Linux 下查询端口号由哪个程序执行
可以使用lsof命令查询
lsof命令参数解释
-P : 这个选项约束着网络文件的端口号到端口名称的转换。约束转换可以使lsof运行得更快一些。
-n : 这个选项约束着网络文件的端口号到主机名称的转换。约束转换可以使lsof的运行更快一些。
-l : 这个选项约束着用户ID号到登录名的转换。在登录名的查找不正确或很慢时,这个选项就很有用。
+M : 此选项支持本地TCP和UDP端口映射程序的注册报告。
-i4 :仅列示IPv4协议下的端口。
-i6 : 仅列示IPv6协议下的端口。
lnp三个参数对netstat同样适用
测试:
1. 使用netstat查看端口
[root@test ~]# netstat -ano
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State Timer
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN off (0.00/0/0)
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN off (0.00/0/0)
tcp 0 0 0.0.0.0:5666 0.0.0.0:* LISTEN off (0.00/0/0)
tcp 0 0 127.0.0.1:199 0.0.0.0:* LISTEN off (0.00/0/0)
tcp 0 52 172.25.3.188:22 172.25.1.19:2462 ESTABLISHED on (0.40/0/0)
tcp 0 0 :::64269 :::* LISTEN off (0.00/0/0)
tcp 0 0 :::111 :::* LISTEN off (0.00/0/0)
tcp 0 0 :::22 :::* LISTEN off (0.00/0/0)
tcp 0 0 :::45080 :::* LISTEN off (0.00/0/0)
tcp 0 0 ::ffff:127.0.0.1:45180 :::* LISTEN off (0.00/0/0)
tcp 0 0 :::45980 :::* LISTEN off (0.00/0/0)
tcp 0 0 :::5666 :::* LISTEN off (0.00/0/0)
tcp 0 0 :::63785 :::* LISTEN off (0.00/0/0)
tcp 0 0 ::ffff:172.25.3.188:59884 ::ffff:172.25.0.78:1528 ESTABLISHED off (0.00/0/0)
tcp 0 0 ::ffff:172.25.3.188:57661 ::ffff:172.26.1.11:45036 TIME_WAIT timewait (40.13/0/0)
tcp 0 0 ::ffff:172.25.3.188:58883 ::ffff:172.26.1.12:45036 TIME_WAIT timewait (40.14/0/0)
tcp 0 0 ::ffff:172.25.3.188:55898 ::ffff:172.25.3.16:45017 ESTABLISHED off (0.00/0/0)
tcp 0 0 ::ffff:172.25.3.188:57670 ::ffff:172.26.1.11:45036 ESTABLISHED off (0.00/0/0)
tcp 0 0 ::ffff:172.25.3.188:57581 ::ffff:172.25.100.34:1528 ESTABLISHED off (0.00/0/0)
tcp 0 0 ::ffff:172.25.3.188:63958 ::ffff:172.25.3.15:45017 ESTABLISHED off (0.00/0/0)
tcp 0 0 ::ffff:172.25.3.188:57761 ::ffff:172.25.100.34:1528 ESTABLISHED off (0.00/0/0)
tcp 0 0 ::ffff:172.25.3.188:57526 ::ffff:172.25.100.34:1528 TIME_WAIT timewait (14.61/0/0)
tcp 0 0 ::ffff:172.25.3.188:55874 ::ffff:172.25.3.16:45017 TIME_WAIT timewait (10.12/0/0)
tcp 0 0 ::ffff:172.25.3.188:57630 ::ffff:172.25.100.34:1528 ESTABLISHED off (0.00/0/0)
tcp 0 0 ::ffff:172.25.3.188:59740 ::ffff:172.25.0.78:1528 TIME_WAIT timewait (15.34/0/0)
tcp 0 0 ::ffff:172.25.3.188:55315 ::ffff:172.25.100.26:1528 ESTABLISHED off (0.00/0/0)
#可以看到大量端口号,这里只查看80
[root@test ~]# netstat -ano | grep 80
tcp 0 0 :::45080 :::* LISTEN off (0.00/0/0)
tcp 0 0 ::ffff:127.0.0.1:45180 :::* LISTEN off (0.00/0/0)
tcp 0 0 :::45980 :::* LISTEN off (0.00/0/0)
tcp 0 0 ::ffff:172.25.3.188:57680 ::ffff:172.25.100.34:1528 ESTABLISHED off (0.00/0/0)
tcp 0 0 ::ffff:172.25.3.188:45080 ::ffff:172.26.1.12:50023 TIME_WAIT timewait (57.87/0/0)
2. 使用lsof查看45080
#ipv4 上无
[root@test ~]# lsof -Pnl +M -i4 | grep 45080
[root@test ~]#
#ipv6可以查看到部分进程信息
[root@test ~]# lsof -Pnl +M -i6 | grep 45080
java 27821 3000 36u IPv6 1368444 0t0 TCP *:45080 (LISTEN)
java 27821 3000 68u IPv6 3173691 0t0 TCP 172.25.3.188:45080->172.26.1.11:59835 (ESTABLISHED)
java 27821 3000 69u IPv6 3173692 0t0 TCP 172.25.3.188:45080->172.26.1.12:50131 (ESTABLISHED)
