GetTcpTable 和 GetTcpTable2 都是 Windows API 中用于获取 TCP 连接表格的函数,但它们有一些关键的区别:
GetTcpTable
-
定义:
GetTcpTable函数用于获取 TCP 连接的表格信息。 -
结构体:它使用
MIB_TCPTABLE结构体来表示 TCP 连接的表格。 -
兼容性:
GetTcpTable是早期的 API,适用于较老的 Windows 版本。 -
结构体定义:
typedef struct _MIB_TCPTABLE { DWORD dwNumEntries; MIB_TCPROW table[1]; } MIB_TCPTABLE, *PMIB_TCPTABLE; -
结构体中
MIB_TCPROW的定义:typedef struct _MIB_TCPROW { DWORD dwState; DWORD dwLocalAddr; DWORD dwLocalPort; DWORD dwRemoteAddr; DWORD dwRemotePort; } MIB_TCPROW, *PMIB_TCPROW;
GetTcpTable2
-
定义:
GetTcpTable2是GetTcpTable的改进版本,用于获取更详细的 TCP 连接信息。 -
结构体:它使用
MIB_TCPTABLE2结构体来表示 TCP 连接的表格。 -
兼容性:
GetTcpTable2是较新的 API,提供了对 TCP 连接更多的状态信息。 -
结构体定义:
typedef struct _MIB_TCPTABLE2 { DWORD dwNumEntries; MIB_TCPROW2 table[1]; } MIB_TCPTABLE2, *PMIB_TCPTABLE2; -
结构体中
MIB_TCPROW2的定义:typedef struct _MIB_TCPROW2 { DWORD dwState; DWORD dwLocalAddr; DWORD dwLocalPort; DWORD dwRemoteAddr; DWORD dwRemotePort; } MIB_TCPROW2, *PMIB_TCPROW2;
主要区别
-
扩展性和兼容性:
GetTcpTable2适用于较新的 Windows 版本,提供更精确和更丰富的 TCP 连接状态信息。GetTcpTable适用于较老版本的 Windows 系统。
-
结构体内容:
MIB_TCPTABLE2和MIB_TCPROW2结构体是MIB_TCPTABLE和MIB_TCPROW的扩展版本,虽然在这两个 API 中MIB_TCPROW和MIB_TCPROW2的定义是一样的,但MIB_TCPTABLE2提供了更现代的 API 形式。
-
函数调用:
GetTcpTable2提供了对 TCP 连接的更详细信息,可以更好地支持后续的网络监控和诊断任务。
[MS-RRASM]: MIB_TCP_STATE | Microsoft Learn
2.2.1.1.11 MIB_TCP_STATE
The MIB_TCP_STATE enumeration enumerates different possible TCP states.
-
typedef enum { MIB_TCP_STATE_CLOSED = 1, MIB_TCP_STATE_LISTEN = 2, MIB_TCP_STATE_SYN_SENT = 3, MIB_TCP_STATE_SYN_RCVD = 4, MIB_TCP_STATE_ESTAB = 5, MIB_TCP_STATE_FIN_WAIT1 = 6, MIB_TCP_STATE_FIN_WAIT2 = 7, MIB_TCP_STATE_CLOSE_WAIT = 8, MIB_TCP_STATE_CLOSING = 9, MIB_TCP_STATE_LAST_ACK = 10, MIB_TCP_STATE_TIME_WAIT = 11, MIB_TCP_STATE_DELETE_TCB = 12, } MIB_TCP_STATE;
MIB_TCP_STATE_CLOSED: The TCP connection is closed.
MIB_TCP_STATE_LISTEN: The TCP connection is in the listen state.
MIB_TCP_STATE_SYN_SENT: A SYN packet has been sent.
MIB_TCP_STATE_SYN_RCVD: A SYN packet has been received.
MIB_TCP_STATE_ESTAB: The TCP connection has been established.
MIB_TCP_STATE_FIN_WAIT1: The TCP connection is waiting for a FIN packet.
MIB_TCP_STATE_FIN_WAIT2: The TCP connection is waiting for a FIN packet.
