【发布时间】:2020-07-28 04:33:30
【问题描述】:
概述
下面的方法查询MSFT_NetTCPConnection CIM 实例并返回目标机器上的TCP 连接列表。这是 powershell Get-NetTCPConnection 命令基础的 CIM 实例。
问题
我注意到我收到了一些返回 TCP 状态 id 100 的实例,据我所知,它是 undocumented。这个状态是什么意思?我的猜测是这些是死连接,我可能可以将它们过滤掉,但我希望那里的人可能知道这个问题的答案。
public const string TcpConnectionNamespace = Wmi.StandardCimv2Namespace;
public const string TcpConnectionClassName = "MSFT_NetTCPConnection";
public const string ProcessIdKey = "OwningProcess";
public const string LocalAddressKey = "LocalAddress";
public const string LocalPortKey = "LocalPort";
public const string RemoteAddressKey = "RemoteAddress";
public const string RemotePortKey = "RemotePort";
public const string StateKey = "State";
public IEnumerable<TcpConnectionModel> GetTcpConnections()
{
var session = CimSession.Create(Server);
var instances = session.QueryInstances(
TcpConnection.TcpConnectionNamespace,
Wmi.QueryDialect,
$"Select * From {TcpConnection.TcpConnectionClassName}");
foreach (var instance in instances)
{
var processId = Convert.ToUInt32(instance.CimInstanceProperties[TcpConnection.ProcessIdKey].Value);
yield return new TcpConnectionModel()
{
ProcessId = processId,
ProcessName = _processService.GetProcessFromPid(processId).ProcessName,
LocalAddress = IPAddress.Parse(instance.CimInstanceProperties[TcpConnection.LocalAddressKey].Value.ToString()),
LocalPort = Convert.ToUInt16(instance.CimInstanceProperties[TcpConnection.LocalPortKey].Value.ToString()),
RemoteAddress = IPAddress.Parse(instance.CimInstanceProperties[TcpConnection.RemoteAddressKey].Value.ToString()),
RemotePort = Convert.ToUInt16(instance.CimInstanceProperties[TcpConnection.RemotePortKey].Value.ToString()),
State = TcpConnection.ConvertState(Convert.ToInt32(instance.CimInstanceProperties[TcpConnection.StateKey].Value))
};
}
}
【问题讨论】: