核心思想是调用 WinAPI 中的 GetExtendedTcpTable 方法来获取所有活动的 TCP 连接的信息，包括进程ID等等，主要实现如下：

TcpConnectionTableHelper.cs：

using System;

using System.Collections.Generic;

using System.Linq;

using System.Runtime.InteropServices;

using System.Text;

using System.Threading.Tasks;

 

namespace TcpConnectionMonitor

{

 public class TcpConnectionTableHelper

 {

 [DllImport("Ws2_32.dll")]

 static extern ushort ntohs(ushort netshort);

 

 [DllImport("iphlpapi.dll", SetLastError = true)]

 static extern uint GetExtendedTcpTable(IntPtr pTcpTable, ref int dwOutBufLen, bool sort, int ipVersion, TCP_TABLE_TYPE tblClass, int reserved);

 

 [StructLayout(LayoutKind.Sequential)]

 public struct MIB_TCPROW_OWNER_PID

 {

 public uint state;

 public uint localAddr;

 public byte localPort1;

 public byte localPort2;

 public byte localPort3;

 public byte localPort4;

 public uint remoteAddr;

 public byte remotePort1;

 public byte remotePort2;

 public byte remotePort3;

 public byte remotePort4;

 public int owningPid;

 

 public ushort LocalPort

 {

 get

 {

 return BitConverter.ToUInt16(new byte[2] { localPort2, localPort1 }, 0);

 }

 }

 

 public ushort RemotePort

 {

 get

 {

 return BitConverter.ToUInt16(new byte[2] { remotePort2, remotePort1 }, 0);

 }

 }

 }

 

 [StructLayout(LayoutKind.Sequential)]

 public struct MIB_TCPTABLE_OWNER_PID

 {

 public uint dwNumEntries;

 MIB_TCPROW_OWNER_PID table;

 }

 

 public static string GetIpAddress(long ipAddrs)

 {

 try

 {

 System.Net.IPAddress ipAddress = new System.Net.IPAddress(ipAddrs);

 return ipAddress.ToString();

 }

 catch { return ipAddrs.ToString(); }

 

 }

 

 public static ushort GetTcpPort(int tcpPort)

 {

 return ntohs((ushort)tcpPort);

 }

 

 public static MIB_TCPROW_OWNER_PID[] GetAllTcpConnections()

 {

 MIB_TCPROW_OWNER_PID[] tcpConnectionRows;

 int AF_INET = 2; // IPv4

 int buffSize = 0;

 

 // use WinAPI GetExtendedTcpTable to query all active tcp connection information

 uint ret = GetExtendedTcpTable(IntPtr.Zero, ref buffSize, true, AF_INET, TCP_TABLE_TYPE.TCP_TABLE_OWNER_PID_ALL, 0);

 if (ret != 0 && ret != 122) // 122 means insufficient buffer size

 {

 throw new Exception("Error occurred when trying to query tcp table, return code: " + ret);

 }

 IntPtr buffTable = Marshal.AllocHGlobal(buffSize);

 

 try

 {

 ret = GetExtendedTcpTable(buffTable, ref buffSize, true, AF_INET, TCP_TABLE_TYPE.TCP_TABLE_OWNER_PID_ALL, 0);

 if (ret != 0)

 {

 throw new Exception("Error occurred when trying to query tcp table, return code: " + ret);

 }

 

 // get the number of entries in the table

 MIB_TCPTABLE_OWNER_PID table = (MIB_TCPTABLE_OWNER_PID)Marshal.PtrToStructure(buffTable, typeof(MIB_TCPTABLE_OWNER_PID));

 IntPtr rowPtr = (IntPtr)((long)buffTable + Marshal.SizeOf(table.dwNumEntries));

 tcpConnectionRows = new MIB_TCPROW_OWNER_PID[table.dwNumEntries];

 

 for (int i = 0; i < table.dwNumEntries; i++)

 {

 MIB_TCPROW_OWNER_PID tcpRow = (MIB_TCPROW_OWNER_PID)Marshal.PtrToStructure(rowPtr, typeof(MIB_TCPROW_OWNER_PID));

 tcpConnectionRows[i] = tcpRow;

 rowPtr = (IntPtr)((long)rowPtr + Marshal.SizeOf(tcpRow));