MIB_TCP_STATE_CLOSE_WAIT: The TCP connection is in the close wait state.
MIB_TCP_STATE_CLOSING: The TCP connection is closing.
MIB_TCP_STATE_LAST_ACK: The TCP connection is in the last ACK state.
MIB_TCP_STATE_TIME_WAIT: The TCP connection is in the time wait state.
MIB_TCP_STATE_DELETE_TCB: The TCP connection is in the delete TCB state.
getTcpTable2 函数 (iphlpapi.h) - Win32 apps | Microsoft Learn
getTcpTable2 函数 (iphlpapi.h)
本文内容
GetTcpTable2 函数检索 IPv4 TCP 连接表。
语法
C++IPHLPAPI_DLL_LINKAGE ULONG GetTcpTable2(
[out] PMIB_TCPTABLE2 TcpTable,
[in, out] PULONG SizePointer,
[in] BOOL Order
);
参数
[out] TcpTable
指向以MIB_TCPTABLE2结构的形式接收 TCP 连接表 的缓冲区的 指针。
[in, out] SizePointer
输入时,指定 TcpTable 参数指向的缓冲区的大小。
在输出中,如果缓冲区不够大,无法容纳返回的连接表,则函数会将此参数设置为等于所需的缓冲区大小。
[in] Order
一个 值,该值指定是否应对 TCP 连接表进行排序。 如果此参数为 TRUE,则按以下顺序对表进行排序:
- 本地 IP 地址
- 本地端口
- 远程 IP 地址
- 远程端口
返回值
如果函数成功,则返回值NO_ERROR。
如果函数失败,则返回值为以下错误代码之一。
| 返回代码 | 说明 |
|---|---|
|
TcpTable 参数指向的缓冲区不够大。 在 SizePointer 参数指向的 PULONG 变量中返回所需大小。
如果 pTcpTable 参数为 NULL,也会返回此错误。 |
|
SizePointer 参数为 NULL,或者 GetTcpTable2 无法写入 SizePointer 参数指向的内存。 |
|
本地系统上正在使用的操作系统不支持此函数。 |
|
使用 FormatMessage 获取返回错误的消息字符串。 |
注解
GetTcpTable2 函数在 Windows Vista 及更高版本上定义。
GetTcpTable2 函数是 GetTcpTable 函数的增强版本,它还检索有关 TCP 连接的 TCP 卸载状态的信息。
示例
以下示例检索 IPv4 的 TCP 连接表,并输出每个连接的状态。
C++#include <winsock2.h>
#include <ws2tcpip.h>
#include <iphlpapi.h>
#include <stdio.h>
// Need to link with Iphlpapi.lib and Ws2_32.lib
#pragma comment(lib, "iphlpapi.lib")
#pragma comment(lib, "ws2_32.lib")
#define MALLOC(x) HeapAlloc(GetProcessHeap(), 0, (x))
#define FREE(x) HeapFree(GetProcessHeap(), 0, (x))
/* Note: could also use malloc() and free() */
int main()
{
// Declare and initialize variables
PMIB_TCPTABLE2 pTcpTable;
ULONG ulSize = 0;
DWORD dwRetVal = 0;
char szLocalAddr[128];
char szRemoteAddr[128];
struct in_addr IpAddr;
int i;
pTcpTable = (MIB_TCPTABLE2 *) MALLOC(sizeof (MIB_TCPTABLE2));
if (pTcpTable == NULL) {
printf("Error allocating memory\n");
return 1;
}
ulSize = sizeof (MIB_TCPTABLE);
// Make an initial call to GetTcpTable2 to
// get the necessary size into the ulSize variable
if ((dwRetVal = GetTcpTable2(pTcpTable, &ulSize, TRUE)) ==
ERROR_INSUFFICIENT_BUFFER) {
FREE(pTcpTable);
pTcpTable = (MIB_TCPTABLE2 *) MALLOC(ulSize);
if (pTcpTable == NULL) {
printf("Error allocating memory\n");
return 1;
}
}
// Make a second call to GetTcpTable2 to get
// the actual data we require
if ((dwRetVal = GetTcpTable2(pTcpTable, &ulSize, TRUE)) == NO_ERROR) {
printf("\tNumber of entries: %d\n", (int) pTcpTable->dwNumEntries);
