如何从命令行监视Windows上的网络流量

Question

如何从命令行监控Windows上的网络流量; 特别是下载/上传速度和上传/下载的数据量？这样做有脚本/批处理吗？

Answer 1

虽然tshark如果你想要有细粒度的统计数据(根据主机,协议......),它真的很强大,但它在运行的时间段内收集统计数据有一个主要的缺点.因此,它只擅长报告"即时"统计信息,但不会报告常规时间点的投票流量,以便了解您的网络流量如何在一天,一周内发生变化......

而且,由于tshark使数据包捕获,因此存在一些开销.

因此,根据您的需要,您可能对MS Windows net或netstat命令感兴趣(netstat可以选择按协议报告统计信息).'net statistics [Server|workstation]'或者'netstat [-e|-s]',就网络流量统计而言,是MS Windows等效的Linux 'ifconfig'(或者'cat /proc/net/dev'如果您愿意).

请注意,同样ifconfig地,net或netstat仅报告自接口启动以来的数据量.

为了获得流量速率,您必须为这些命令调用时间戳并自行进行计算.

AFAIK,这两个命令都附带所有最新的MS Windows版本.

Answer 2

我正在更新答案以获得更完整、更准确的答案，使用netsh命令和一些字符串操作来避免 Windows 32 位整数溢出。

请记住，您需要运行并检查网络适配器netsh interface ip show subinterfaces的线路。以下批处理文件使用第四个字符串行，即列出的第一个适配器。

它每 10 秒检查一次速度。如果您的上传或下载速度高达每秒 100 MB，则需要更频繁地重复循环（例如每 1 秒一次）。

它还创建一个 .csv 文件。如果不需要，请将最后一行删除。

批处理文件：

@ECHO off
SETLOCAL ENABLEDELAYEDEXPANSION

set TAB=    
echo Timestamp%TAB%Down bytes%TAB%Up bytes%TAB%Down speed%TAB%Up speed

:looptask

:: Store console command result
SET count=1
::FOR /F "tokens=* USEBACKQ" %%F IN (`netstat -e`) DO (
FOR /F "tokens=* USEBACKQ" %%F IN (`netsh interface ip show subinterfaces`) DO (
  SET string!count!=%%F
  SET /a count=!count!+1
)

:: *** Change string number to the line with your interface data ***
set line=%string4%
:: For ME, bytes transfered line is string3 using netstat and string4 using netsh

:: Get rid of the whitespaces 
:loopreplace
if defined line (
  set "new=!line:  = !"
  if "!new!" neq "!line!" (
    set "line=!new!"
    goto :loopreplace
  )
)
if defined line if "!line:~0,1!" equ " " set "line=!line:~1!"
if defined line if "!line:~-1!" equ " " set "line=!line:~0,-1!"

:: Extracting bytes downloaded and uploaded
::FOR /F "tokens=2,3 delims= " %%A IN ("%line%") DO (
FOR /F "tokens=3,4 delims= " %%A IN ("%line%") DO (
  set dbytes=%%~A
  set ubytes=%%~B
)

:: Midnight epoch
for /F "usebackq tokens=1,2 delims==" %%i in (`wmic os get LocalDateTime /VALUE 2^>NUL`) do if '.%%i.'=='.LocalDateTime.' set ldt=%%j
set time=%ldt:~8,2%:%ldt:~10,2%:%ldt:~12,2%
FOR /F "tokens=* delims=0" %%A IN ("%ldt:~8,2%") DO SET /A hs=%%A+0
FOR /F "tokens=* delims=0" %%A IN ("%ldt:~10,2%") DO SET /A min=%%A+0
FOR /F "tokens=* delims=0" %%A IN ("%ldt:~12,2%") DO SET /A sec=%%A+0
set /a epoch=%hs%*3600+%min%*60+%sec%

