有人知道如何通过windows命令行关闭单个连接的TCP或UDP套接字吗?

我在谷歌上搜索了一下,看到一些人也问了同样的问题。但是答案看起来像是netstat或netsh命令的手册页,重点关注如何监视端口。我不想要关于如何监控它们的答案(我已经这样做了)。我想干掉他们。

EDIT, for clarification: Let's say that my server listens TCP port 80. A client makes a connection and port 56789 is allocated for it. Then, I discover that this connection is undesired (e.g. this user is doing bad things, we asked them to stop but the connection didn't get dropped somewhere along the way). Normally, I would add a firewall to do the job, but this would take some time, and I was in an emergency situation. Killing the process that owns the connection is really a bad idea here because this would take down the server (all users would lose functionality when we just want to selectively and temporally drop this one connection).


当前回答

CurrPorts不适合我们,我们只能通过ssh访问服务器,所以也没有TCPView。为了不断开其他连接,我们也不能终止该进程。我们最终做的是在Windows的防火墙上阻止连接,但这还没有被建议。是的,这将阻止所有符合规则的连接,但在我们的情况下,只有一个连接(我们感兴趣的):

netsh advfirewall firewall add rule name="Conn hotfix" dir=out action=block protocol=T
CP remoteip=192.168.38.13

替换为您需要的IP,并根据需要添加其他规则。

其他回答

为了关闭该端口,您可以确定正在侦听该端口的进程并杀死该进程。

我找到了正确答案。尝试Sysinternals中的TCPView,现在由微软拥有。你可以在http://technet.microsoft.com/en-us/sysinternals/bb897437上找到它

CurrPorts不适合我们,我们只能通过ssh访问服务器,所以也没有TCPView。为了不断开其他连接,我们也不能终止该进程。我们最终做的是在Windows的防火墙上阻止连接,但这还没有被建议。是的,这将阻止所有符合规则的连接,但在我们的情况下,只有一个连接(我们感兴趣的):

netsh advfirewall firewall add rule name="Conn hotfix" dir=out action=block protocol=T
CP remoteip=192.168.38.13

替换为您需要的IP,并根据需要添加其他规则。

是的,这是可能的。你不必是当前拥有套接字的进程来关闭它。考虑一下,远程计算机、网卡、网线和操作系统都可能导致套接字关闭。

还要考虑Fiddler和Desktop VPN软件可以将自己插入到网络堆栈中,并显示您的所有流量或重新路由所有流量。

所以你真正需要的是Windows提供一个API,直接允许这样做,或者有人写了一个程序,操作起来有点像VPN或Fiddler,并给你一种方法来关闭通过它的套接字。

至少有一个程序(CurrPorts)可以做到这一点,我今天用它来关闭在CurrPorts启动之前启动的进程上的特定套接字。当然,要做到这一点,您必须以管理员身份运行它。

Note that it is probably not easily possible to cause a program to not listen on a port (well, it is possible but that capability is referred to as a firewall...), but I don't think that was being asked here. I believe the question is "how do I selectively close one active connection (socket) to the port my program is listening on?". The wording of the question is a bit off because a port number for the undesired inbound client connection is given and it was referred to as "port" but it's pretty clear that it was a reference to that one socket and not the listening port.

使用CurrPorts(免费且无需安装):http://www.nirsoft.net/utils/cports.html

/close <本端地址> <本端端口> <对端地址> <对端端口>{进程名}

例子:

# Close all connections with remote port 80 and remote address 192.168.1.10: 
/close * * 192.168.1.10 80
# Close all connections with remote port 80 (for all remote addresses): 
/close * * * 80
# Close all connections to remote address 192.168.20.30: 
/close * * 192.168.20.30 *
# Close all connections with local port 80: 
/close * 80 * *
# Close all connections of Firefox with remote port 80: 
/close * * * 80 firefox.exe

它还有一个很好的GUI,具有搜索和筛选功能。

注意:这个答案是huntharo和JasonXA的答案和评论组合在一起,并进行了简化,以方便读者阅读。例子来自CurrPorts的网页。