for (i = 0; i < (int) pTcpTable->dwNumEntries; i++) {
printf("\n\tTCP[%d] State: %ld - ", i,
pTcpTable->table[i].dwState);
switch (pTcpTable->table[i].dwState) {
case MIB_TCP_STATE_CLOSED:
printf("CLOSED\n");
break;
case MIB_TCP_STATE_LISTEN:
printf("LISTEN\n");
break;
case MIB_TCP_STATE_SYN_SENT:
printf("SYN-SENT\n");
break;
case MIB_TCP_STATE_SYN_RCVD:
printf("SYN-RECEIVED\n");
break;
case MIB_TCP_STATE_ESTAB:
printf("ESTABLISHED\n");
break;
case MIB_TCP_STATE_FIN_WAIT1:
printf("FIN-WAIT-1\n");
break;
case MIB_TCP_STATE_FIN_WAIT2:
printf("FIN-WAIT-2 \n");
break;
case MIB_TCP_STATE_CLOSE_WAIT:
printf("CLOSE-WAIT\n");
break;
case MIB_TCP_STATE_CLOSING:
printf("CLOSING\n");
break;
case MIB_TCP_STATE_LAST_ACK:
printf("LAST-ACK\n");
break;
case MIB_TCP_STATE_TIME_WAIT:
printf("TIME-WAIT\n");
break;
case MIB_TCP_STATE_DELETE_TCB:
printf("DELETE-TCB\n");
break;
default:
printf("UNKNOWN dwState value\n");
break;
}
IpAddr.S_un.S_addr = (u_long) pTcpTable->table[i].dwLocalAddr;
strcpy_s(szLocalAddr, sizeof (szLocalAddr), inet_ntoa(IpAddr));
printf("\tTCP[%d] Local Addr: %s\n", i, szLocalAddr);
printf("\tTCP[%d] Local Port: %d \n", i,
ntohs((u_short)pTcpTable->table[i].dwLocalPort));
IpAddr.S_un.S_addr = (u_long) pTcpTable->table[i].dwRemoteAddr;
strcpy_s(szRemoteAddr, sizeof (szRemoteAddr), inet_ntoa(IpAddr));
printf("\tTCP[%d] Remote Addr: %s\n", i, szRemoteAddr);
printf("\tTCP[%d] Remote Port: %d\n", i,
ntohs((u_short)pTcpTable->table[i].dwRemotePort));
printf("\tTCP[%d] Owning PID: %d\n", i, pTcpTable->table[i].dwOwningPid);
printf("\tTCP[%d] Offload State: %ld - ", i,
pTcpTable->table[i].dwOffloadState);
switch (pTcpTable->table[i].dwOffloadState) {
case TcpConnectionOffloadStateInHost:
printf("Owned by the network stack and not offloaded \n");
break;
case TcpConnectionOffloadStateOffloading:
printf("In the process of being offloaded\n");
break;
case TcpConnectionOffloadStateOffloaded:
printf("Offloaded to the network interface control\n");
break;
case TcpConnectionOffloadStateUploading:
printf("In the process of being uploaded back to the network stack \n");
break;
default:
printf("UNKNOWN Offload state value\n");
break;
}
}
} else {
printf("\tGetTcpTable2 failed with %d\n", dwRetVal);
FREE(pTcpTable);
return 1;
}
if (pTcpTable != NULL) {
FREE(pTcpTable);
pTcpTable = NULL;
}
return 0;
}
要求
| 要求 | 值 |
|---|---|
| 最低受支持的客户端 | Windows Vista [仅限桌面应用] |
| 最低受支持的服务器 | Windows Server 2008 [仅限桌面应用] |
| 目标平台 | Windows |
| 标头 | iphlpapi.h |
| Library | Iphlpapi.lib |
| DLL | Iphlpapi.dll |