windows netstat find 技巧

netstat –na 1 | find "特定IP"
顯示特定IP 之連線，每隔一秒更新畫面一次

-a 代表列出所有連線 
-n 代表僅列出IP 及Port，不解析為hostname 及service name，速度會快很多


實例：查Gmail IP
C:\Users>netstat -na |find "74.125.31.19"
TCP 192.168.1.103:50203 74.125.31.19:443 ESTABLISHED
TCP 192.168.1.103:50804 74.125.31.191:80 ESTABLISHED
TCP 192.168.1.103:50806 74.125.31.191:80 ESTABLISHED




netstat –nao 1 | find "特定IP" 
加上-o 參數可顯示觸發該連線之process ID， 
欲知process name 則可以透過工作管理員這程式


C:\Users>netstat -nao |find "74.125.31.19"
TCP 192.168.1.103:50203 74.125.31.19:443 ESTABLISHED 4876
TCP 192.168.1.103:50804 74.125.31.191:80 ESTABLISHED 4876
TCP 192.168.1.103:50806 74.125.31.191:80 ESTABLISHED 4876

用兩個Find，篩選更精確的值
netstat –na 1 | find "80" | find "ESTABLISHED" 
也可以針對特定Port，不分對象的進行監控， 
再透過find "ESTABLISHED"篩選掉僅LISTENING的部份


C:\Users>netstat -nao |find "80" |find "ESTABLISHED"
  TCP    192.168.1.103:49170    108.160.161.167:80     ESTABLISHED     4020
  TCP    192.168.1.103:50804    74.125.31.191:80       ESTABLISHED     4876
  TCP    192.168.1.103:50806    74.125.31.191:80       ESTABLISHED     4876
  TCP    192.168.1.103:50811    173.194.65.120:80      ESTABLISHED     4876
  TCP    192.168.1.103:50812    173.194.65.120:80      ESTABLISHED     4876
  TCP    192.168.1.103:50813    173.194.65.120:80      ESTABLISHED     4876
  TCP    192.168.1.103:50814    173.194.65.120:80      ESTABLISHED     4876
  TCP    192.168.1.103:50815    173.194.65.120:80      ESTABLISHED     4876
  TCP    192.168.1.103:50816    173.194.65.120:80      ESTABLISHED     4876
  TCP    192.168.1.103:50995    173.194.72.132:80      ESTABLISHED     4876
  TCP    192.168.1.103:50996    69.192.3.57:80         ESTABLISHED     4876
  TCP    192.168.1.103:50998    173.194.72.139:80      ESTABLISHED     4876
  TCP    192.168.1.103:51023    173.194.72.191:80      ESTABLISHED     4876

用法大致上是這樣，需要更多可以在網路上找尋一些小工具。