• Linux查看端口号ss和losf指令


    Linux查看端口号ss和losf指令

    SS指令

      ss是Socket Statistics的缩写。顾名思义,ss命令可以用来获取socket统计信息,它可以显示和netstat类似的内容。ss的优势在于它能够显示更多更详细的有关TCP和连接状态的信息,而且比netstat更快速更高效。

    1- 全部命令参数

    Usage: ss [ OPTIONS ]
           ss [ OPTIONS ] [ FILTER ]
       -h, --help          this message
       -V, --version       output version information
       -n, --numeric       don't resolve service names
       -r, --resolve       resolve host names
       -a, --all           display all sockets
       -l, --listening     display listening sockets
       -o, --options       show timer information
       -e, --extended      show detailed socket information
       -m, --memory        show socket memory usage
       -p, --processes     show process using socket
       -i, --info          show internal TCP information
       -s, --summary       show socket usage summary
       -b, --bpf           show bpf filter socket information
       -E, --events        continually display sockets as they are destroyed
       -Z, --context       display process SELinux security contexts
       -z, --contexts      display process and socket SELinux security contexts
       -N, --net           switch to the specified network namespace name
    
       -4, --ipv4          display only IP version 4 sockets
       -6, --ipv6          display only IP version 6 sockets
       -0, --packet        display PACKET sockets
       -t, --tcp           display only TCP sockets
       -S, --sctp          display only SCTP sockets
       -u, --udp           display only UDP sockets
       -d, --dccp          display only DCCP sockets
       -w, --raw           display only RAW sockets
       -x, --unix          display only Unix domain sockets
           --vsock         display only vsock sockets
       -f, --family=FAMILY display sockets of type FAMILY
           FAMILY := {inet|inet6|link|unix|netlink|vsock|help}
    
       -K, --kill          forcibly close sockets, display what was closed
       -H, --no-header     Suppress header line
    
       -A, --query=QUERY, --socket=QUERY
           QUERY := {all|inet|tcp|udp|raw|unix|unix_dgram|unix_stream|unix_seqpacket|packet|netlink|vsock_stream|vsock_dgram}[,QUERY]
    
       -D, --diag=FILE     Dump raw information about TCP sockets to FILE
       -F, --filter=FILE   read filter information from FILE
           FILTER := [ state STATE-FILTER ] [ EXPRESSION ]
           STATE-FILTER := {all|connected|synchronized|bucket|big|TCP-STATES}
             TCP-STATES := {established|syn-sent|syn-recv|fin-wait-{1,2}|time-wait|closed|close-wait|last-ack|listen|closing}
              connected := {established|syn-sent|syn-recv|fin-wait-{1,2}|time-wait|close-wait|last-ack|closing}
           synchronized := {established|syn-recv|fin-wait-{1,2}|time-wait|close-wait|last-ack|closing}
                 bucket := {syn-recv|time-wait}
                    big := {established|syn-sent|fin-wait-{1,2}|closed|close-wait|last-ack|listen|closing}

    2-常用命令参数 

    -n, --numeric       don't resolve service names
    -r, --resolve       resolve host names
    -a, --all           display all sockets
    -l, --listening     display listening sockets
    -s, --summary       show socket usage summary
    -p, --processes     show process using socket
    -t, --tcp           display only TCP sockets

    3-示例:ss -lntps | grep 22; 查看被监听的TCP socket,不解析服务名称,并展示使用概要

    [root@izbp10ebr6tsvo83iahgzdz ~]# ss -lntps | grep 22
    LISTEN     0      128          *:22                       *:*                   users:(("sshd",pid=5376,fd=3))
    LISTEN     0      50           *:39171                    *:*                   users:(("java",pid=5622,fd=84))
    LISTEN     0      50     192.168.0.162:9092                     *:*                   users:(("java",pid=5622,fd=100))

    losf指令

      lsof(list open files)是一个查看进程打开的文件的工具。

      在 linux 系统中,一切皆文件。通过文件不仅仅可以访问常规数据,还可以访问网络连接和硬件。所以 lsof 命令不仅可以查看进程打开的文件、目录,还可以查看进程监听的端口等 socket 相关的信息。本文将介绍 lsof 命令的基本用法,本文中 demo 的演示环境为 ubuntu 18.04。