:: Calc initial transfer
if not defined LOOPCOMPLETE (
    echo %time%%TAB%%dbytes%%TAB%%ubytes%%TAB%0.00 KB/s%TAB%0.00 KB/s
    goto :skip
)
:: Read .CSV file last line values
for /f %%i in ('find /v /c "" ^< bwlog.csv') do set /a lines=%%i
set /a lastLine=%lines% - 1
SET count=1
FOR /F "tokens=* USEBACKQ" %%F IN (`more /e +%lastLine% bwlog.csv`) DO (
  SET string!count!=%%F
  SET /a count=!count!+1
)
FOR /F "tokens=1,2,3 delims=," %%A IN ("%string1%") DO (
  set lasttime=%%~A
  set lastdown=%%~B
  set lastup=%%~C
)
if %epoch% == %lasttime% (  
    goto :skip
)

:: 2,147,483,647 is the maximum value of a integer you can use, so only keep  9 characters
set /a lastup=%lastup: =%
set /a ddif=%dbytes:~-9% - %lastdown:~-9%
set /a udif=%ubytes:~-9% - %lastup:~-9%

:: Calc bandwidth
set /a dspeed=(ddif)/(epoch-lasttime)/10
set ddec=%dspeed:~-2%
set /a dspeed=(ddif)/(epoch-lasttime)/1000
set /a uspeed=(udif)/(epoch-lasttime)/10
set udec=%uspeed:~-2%
set /a uspeed=(udif)/(epoch-lasttime)/1000
echo %time%%TAB%%dbytes%%TAB%%ubytes%%TAB%%dspeed%.%ddec% KB/s%TAB%%uspeed%.%udec% KB/s

:skip

:: Append the .CSV file 
echo %epoch%,%dbytes%,%ubytes% >> "bwlog.csv"

:: Do every 10 seconds
set LOOPCOMPLETE=1
timeout /t 10 /nobreak >nul
goto :looptask

ENDLOCAL

如果您需要修复，请保持联系。

以前的解决方案使用批处理文件，但有一些限制：

我想为您提供一个更简单的解决方案，然后我使用之前的答案来编写一个新的 Windows 批处理脚本，该脚本每 10 秒迭代一次。它监控控制台中的下载和上传带宽/速度，并记录 .csv 文件中传输的字节数。

@ECHO off
SETLOCAL ENABLEDELAYEDEXPANSION

set TAB=    
echo Timestamp%TAB%Down bytes%TAB%Up bytes%TAB%Down speed%TAB%Up speed

:: Store console command result
:looptask
SET count=1
FOR /F "tokens=* USEBACKQ" %%F IN (`netstat -e`) DO (
  SET string!count!=%%F
  SET /a count=!count!+1
)
:: Bytes transfered line is string3

:: Get rid of the whitespaces 
:loopreplace
if defined string3 (
  set "new=!string3:  = !"
  if "!new!" neq "!string3!" (
    set "string3=!new!"
    goto :loopreplace
  )
)
if defined string3 if "!string3:~0,1!" equ " " set "string3=!string3:~1!"
if defined string3 if "!string3:~-1!" equ " " set "string3=!string3:~0,-1!"

:: Extracting bytes downloaded and uploaded
set line=%string3:~6%
FOR /F "tokens=1,2 delims= " %%A IN ("%line%") DO (
  set dbytes=%%~A
  set ubytes=%%~B
)

:: Midnight epoch
for /F "usebackq tokens=1,2 delims==" %%i in (`wmic os get LocalDateTime /VALUE 2^>NUL`) do if '.%%i.'=='.LocalDateTime.' set ldt=%%j
set time=%ldt:~8,2%:%ldt:~10,2%:%ldt:~12,2%
FOR /F "tokens=* delims=0" %%A IN ("%ldt:~8,2%") DO SET /A hs=%%A+0
FOR /F "tokens=* delims=0" %%A IN ("%ldt:~10,2%") DO SET /A min=%%A+0
FOR /F "tokens=* delims=0" %%A IN ("%ldt:~12,2%") DO SET /A sec=%%A+0
set /a epoch=%hs%*3600+%min%*60+%sec%

