netstat/lsof/nmap端口检测
时间:2009-08-14 来源:admin126com
·校验哪些端口正在监听
# nmap -sT -O localhost
Starting nmap 3.70 ( http://www.insecure.org/nmap/ ) at 2005-05-09 22:07 CST
Interesting ports on cnscn (127.0.0.1):
(The 1648 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
443/tcp open https
631/tcp open ipp
951/tcp open unknown
970/tcp open unknown
2049/tcp open nfs
3306/tcp open mysql
32771/tcp open sometimes-rpc5
32772/tcp open sometimes-rpc7
Device type: general purpose
Running: Linux 2.4.X|2.5.X|2.6.X
OS details: Linux 2.5.25 - 2.6.3 or Gentoo 1.2 Linux 2.4.19 rc1-rc7)
Uptime 0.081 days (since Mon May 9 20:11:26 2005)
Nmap run completed -- 1 IP address (1 host up) scanned in 3.014 seconds
-----------------------------------------------------------------------------------
[注]
#netstat
-t 显示tcp协议相关的进程
-u 显示udp协议相关的进程
-p 列出命令名称与进程号
-r 显示路由表
-n 列出服务的名称 | 端口号
·列出所有服务守护进程
# netstat -ap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 *:32768 *:* LISTEN 2208/rpc.statd
tcp 0 0 *:32769 *:* LISTEN -
tcp 0 0 *:nfs *:* LISTEN -
tcp 0 0 cnscn:32771 *:* LISTEN 3300/ocssd.bin
tcp 0 0 cnscn:32772 *:* LISTEN 3300/ocssd.bin
tcp 0 0 *:mysql *:* LISTEN 2556/mysqld
tcp 0 0 *:970 *:* LISTEN 2489/rpc.mountd
tcp 0 0 *:sunrpc *:* LISTEN 2188/portmap
tcp 0 0 *:ftp *:* LISTEN 2516/vsftpd
tcp 0 0 *:951 *:* LISTEN 2467/rpc.rquotad
tcp 0 0 cnscn:ipp *:* LISTEN 2351/cupsd
tcp 0 0 *:http *:* LISTEN 2660/httpd
tcp 0 0 *:ssh *:* LISTEN 2438/sshd
tcp 0 0 *:https *:* LISTEN 2660/httpd
tcp 0 2448 ::ffff:211.167.237.199:ssh ::ffff:221.216.165.189:1972 ESTABLISHED 3424/sshd: cnscn_ad
udp 0 0 *:32768 *:* 2208/rpc.statd
udp 0 0 *:nfs *:* -
udp 0 0 *:32770 *:* -
udp 0 0 cnscn:32771 *:* 3300/ocssd.bin
udp 0 0 cnscn:32772 *:* 3300/ocssd.bin
udp 0 0 cnscn:32773 *:* 3300/ocssd.bin
udp 0 0 *:688 *:* 2208/rpc.statd
udp 0 0 *:948 *:* 2467/rpc.rquotad
udp 0 0 *:967 *:* 2489/rpc.mountd
udp 0 0 *:sunrpc *:* 2188/portmap
udp 0 0 *:ipp *:* 2351/cupsd
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node PID/Program name Path
unix 2 [ ACC ] STREAM LISTENING 7602 3300/ocssd.bin /var/tmp/.oracle/sOracle_CSS_LclLstnr_localhost_0
unix 8 [ ] DGRAM 4943 2165/syslogd /dev/log
unix 2 [ ACC ] STREAM LISTENING 5985 2649/gpm /dev/gpmctl
unix 2 [ ] DGRAM 6374 2796/hald @/var/run/hal/hotplug_socket
unix 2 [ ACC ] STREAM LISTENING 5250 2320/acpid /var/run/acpid.socket
unix 2 [ ] DGRAM 2617 1007/udevd @udevd
unix 2 [ ACC ] STREAM LISTENING 6164 2735/xfs /tmp/.font-unix/fs7100
unix 2 [ ACC ] STREAM LISTENING 8344 3426/0 /tmp/ssh-cgXAFE3426/agent.3426
unix 2 [ ACC ] STREAM LISTENING 5928 2556/mysqld /var/lib/mysql/mysql.sock
unix 2 [ ACC ] STREAM LISTENING 6117 2689/htt_server /var/run/iiim/.iiimp-unix/9010
unix 2 [ ACC ] STREAM LISTENING 6235 2771/dbus-daemon-1 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 8334 3424/sshd: cnscn_ad
unix 3 [ ] STREAM CONNECTED 8333 3426/0
unix 3 [ ] STREAM CONNECTED 6373 2771/dbus-daemon-1 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 6372 2796/hald
unix 3 [ ] STREAM CONNECTED 6341 2771/dbus-daemon-1 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 6340 2785/cups-config-da
unix 3 [ ] STREAM CONNECTED 6242 2771/dbus-daemon-1
unix 3 [ ] STREAM CONNECTED 6241 2771/dbus-daemon-1
unix 2 [ ] DGRAM 6205 2735/xfs