    1-全部指令

     usage: [-?abhKlnNoOPRtUvVX] [+|-c c] [+|-d s] [+D D] [+|-f[gG]] [+|-e s]
     [-F [f]] [-g [s]] [-i [i]] [+|-L [l]] [+m [m]] [+|-M] [-o [o]] [-p s]
    [+|-r [t]] [-s [p:s]] [-S [t]] [-T [t]] [-u s] [+|-w] [-x [fl]] [--] [names]
    Defaults in parentheses; comma-separated set (s) items; dash-separated ranges.
      -?|-h list help          -a AND selections (OR)     -b avoid kernel blocks
      -c c  cmd c ^c /c/[bix]  +c w  COMMAND width (9)    +d s  dir s files
      -d s  select by FD set   +D D  dir D tree *SLOW?*   +|-e s  exempt s *RISKY*
      -i select IPv[46] files  -K list tasKs (threads)    -l list UID numbers
      -n no host names         -N select NFS files        -o list file offset
      -O no overhead *RISKY*   -P no port names           -R list paRent PID
      -s list file size        -t terse listing           -T disable TCP/TPI info
      -U select Unix socket    -v list version info       -V verbose search
      +|-w  Warnings (+)       -X skip TCP&UDP* files     -Z Z  context [Z]
      -- end option scan     
      +f|-f  +filesystem or -file names     +|-f[gG] flaGs 
      -F [f] select fields; -F? for help  
      +|-L [l] list (+) suppress (-) link counts < l (0 = all; default = 0)
                                            +m [m] use|create mount supplement
      +|-M   portMap registration (-)       -o o   o 0t offset digits (8)
      -p s   exclude(^)|select PIDs         -S [t] t second stat timeout (15)
      -T qs TCP/TPI Q,St (s) info
      -g [s] exclude(^)|select and print process group IDs
      -i i   select by IPv[46] address: [46][proto][@host|addr][:svc_list|port_list]
      +|-r [t[m<fmt>]] repeat every t seconds (15);  + until no files, - forever.
           An optional suffix to t is m<fmt>; m must separate t from <fmt> and
          <fmt> is an strftime(3) format for the marker line.
      -s p:s  exclude(^)|select protocol (p = TCP|UDP) states by name(s).
      -u s   exclude(^)|select login|UID set s
      -x [fl] cross over +d|+D File systems or symbolic Links
      names  select named files or files on named file systems
    Anyone can list all files; /dev warnings disabled; kernel ID check disabled.

    2- 示例lsof -i:80; 查看80端口号使用情况

    [root@izbp10ebr6tsvo83iahgzdz ~]# lsof -i:80
    COMMAND     PID USER   FD   TYPE    DEVICE SIZE/OFF NODE NAME
    AliYunDun  1361 root   23u  IPv4 138060354      0t0  TCP izbp10ebr6tsvo83iahgzdz:57616->100.100.30.25:http (ESTABLISHED)
    java      26371 root   52u  IPv4 148249126      0t0  TCP *:http (LISTEN)
    java      26371 root   82u  IPv4 148614502      0t0  TCP izbp10ebr6tsvo83iahgzdz:36182->223.71.183.165:http (CLOSE_WAIT)
    java      26371 root   87u  IPv4 149877148      0t0  TCP izbp10ebr6tsvo83iahgzdz:34042->223.71.183.170:http (CLOSE_WAIT)
    java      26371 root   96u  IPv4 149724978      0t0  TCP izbp10ebr6tsvo83iahgzdz:48287->47.111.38.212:http (CLOSE_WAIT)

     3-lsof输出各列信息的意义如下:

      COMMAND:进程的名称 PID:进程标识符

      USER:进程所有者

      FD:文件描述符,应用程序通过文件描述符识别该文件。如cwd、txt等 TYPE:文件类型,如DIR、REG等

      DEVICE:指定磁盘的名称

      SIZE:文件的大小

      NODE:索引节点(文件在磁盘上的标识)

      NAME:打开文件的确切名称

      FD 列中的文件描述符cwd 值表示应用程序的当前工作目录,这是该应用程序启动的目录,除非它本身对这个目录进行更改,txt 类型的文件是程序代码,如应用程序二进制文件本身或共享库,如上列表中显示的 /sbin/init 程序。

    END

  • 相关阅读:
    Contest (树状数组求逆序对)
    树状数组
    unity3D 笔记 (NENE QUEST 制作中用到的函数)
    Ubuntu 安装gnome桌面及vnc远程连接
    Pillow图像处理
    室内场景数据集
    PyTorch踩坑笔记
    进一步了解pip
    一些概念
    损失函数及评价指标
  • 原文地址:https://www.cnblogs.com/wobuchifanqie/p/12735708.html
Copyright © 2020-2023  润新知