 }

 }

 finally

 {

 // free memory

 Marshal.FreeHGlobal(buffTable);

 }

 return tcpConnectionRows;

 }

 }

}

 

public enum TCP_TABLE_TYPE : int

{

 TCP_TABLE_BASIC_LISTENER,

 TCP_TABLE_BASIC_CONNECTIONS,

 TCP_TABLE_BASIC_ALL,

 TCP_TABLE_OWNER_PID_LISTENER,

 TCP_TABLE_OWNER_PID_CONNECTIONS,

 TCP_TABLE_OWNER_PID_ALL,

 TCP_TABLE_OWNER_MODULE_LISTENER,

 TCP_TABLE_OWNER_MODULE_CONNECTIONS,

 TCP_TABLE_OWNER_MODULE_ALL

}

 

public enum TCP_CONNECTION_STATE : int

{

 CLOSED = 1,

 LISTENING,

 SYN_SENT,

 SYN_RCVD,

 ESTABLISHED,

 FIN_WAIT_1,

 FIN_WAIT_2,

 CLOSE_WAIT,

 CLOSING,

 LAST_ACK,

 TIME_WAIT,

 delete_TCP

};

Program.cs：

using System;

using System.Collections.Generic;

using System.Linq;

using System.Text;

using System.Threading;

using System.Threading.Tasks;

 

namespace TcpConnectionMonitor

{

 class Program

 {

 static void Main(string[] args)

 {

 MonitorTcpConnections();

 }

 

 static void MonitorTcpConnections()

 {

 Console.WriteLine("Proto Local Address Foreign Address State PID");

 List<String> rows = new List<string>();

 while (true)

 {

 int windowTop = Console.WindowTop; //in order to keep console scroll bar stay

 TcpConnectionTableHelper.MIB_TCPROW_OWNER_PID[] tcpProgressInfoTable = TcpConnectionTableHelper.GetAllTcpConnections();

 int tableRowCount = tcpProgressInfoTable.Length;

 for (int i = 0; i < tableRowCount; i++)

 {

 TcpConnectionTableHelper.MIB_TCPROW_OWNER_PID row = tcpProgressInfoTable[i];

 string source = string.Format("{0}:{1}", TcpConnectionTableHelper.GetIpAddress(row.localAddr), row.LocalPort);

 string dest = string.Format("{0}:{1}", TcpConnectionTableHelper.GetIpAddress(row.remoteAddr), row.RemotePort);

 string outputRow = string.Format("{0, -7}{1, -23}{2, -23}{3, -16}{4}", "TCP", source, dest, (TCP_CONNECTION_STATE)row.state, row.owningPid);

 if (rows.Count < i + 1)

 {

 Console.SetCursorPosition(0, i + 1);

 Console.WriteLine("{0, -80}", outputRow);

 rows.Add(outputRow);

 }

 else if (rows[i] != outputRow)

 {

 rows[i] = outputRow;

 Console.SetCursorPosition(0, i + 1);

 Console.WriteLine("{0, -80}", outputRow);

 }

 }

 if (rows.Count > tableRowCount)

 {

 int linesToBeCleared = rows.Count - tableRowCount;

 rows.RemoveRange(tableRowCount, linesToBeCleared);

 for (int i = 0; i < linesToBeCleared + 1; i++)

 {

 Console.WriteLine("{0, -80}", " ");

 }

 }

 Console.SetWindowPosition(0, windowTop); //in order to keep console scroll bar stay

 Thread.Sleep(100);

 }

 }

 }

}

实现的效果是每 100ms 获取一次活跃 TCP 连接的状态，也就是说每秒大概会刷新10次，为了避免由于刷新频率过快导致闪烁的问题，通过调用 Console.SetCursorPosition 来对变化的数据进行部分刷新，同时为了避免滚动条存在时，Console 指针引起滚动条自动滚动到最后一行，使用 SetWindowPosition 来固定滚动条的位置。

输出结果举例：