Linux查看端口号ss和losf指令
SS指令
ss是Socket Statistics的缩写。顾名思义,ss命令可以用来获取socket统计信息,它可以显示和netstat类似的内容。ss的优势在于它能够显示更多更详细的有关TCP和连接状态的信息,而且比netstat更快速更高效。
1- 全部命令参数
Usage: ss [ OPTIONS ]
ss [ OPTIONS ] [ FILTER ]-h, --help thismessage-V, --version output version information-n, --numeric don‘t resolve service names
-r, --resolve resolve host names-a, --all display all sockets-l, --listening display listening sockets-o, --options show timer information-e, --extended show detailed socket information-m, --memory show socket memory usage-p, --processes show process using socket-i, --info show internal TCP information-s, --summary show socket usage summary-b, --bpf show bpf filter socket information-E, --events continually display sockets as they are destroyed-Z, --context display process SELinux security contexts-z, --contexts display process and socket SELinux security contexts-N, --net switchto the specified network namespace name-4, --ipv4 display only IP version 4sockets-6, --ipv6 display only IP version 6sockets-0, --packet display PACKET sockets-t, --tcp display only TCP sockets-S, --sctp display only SCTP sockets-u, --udp display only UDP sockets-d, --dccp display only DCCP sockets-w, --raw display only RAW sockets-x, --unix display only Unix domain sockets--vsock display only vsock sockets-f, --family=FAMILY display sockets of type FAMILY
FAMILY := {inet|inet6|link|unix|netlink|vsock|help}-K, --kill forcibly close sockets, display what was closed-H, --no-header Suppress header line-A, --query=QUERY, --socket=QUERY
QUERY := {all|inet|tcp|udp|raw|unix|unix_dgram|unix_stream|unix_seqpacket|packet|netlink|vsock_stream|vsock_dgram}[,QUERY]-D, --diag=FILE Dump raw information about TCP sockets to FILE-F, --filter=FILE read filter information from FILE
FILTER := [ state STATE-FILTER ] [ EXPRESSION ]
STATE-FILTER := {all|connected|synchronized|bucket|big|TCP-STATES}
TCP-STATES := {established|syn-sent|syn-recv|fin-wait-{1,2}|time-wait|closed|close-wait|last-ack|listen|closing}
connected := {established|syn-sent|syn-recv|fin-wait-{1,2}|time-wait|close-wait|last-ack|closing}synchronized := {established|syn-recv|fin-wait-{1,2}|time-wait|close-wait|last-ack|closing}
bucket := {syn-recv|time-wait}
big := {established|syn-sent|fin-wait-{1,2}|closed|close-wait|last-ack|listen|closing}
2-常用命令参数
-n, --numeric don‘t resolve service names
-r, --resolve resolve host names-a, --all display all sockets-l, --listening display listening sockets-s, --summary show socket usage summary-p, --processes show process using socket-t, --tcp display only TCP sockets
3-示例:ss -lntps | grep 22; 查看被监听的TCP socket,不解析服务名称,并展示使用概要
[[email protected] ~]# ss -lntps | grep 22LISTEN0 128 *:22 *:* users:(("sshd",pid=5376,fd=3))
LISTEN0 50 *:39171 *:* users:(("java",pid=5622,fd=84))
LISTEN0 50 192.168.0.162:9092 *:* users:(("java",pid=5622,fd=100))
losf指令
lsof(list open files)是一个查看进程打开的文件的工具。
在 linux 系统中,一切皆文件。通过文件不仅仅可以访问常规数据,还可以访问网络连接和硬件。所以 lsof 命令不仅可以查看进程打开的文件、目录,还可以查看进程监听的端口等 socket 相关的信息。本文将介绍 lsof 命令的基本用法,本文中 demo 的演示环境为 ubuntu 18.04。
1-全部指令
usage: [-?abhKlnNoOPRtUvVX] [+|-c c] [+|-d s] [+D D] [+|-f[gG]] [+|-e s]
[-F [f]] [-g [s]] [-i [i]] [+|-L [l]] [+m [m]] [+|-M] [-o [o]] [-p s]
[+|-r [t]] [-s [p:s]] [-S [t]] [-T [t]] [-u s] [+|-w] [-x [fl]] [--] [names]
Defaults in parentheses; comma-separated set (s) items; dash-separated ranges.-?|-h list help -a AND selections (OR) -b avoid kernel blocks-c c cmd c ^c /c/[bix] +c w COMMAND width (9) +d s dir s files-d s select by FD set +D D dir D tree *SLOW?* +|-e s exempt s *RISKY*
-i select IPv[46] files -K list tasKs (threads) -l list UID numbers-n no host names -N select NFS files -o list file offset-O no overhead *RISKY* -P no port names -R list paRent PID-s list file size -t terse listing -T disable TCP/TPI info-U select Unix socket -v list version info -V verbose search+|-w Warnings (+) -X skip TCP&UDP* files -Z Z context [Z]--end option scan+f|-f +filesystem or -file names +|-f[gG] flaGs-F [f] select fields; -F? forhelp+|-L [l] list (+) suppress (-) link counts < l (0 = all; default = 0)+m [m] use|create mount supplement+|-M portMap registration (-) -o o o 0t offset digits (8)-p s exclude(^)|select PIDs -S [t] t second stat timeout (15)-T qs TCP/TPI Q,St (s) info-g [s] exclude(^)|select and print process group IDs-i i select by IPv[46] address: [46][proto][@host|addr][:svc_list|port_list]+|-r [t[m]] repeat every t seconds (15); + until no files, -forever.
An optional suffix to t is m; m must separate t from and is an strftime(3) format forthe marker line.-s p:s exclude(^)|select protocol (p = TCP|UDP) states by name(s).-u s exclude(^)|select login|UID set s-x [fl] cross over +d|+D File systems or symbolic Links
names select named files or files on named file systems
Anyone can list all files;/dev warnings disabled; kernel ID check disabled.
2- 示例lsof -i:80; 查看80端口号使用情况
[[email protected] ~]# lsof -i:80COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
AliYunDun1361 root 23u IPv4 138060354 0t0 TCP izbp10ebr6tsvo83iahgzdz:57616->100.100.30.25:http (ESTABLISHED)
java26371 root 52u IPv4 148249126 0t0 TCP *:http (LISTEN)
java26371 root 82u IPv4 148614502 0t0 TCP izbp10ebr6tsvo83iahgzdz:36182->223.71.183.165:http (CLOSE_WAIT)
java26371 root 87u IPv4 149877148 0t0 TCP izbp10ebr6tsvo83iahgzdz:34042->223.71.183.170:http (CLOSE_WAIT)
java26371 root 96u IPv4 149724978 0t0 TCP izbp10ebr6tsvo83iahgzdz:48287->47.111.38.212:http (CLOSE_WAIT)
3-lsof输出各列信息的意义如下:
COMMAND:进程的名称 PID:进程标识符
USER:进程所有者
FD:文件描述符,应用程序通过文件描述符识别该文件。如cwd、txt等 TYPE:文件类型,如DIR、REG等
DEVICE:指定磁盘的名称
SIZE:文件的大小
NODE:索引节点(文件在磁盘上的标识)
NAME:打开文件的确切名称
FD 列中的文件描述符cwd 值表示应用程序的当前工作目录,这是该应用程序启动的目录,除非它本身对这个目录进行更改,txt 类型的文件是程序代码,如应用程序二进制文件本身或共享库,如上列表中显示的 /sbin/init 程序。
END
原文:https://www.cnblogs.com/wobuchifanqie/p/12735708.html
1417
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