unix 2 [ ] DGRAM 6077 2699/crond
unix 2 [ ] DGRAM 5984 2649/gpm
unix 2 [ ] DGRAM 5584 2453/xinetd
unix 3 [ ] STREAM CONNECTED 5122 2241/rpc.idmapd
unix 3 [ ] STREAM CONNECTED 5121 2241/rpc.idmapd
unix 2 [ ] DGRAM 5009 2208/rpc.statd
unix 2 [ ] DGRAM 4955 2169/klogd
-----------------------------------------------------------------------------
# netstat -anp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:32768 0.0.0.0:* LISTEN 2208/rpc.statd
tcp 0 0 127.0.0.1:32771 0.0.0.0:* LISTEN 3300/ocssd.bin
tcp 0 0 127.0.0.1:32772 0.0.0.0:* LISTEN 3300/ocssd.bin
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 2556/mysqld
tcp 0 0 0.0.0.0:970 0.0.0.0:* LISTEN 2489/rpc.mountd
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 2188/portmap
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 2516/vsftpd
tcp 0 0 0.0.0.0:951 0.0.0.0:* LISTEN 2467/rpc.rquotad
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 2351/cupsd
tcp 0 0 :::80 :::* LISTEN 2660/httpd
tcp 0 0 :::22 :::* LISTEN 2438/sshd
tcp 0 0 :::443 :::* LISTEN 2660/httpd
tcp 0 2448 ::ffff:211.167.237.199:22 ::ffff:221.216.165.189:1972 ESTABLISHED 3424/sshd: cnscn_ad
udp 0 0 0.0.0.0:32768 0.0.0.0:* 2208/rpc.statd
udp 0 0 127.0.0.1:32771 0.0.0.0:* 3300/ocssd.bin
udp 0 0 127.0.0.1:32772 0.0.0.0:* 3300/ocssd.bin
udp 0 0 127.0.0.1:32773 0.0.0.0:* 3300/ocssd.bin
udp 0 0 0.0.0.0:688 0.0.0.0:* 2208/rpc.statd
udp 0 0 0.0.0.0:948 0.0.0.0:* 2467/rpc.rquotad
udp 0 0 0.0.0.0:967 0.0.0.0:* 2489/rpc.mountd
udp 0 0 0.0.0.0:111 0.0.0.0:* 2188/portmap
udp 0 0 0.0.0.0:631 0.0.0.0:* 2351/cupsd
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node PID/Program name Path
unix 2 [ ACC ] STREAM LISTENING 7602 3300/ocssd.bin /var/tmp/.oracle/sOracle_CSS_LclLstnr_localhost_0
unix 8 [ ] DGRAM 4943 2165/syslogd /dev/log
unix 2 [ ACC ] STREAM LISTENING 5985 2649/gpm /dev/gpmctl
unix 2 [ ] DGRAM 6374 2796/hald @/var/run/hal/hotplug_socket
unix 2 [ ACC ] STREAM LISTENING 5250 2320/acpid /var/run/acpid.socket
unix 2 [ ] DGRAM 2617 1007/udevd @udevd
unix 2 [ ACC ] STREAM LISTENING 6164 2735/xfs /tmp/.font-unix/fs7100
unix 2 [ ACC ] STREAM LISTENING 8344 3426/0 /tmp/ssh-cgXAFE3426/agent.3426
unix 2 [ ACC ] STREAM LISTENING 5928 2556/mysqld /var/lib/mysql/mysql.sock
unix 2 [ ACC ] STREAM LISTENING 6117 2689/htt_server /var/run/iiim/.iiimp-unix/9010
unix 2 [ ACC ] STREAM LISTENING 6235 2771/dbus-daemon-1 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 8334 3424/sshd: cnscn_ad
unix 3 [ ] STREAM CONNECTED 8333 3426/0
unix 3 [ ] STREAM CONNECTED 6373 2771/dbus-daemon-1 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 6372 2796/hald
unix 3 [ ] STREAM CONNECTED 6341 2771/dbus-daemon-1 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 6340 2785/cups-config-da
unix 3 [ ] STREAM CONNECTED 6242 2771/dbus-daemon-1
unix 3 [ ] STREAM CONNECTED 6241 2771/dbus-daemon-1
unix 2 [ ] DGRAM 6205 2735/xfs
unix 2 [ ] DGRAM 6077 2699/crond
unix 2 [ ] DGRAM 5984 2649/gpm
unix 2 [ ] DGRAM 5584 2453/xinetd
unix 3 [ ] STREAM CONNECTED 5122 2241/rpc.idmapd
unix 3 [ ] STREAM CONNECTED 5121 2241/rpc.idmapd
unix 2 [ ] DGRAM 5009 2208/rpc.statd
unix 2 [ ] DGRAM 4955 2169/klogd
--------------------------------------------------------------------
# netstat -r
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