java 27821 3000 83u IPv6 3172950 0t0 TCP 172.25.3.188:45080->10.0.6.6:49553 (ESTABLISHED)
java 27821 3000 84u IPv6 3172951 0t0 TCP 172.25.3.188:45080->10.0.6.6:49554 (ESTABLISHED)
java 27821 3000 85u IPv6 3172952 0t0 TCP 172.25.3.188:45080->10.0.6.6:49555 (ESTABLISHED)
使用端口45080是ipv6的协议。用户号:3000 进程号pid:27821
3. 查看用户号为3000的用户是mwuser
[root@test ~]# cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
rpc:x:32:32:Rpcbind Daemon:/var/cache/rpcbind:/sbin/nologin
rtkit:x:499:497:RealtimeKit:/proc:/sbin/nologin
avahi-autoipd:x:170:170:Avahi IPv4LL Stack:/var/lib/avahi-autoipd:/sbin/nologin
abrt:x:173:173::/etc/abrt:/sbin/nologin
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
gdm:x:42:42::/var/lib/gdm:/sbin/nologin
ntp:x:38:38::/etc/ntp:/sbin/nologin
saslauth:x:498:76:"Saslauthd user":/var/empty/saslauth:/sbin/nologin
postfix:x:89:89::/var/spool/postfix:/sbin/nologin
pulse:x:497:495:PulseAudio System Daemon:/var/run/pulse:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
tcpdump:x:72:72::/:/sbin/nologin
nagios:x:500:500::/home/nagios:/bin/bash
mwuser:x:3000:3000::/home/mwuser:/bin/bash
logop:x:3001:3001::/home/logop:/bin/bash
4. 查看进程号:27821 的程序 tomcat
[root@test ~]# ps -ef | grep 27821
mwuser 27821 1 0 Nov11 ? 00:43:38 /mwbase/jdk/jdk1.7.0_67/jre/bin/java -Djava.util.logging.config.file=/mwbase/tomcat/。。。。
root 31789 31130 0 09:47 pts/0 00:00:00 grep 27821
[root@test ~]#
可以使用lsof命令查询
lsof命令参数解释
-P : 这个选项约束着网络文件的端口号到端口名称的转换。约束转换可以使lsof运行得更快一些。
-n : 这个选项约束着网络文件的端口号到主机名称的转换。约束转换可以使lsof的运行更快一些。
-l : 这个选项约束着用户ID号到登录名的转换。在登录名的查找不正确或很慢时,这个选项就很有用。
+M : 此选项支持本地TCP和UDP端口映射程序的注册报告。
-i4 :仅列示IPv4协议下的端口。
-i6 : 仅列示IPv6协议下的端口。
lnp三个参数对netstat同样适用
测试:
1. 使用netstat查看端口
[root@test ~]# netstat -ano
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State Timer
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN off (0.00/0/0)
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN off (0.00/0/0)
tcp 0 0 0.0.0.0:5666 0.0.0.0:* LISTEN off (0.00/0/0)
tcp 0 0 127.0.0.1:199 0.0.0.0:* LISTEN off (0.00/0/0)
tcp 0 52 172.25.3.188:22 172.25.1.19:2462 ESTABLISHED on (0.40/0/0)
tcp 0 0 :::64269 :::* LISTEN off (0.00/0/0)
tcp 0 0 :::111 :::* LISTEN off (0.00/0/0)
tcp 0 0 :::22 :::* LISTEN off (0.00/0/0)
tcp 0 0 :::45080 :::* LISTEN off (0.00/0/0)
tcp 0 0 ::ffff:127.0.0.1:45180 :::* LISTEN off (0.00/0/0)
tcp 0 0 :::45980 :::* LISTEN off (0.00/0/0)
tcp 0 0 :::5666 :::* LISTEN off (0.00/0/0)
tcp 0 0 :::63785 :::* LISTEN off (0.00/0/0)
tcp 0 0 ::ffff:172.25.3.188:59884 ::ffff:172.25.0.78:1528 ESTABLISHED off (0.00/0/0)
tcp 0 0 ::ffff:172.25.3.188:57661 ::ffff:172.26.1.11:45036 TIME_WAIT timewait (40.13/0/0)
tcp 0 0 ::ffff:172.25.3.188:58883 ::ffff:172.26.1.12:45036 TIME_WAIT timewait (40.14/0/0)
tcp 0 0 ::ffff:172.25.3.188:55898 ::ffff:172.25.3.16:45017 ESTABLISHED off (0.00/0/0)
tcp 0 0 ::ffff:172.25.3.188:57670 ::ffff:172.26.1.11:45036 ESTABLISHED off (0.00/0/0)
tcp 0 0 ::ffff:172.25.3.188:57581 ::ffff:172.25.100.34:1528 ESTABLISHED off (0.00/0/0)
tcp 0 0 ::ffff:172.25.3.188:63958 ::ffff:172.25.3.15:45017 ESTABLISHED off (0.00/0/0)
tcp 0 0 ::ffff:172.25.3.188:57761 ::ffff:172.25.100.34:1528 ESTABLISHED off (0.00/0/0)
tcp 0 0 ::ffff:172.25.3.188:57526 ::ffff:172.25.100.34:1528 TIME_WAIT timewait (14.61/0/0)
tcp 0 0 ::ffff:172.25.3.188:55874 ::ffff:172.25.3.16:45017 TIME_WAIT timewait (10.12/0/0)
tcp 0 0 ::ffff:172.25.3.188:57630 ::ffff:172.25.100.34:1528 ESTABLISHED off (0.00/0/0)
tcp 0 0 ::ffff:172.25.3.188:59740 ::ffff:172.25.0.78:1528 TIME_WAIT timewait (15.34/0/0)
tcp 0 0 ::ffff:172.25.3.188:55315 ::ffff:172.25.100.26:1528 ESTABLISHED off (0.00/0/0)
#可以看到大量端口号,这里只查看80
[root@test ~]# netstat -ano | grep 80
tcp 0 0 :::45080 :::* LISTEN off (0.00/0/0)
tcp 0 0 ::ffff:127.0.0.1:45180 :::* LISTEN off (0.00/0/0)
tcp 0 0 :::45980 :::* LISTEN off (0.00/0/0)
tcp 0 0 ::ffff:172.25.3.188:57680 ::ffff:172.25.100.34:1528 ESTABLISHED off (0.00/0/0)
tcp 0 0 ::ffff:172.25.3.188:45080 ::ffff:172.26.1.12:50023 TIME_WAIT timewait (57.87/0/0)
2. 使用lsof查看45080
#ipv4 上无
[root@test ~]# lsof -Pnl +M -i4 | grep 45080
[root@test ~]#
#ipv6可以查看到部分进程信息
[root@test ~]# lsof -Pnl +M -i6 | grep 45080
java 27821 3000 36u IPv6 1368444 0t0 TCP *:45080 (LISTEN)
java 27821 3000 68u IPv6 3173691 0t0 TCP 172.25.3.188:45080->172.26.1.11:59835 (ESTABLISHED)
java 27821 3000 69u IPv6 3173692 0t0 TCP 172.25.3.188:45080->172.26.1.12:50131 (ESTABLISHED)
java 27821 3000 83u IPv6 3172950 0t0 TCP 172.25.3.188:45080->10.0.6.6:49553 (ESTABLISHED)
java 27821 3000 84u IPv6 3172951 0t0 TCP 172.25.3.188:45080->10.0.6.6:49554 (ESTABLISHED)
java 27821 3000 85u IPv6 3172952 0t0 TCP 172.25.3.188:45080->10.0.6.6:49555 (ESTABLISHED)
使用端口45080是ipv6的协议。用户号:3000 进程号pid:27821
3. 查看用户号为3000的用户是mwuser
[root@test ~]# cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
rpc:x:32:32:Rpcbind Daemon:/var/cache/rpcbind:/sbin/nologin
rtkit:x:499:497:RealtimeKit:/proc:/sbin/nologin
avahi-autoipd:x:170:170:Avahi IPv4LL Stack:/var/lib/avahi-autoipd:/sbin/nologin
abrt:x:173:173::/etc/abrt:/sbin/nologin
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
gdm:x:42:42::/var/lib/gdm:/sbin/nologin
ntp:x:38:38::/etc/ntp:/sbin/nologin
saslauth:x:498:76:"Saslauthd user":/var/empty/saslauth:/sbin/nologin
postfix:x:89:89::/var/spool/postfix:/sbin/nologin
pulse:x:497:495:PulseAudio System Daemon:/var/run/pulse:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
tcpdump:x:72:72::/:/sbin/nologin
nagios:x:500:500::/home/nagios:/bin/bash
mwuser:x:3000:3000::/home/mwuser:/bin/bash
logop:x:3001:3001::/home/logop:/bin/bash
4. 查看进程号:27821 的程序 tomcat
[root@test ~]# ps -ef | grep 27821
mwuser 27821 1 0 Nov11 ? 00:43:38 /mwbase/jdk/jdk1.7.0_67/jre/bin/java -Djava.util.logging.config.file=/mwbase/tomcat/。。。。
root 31789 31130 0 09:47 pts/0 00:00:00 grep 27821
[root@test ~]#
来自 “ ITPUB博客 ” ,链接:http://blog.itpub.net/29500582/viewspace-1337134/,如需转载,请注明出处,否则将追究法律责任。
转载于:http://blog.itpub.net/29500582/viewspace-1337134/