_TCPROW_OWNER_PID table;
}
public static string GetIpAddress(long ipAddrs)
{
try
{
System.Net.IPAddress ipAddress = new System.Net.IPAddress(ipAddrs);
return ipAddress.ToString();
}
catch { return ipAddrs.ToString(); }
}
public static ushort GetTcpPort(int tcpPort)
{
return ntohs((ushort)tcpPort);
}
public static MIB_TCPROW_OWNER_PID[] GetAllTcpConnections()
{
MIB_TCPROW_OWNER_PID[] tcpConnectionRows;
int AF_INET = 2; // IPv4
int buffSize = 0;
// use WinAPI GetExtendedTcpTable to query all active tcp connection information
uint ret = GetExtendedTcpTable(IntPtr.Zero, ref buffSize, true, AF_INET, TCP_TABLE_TYPE.TCP_TABLE_OWNER_PID_ALL, 0);
if (ret != 0 && ret != 122) // 122 means insufficient buffer size
{
throw new Exception("Error occurred when trying to query tcp table, return code: " + ret);
}
IntPtr buffTable = Marshal.AllocHGlobal(buffSize);
try
{
ret = GetExtendedTcpTable(buffTable, ref buffSize, true, AF_INET, TCP_TABLE_TYPE.TCP_TABLE_OWNER_PID_ALL, 0);
if (ret != 0)
{
throw new Exception("Error occurred when trying to query tcp table, return code: " + ret);
}
// get the number of entries in the table
MIB_TCPTABLE_OWNER_PID table = (MIB_TCPTABLE_OWNER_PID)Marshal.PtrToStructure(buffTable, typeof(MIB_TCPTABLE_OWNER_PID));
IntPtr rowPtr = (IntPtr)((long)buffTable + Marshal.SizeOf(table.dwNumEntries));
tcpConnectionRows = new MIB_TCPROW_OWNER_PID[table.dwNumEntries];
for (int i = 0; i < table.dwNumEntries; i++)
{
MIB_TCPROW_OWNER_PID tcpRow = (MIB_TCPROW_OWNER_PID)Marshal.PtrToStructure(rowPtr, typeof(MIB_TCPROW_OWNER_PID));
tcpConnectionRows[i] = tcpRow;
rowPtr = (IntPtr)((long)rowPtr + Marshal.SizeOf(tcpRow));
}
}
finally
{
// free memory
Marshal.FreeHGlobal(buffTable);
}
return tcpConnectionRows;
}
}
}
public enum TCP_TABLE_TYPE : int
{
TCP_TABLE_BASIC_LISTENER,
TCP_TABLE_BASIC_CONNECTIONS,
TCP_TABLE_BASIC_ALL,
TCP_TABLE_OWNER_PID_LISTENER,
TCP_TABLE_OWNER_PID_CONNECTIONS,
TCP_TABLE_OWNER_PID_ALL,
TCP_TABLE_OWNER_MODULE_LISTENER,
TCP_TABLE_OWNER_MODULE_CONNECTIONS,
TCP_TABLE_OWNER_MODULE_ALL
}
public enum TCP_CONNECTION_STATE : int
{
CLOSED = 1,
LISTENING,
SYN_SENT,
SYN_RCVD,
ESTABLISHED,
FIN_WAIT_1,
FIN_WAIT_2,
CLOSE_WAIT,
CLOSING,
LAST_ACK,
TIME_WAIT,
DELETE_TCP
};
Program.cs:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading;
using System.Threading.Tasks;
namespace TcpConnectionMonitor
{
class Program
{
static void Main(string[] args)
{
MonitorTcpConnections();
}
static void MonitorTcpConnections()
{
Console.WriteLine("Proto Local Address Foreign Address State PID");
List<String> rows = new List<string>();
while (true)
{
int windowTop = Console.WindowTop; //in order to keep console scroll bar stay
TcpConnectionTableHelper.MIB_TCPROW_OWNER_PID[] tcpProgressInfoTable = TcpConnectionTableHelper.GetAllTcpConnections();
int tableRowCount = tcpProgressInfoTable.Length;
for (int i = 0; i < tableRowCount; i++)
{
TcpConnectionTableHelper.MIB_TCPROW_OWNER_PID row = tcpProgressInfoTable[i];
string source = string.Format("{0}:{1}", TcpConnectionTableHelper.GetIpAddress(row.localAddr), row.LocalPort);
string dest = string.Format("{0}:{1}", TcpConnectionTableHelper.GetIpAddress(row.remoteAddr), row.RemotePort);
string outputRow = string.Format("{0, -7}{1, -23}{2, -23}{3, -16}{4}", "TCP", source, dest, (TCP_CONNECTION_STATE)row.state, row.owningPid);
if (rows.Count < i + 1)
{
Console.SetCursorPosition(0, i + 1);
Console.WriteLine("{0, -80}", outputRow);
rows.Add(outputRow);
}
else if (rows[i] != outputRow)
{
rows[i] = outputRow;
Console.SetCursorPosition(0, i + 1);
Console.WriteLine("{0, -80}", outputRow);
}
}
if (rows.Count > tableRowCount)
{
int linesToBeCleared = rows.Count - tableRowCount;
rows.RemoveRange(tableRowCount, linesToBeCleared);
for (int i = 0; i < linesToBeCleared + 1; i++)
{
Console.WriteLine("{0, -80}", " ");
}
}
Console.SetWindowPosition(0, windowTop); //in order to keep console scroll bar stay
Thread.Sleep(100);
}
}
}
}
实现的效果是每 100ms 获取一次活跃 TCP 连接的状态,也就是说每秒大概会刷新10次,为了避免由于刷新频率过快导致闪烁的问题,通过调用 Console.SetCursorPosition 来对变化的数据进行部分刷新,同时为了避免滚动条存在时,Console 指针引起滚动条自动滚动到最后一行,使用 SetWindowPosition 来固定滚动条的位置。
输出结果举例:
![Linux ext2, ext3, ext4 文件系统解读[1]](https://img-blog.csdn.net/20170422173913528?watermark/2/text/aHR0cDovL2Jsb2cuY3Nkbi5uZXQvcXdlcnR5dXBvaXV5dHI=/font/5a6L5L2T/fontsize/400/fill/I0JBQkFCMA==/dissolve/70/gravity/Center)
![Linux ext2, ext3, ext4 文件系统解读[2]](/images/no-images.jpg)