:: Calc speeds
if not defined LOOPCOMPLETE (
    echo %time%%TAB%%dbytes%%TAB%%ubytes%%TAB%0.00 KB/s%TAB%0.00 KB/s
    goto :skip
)
:: Read .CSV file last line values
for /f %%i in ('find /v /c "" ^< bwlog.csv') do set /a lines=%%i
set /a lastLine=%lines% - 1
SET count=1
FOR /F "tokens=* USEBACKQ" %%F IN (`more /e +%lastLine% bwlog.csv`) DO (
  SET string!count!=%%F
  SET /a count=!count!+1
)
FOR /F "tokens=1,2,3 delims=," %%A IN ("%string1%") DO (
  set lasttime=%%~A
  set lastdown=%%~B
  set lastup=%%~C
)
if %epoch% == %lasttime% (  
    goto :skip
)
set /a dspeed=(dbytes-lastdown)/(epoch-lasttime)/10
set ddec=%dspeed:~-2%
set /a dspeed=(dbytes-lastdown)/(epoch-lasttime)/1000
set /a uspeed=(ubytes-lastup)/(epoch-lasttime)/10
set udec=%dspeed:~-2%
set /a uspeed=(ubytes-lastup)/(epoch-lasttime)/1000
echo %time%%TAB%%dbytes%%TAB%%ubytes%%TAB%%dspeed%.%ddec% KB/s%TAB%%uspeed%.%udec% KB/s
:skip

:: Append the .CSV file 
echo %epoch%,%dbytes%,%ubytes% >> "bwlog.csv"

:: Do every 10 seconds
set LOOPCOMPLETE=1
timeout /t 10 /nobreak >nul
goto :looptask

ENDLOCAL

PS：Windows 的限制是每传输 4GBytes 计数器就会在午夜重置一次。

使用任务调度程序和 XAMPP 的旧解决方案：

我必须根据您的情况监视和记录下载的数据量，并且发现使用Windows 任务计划程序运行脚本比寻找将常用图形信息转储到文件中的免费软件更快。也许我的自制脚本适合你。

我使用Windows 版 XAMPP启动了本地 Apache/PHP 服务器，并从命令行运行此脚本。例如：

"C:\xampp\php\php.exe -f C:\xampp\htdocs\bwlog.php"

该bwlog.php脚本使用@phep回答建议的Windows命令netstat -e。可以用记事本创建脚本文件，代码为：

<?php
//Task to schedule "C:\xampp\php\php.exe -f C:\xampp\htdocs\bwlog.php"
//Store console command result
$netstat=shell_exec("netstat -e");
//Start of the bytes transfered line
$line=substr($netstat,strpos($netstat,"Bytes"));    
//End of the line
$line=substr($line,0,strpos($line,"\n"));   
//Get rid of the whitespaces 
$bytes=preg_replace('/\s+/', ' ',$line);    
//Extracting only bytes downloaded
$bytes=substr($bytes,$start=strpos($bytes,' ')+1,strrpos($bytes,' ')-$start);
//Append the .CSV file  
file_put_contents('C:\xampp\htdocs\bwlog.csv',PHP_EOL.time().', '.$bytes,FILE_APPEND);
?>

然后，我在电子表格软件中处理.csv，使用 2 个字节值之间的差值与 2 个匹配时间值之间的差值（字节/秒）来计算下载速度（带宽） 。

请随时请求修复以记录上传的字节。但愿它有用。

Answer 3

您可以将tshark与 -z<statistics>参数一起使用。只需搜索Wireshark。它是开源和多平台的。

Answer 4

Windows中的typeperf应该可以获取数据。

typeperf "\Network Interface(*)\....
typeperf -q "Network Interface" will list all the object
\Network Interface(*)\Bytes Total/sec
\Network Interface(*)\Packets/sec
\Network Interface(*)\Packets Received/sec
\Network Interface(*)\Packets Sent/sec
\Network Interface(*)\Current Bandwidth
\Network Interface(*)\Bytes Received/sec
\Network Interface(*)\Packets Received Unicast/sec
\Network Interface(*)\Packets Received Non-Unicast/sec
\Network Interface(*)\Packets Received Discarded
\Network Interface(*)\Packets Received Errors
\Network Interface(*)\Packets Received Unknown
\Network Interface(*)\Bytes Sent/sec
\Network Interface(*)\Packets Sent Unicast/sec
\Network Interface(*)\Packets Sent Non-Unicast/sec
\Network Interface(*)\Packets Outbound Discarded
\Network Interface(*)\Packets Outbound Errors
\Network Interface(*)\Output Queue Length
\Network Interface(*)\Offloaded Connections