• 网络问题排查-服务端口


    服务端口排查命令详解

    nmap

    示例

    1. 检查IP 1-10000范围内所开端口情况
    ]# nmap 192.168.74.130
    Starting Nmap 6.40 ( http://nmap.org ) at 2020-05-06 16:56 CST
    Nmap scan report for 192.168.74.130
    Host is up (0.000022s latency).
    Not shown: 999 closed ports
    PORT   STATE SERVICE
    22/tcp open  ssh
    
    Nmap done: 1 IP address (1 host up) scanned in 5.64 seconds
    
    1. -vv详细输出
    ]# nmap -vv 192.168.74.130
    Starting Nmap 6.40 ( http://nmap.org ) at 2020-05-06 16:58 CST
    Initiating Parallel DNS resolution of 1 host. at 16:58
    Completed Parallel DNS resolution of 1 host. at 16:59, 13.00s elapsed
    Initiating SYN Stealth Scan at 16:59
    Scanning 192.168.74.130 [1000 ports]
    Discovered open port 22/tcp on 192.168.74.130
    Completed SYN Stealth Scan at 16:59, 1.58s elapsed (1000 total ports)
    Nmap scan report for 192.168.74.130
    Host is up (0.000030s latency).
    Scanned at 2020-05-06 16:59:06 CST for 2s
    Not shown: 999 closed ports
    PORT   STATE SERVICE
    22/tcp open  ssh
    
    Read data files from: /usr/bin/../share/nmap
    Nmap done: 1 IP address (1 host up) scanned in 14.61 seconds
               Raw packets sent: 1061 (46.684KB) | Rcvd: 2123 (89.168KB)
    
    1. 扫描20000-30000范围内的端口情况,不能大于65535
    ]# nmap -p20000-30000 192.168.74.130 
    ...
    PORT      STATE SERVICE
    20022/tcp open  unknown
    ...
    
    1. 扫描指定端口情况
    ]# nmap -p22,25,8080 192.168.74.130
    ...
    PORT   STATE  SERVICE
    22/tcp open   ssh
    25/tcp closed smtp
    80/tcp closed http
    ...
    
    1. 类似ping方式扫描
    ]# nmap -sP ip = ping ip 
    
    1. 扫描一个网段下的ip
    ]# nmap -sP ip/24 
    
    1. 路由跟踪 后面可以是域名或IP
    ]# nmap -traceroute www.baidu.com 
    Starting Nmap 6.40 ( http://nmap.org ) at 2020-05-06 17:09 CST
    Nmap scan report for www.baidu.com (61.135.169.125)
    Host is up (0.023s latency).
    Other addresses for www.baidu.com (not scanned): 61.135.169.121
    Not shown: 997 filtered ports
    PORT     STATE  SERVICE
    80/tcp   open   http
    443/tcp  open   https
    6667/tcp closed irc
    
    TRACEROUTE (using port 80/tcp)
    HOP RTT      ADDRESS
    1   48.24 ms 192.168.74.2
    2   43.83 ms 61.135.169.125
    
    Nmap done: 1 IP address (1 host up) scanned in 18.57 seconds
    
    1. 包含了1-1000端口ping扫描,操作系统扫描,脚本扫描,路由跟踪,服务探测
    ]# nmap -A ip 
    

    ss

    1. ss -tnlp #以数字格式显示tcp正在监听的连接
    2. ss -o state fin-wait-1 '(sport=:http or sport=:https)'
    3. ss src ip[:port]
    4. ss dst ip[:port]

    使用方法

    ss [options] [filter]
          -t:tcp
          -u:udp
          -a:all
          -l:listen
          -p:process
          -s:列出当前socket详细信息
          -o state fin-wait-1 '(sport=:http or sport=:https)'
                established
                syn-sent
                syn-recv
                fin-wait-1
                fin-wait-2
                time-wait
                closed
                close-wait
                last-ack
                listen
                closing
                all:all of the above state
                connected:all the states except for listen and closed
                synchronized:all the connected states except for syn-sent
                bucket:show states, which are maintained as minisockets i,e time-wait and syn-recv
                big:opposite to bucket state
    

    示例

    1. 显示tcp所有连接
    ]# ss -atn
    
    1. 显示状态为established的tcp连接
    ]# ss -t state established
    Recv-Q Send-Q Local Address:Port                 Peer Address:Port                
    0      0      192.168.74.130:ssh                  192.168.74.1:50978
    
    1. 匹配本地地址和端口
    ]# ss src 192.168.74.130
    Netid State      Recv-Q Send-Q        Local Address:Port                         Peer Address:Port
    tcp   ESTAB      0      0            192.168.74.130:ssh                          192.168.74.1:50978
    

    netstat

    使用方法类似ss,但是速度较慢。ss比netstat快的主要原因是,netstat是遍历/proc下面每个PID目录,ss直接读/proc/net下面的统计信息。所以ss执行的时候消耗资源以及消耗的时间都比netstat少很多。
    当服务器的socket连接数量非常大时(如上万个),无论是使用netstat命令还是直接cat /proc/net/tcp执行速度都会很慢,相比之下ss可以节省很多时间。ss快的秘诀在于,它利用了TCP协议栈中tcp_diag,这是一个用于分析统计的模块,可以获得Linux内核中的第一手信息。如果系统中没有tcp_diag,ss也可以正常运行,只是效率会变得稍微慢但仍然比netstat要快
    

    telnet

    1. 远程连接主机
    2. 测试远程主机端口

    示例:

    1. 测试远程主机80端口
    ]# telnet 192.168.153.130 80
    
  • 相关阅读:
    解决tmux在PuTTY下工作异常的问题
    使用 Tmux 强化终端功能
    Redis的五种数据结构
    Kubernetes(k8s) docker集群搭建
    C# 正则表达式大全
    C#异步编程(async and await)及异步方法同步调用
    ASP.NET MVC同时支持web与webapi模式
    ActiveX IE保护模式下的低权限操作路径及Windows操作系统特殊路径
    C#文件夹权限操作工具类
    C#创建文件夹并设置权限
  • 原文地址:https://www.cnblogs.com/wanwz/p/12837576.html
Copyright © 2020-2023  润新知