211.167.237.0 * 255.255.255.0 U 0 0 0 eth1
192.168.0.0 * 255.255.255.0 U 0 0 0 eth0
169.254.0.0 * 255.255.0.0 U 0 0 0 eth0
default 211.167.237.129 0.0.0.0 UG 0 0 0 eth1
--------------------------------------------------------------------
# netstat -i
Kernel Interface table
Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0 1500 0 5280 0 0 0 16 0 0 0 BMRU
eth1 1500 0 12139 0 0 0 2709 0 0 0 BMRU
lo 16436 0 14083 0 0 0 14083 0 0 0 LRU
--------------------------------------------------------------------
# netstat -g
IPv6/IPv4 Group Memberships
Interface RefCnt Group
--------------- ------ ---------------------
lo 1 ALL-SYSTEMS.MCAST.NET
eth0 1 ALL-SYSTEMS.MCAST.NET
eth1 1 ALL-SYSTEMS.MCAST.NET
lo 1 ff02::1
eth0 1 ff02::1:ff16:b985
eth0 1 ff02::1
eth1 1 ff02::1:ff16:ba87
eth1 1 ff02::1
--------------------------------------------------------------------
访问计时功能
# netstat -o
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State Timer
tcp 0 304 ::ffff:211.167.237.199:ssh ::ffff:221.216.165.189:1972 ESTABLISHED on (0.31/0/0)
--------------------------------------------------------------------
# netstat -F
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 256 ::ffff:211.167.237.199:ssh ::ffff:221.216.165.189:1972 ESTABLISHED
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags Type State I-Node Path
unix 8 [ ] DGRAM 4943 /dev/log
unix 2 [ ] DGRAM 6374 @/var/run/hal/hotplug_socket
unix 2 [ ] DGRAM 2617 @udevd
unix 3 [ ] STREAM CONNECTED 8334
unix 3 [ ] STREAM CONNECTED 8333
unix 3 [ ] STREAM CONNECTED 6373 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 6372
unix 3 [ ] STREAM CONNECTED 6341 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 6340
unix 3 [ ] STREAM CONNECTED 6242
unix 3 [ ] STREAM CONNECTED 6241
unix 2 [ ] DGRAM 6205
unix 2 [ ] DGRAM 6077
unix 2 [ ] DGRAM 5984
unix 2 [ ] DGRAM 5584
unix 3 [ ] STREAM CONNECTED 5122
unix 3 [ ] STREAM CONNECTED 5121
unix 2 [ ] DGRAM 5009
unix 2 [ ] DGRAM 4955
-----------------------------------------------------------------------------
# netstat -C
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 304 ::ffff:211.167.237.199:ssh ::ffff:221.216.165.189:1972 ESTABLISHED
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags Type State I-Node Path
unix 8 [ ] DGRAM 4943 /dev/log
unix 2 [ ] DGRAM 6374 @/var/run/hal/hotplug_socket
unix 2 [ ] DGRAM 2617 @udevd
unix 3 [ ] STREAM CONNECTED 8334
unix 3 [ ] STREAM CONNECTED 8333
unix 3 [ ] STREAM CONNECTED 6373 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 6372
unix 3 [ ] STREAM CONNECTED 6341 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 6340
unix 3 [ ] STREAM CONNECTED 6242
unix 3 [ ] STREAM CONNECTED 6241
unix 2 [ ] DGRAM 6205
unix 2 [ ] DGRAM 6077
unix 2 [ ] DGRAM 5984
unix 2 [ ] DGRAM 5584
unix 3 [ ] STREAM CONNECTED 5122
unix 3 [ ] STREAM CONNECTED 5121
unix 2 [ ] DGRAM 5009
unix 2 [ ] DGRAM 4955
--------------------------------------------------------------------
# netstat -N
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 256 ::ffff:211.167.237.199:ssh ::ffff:221.216.165.189:1972 ESTABLISHED
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags Type State I-Node Path
unix 8 [ ] DGRAM 4943 /dev/log
unix 2 [ ] DGRAM 6374 @/var/run/hal/hotplug_socket
unix 2 [ ] DGRAM 2617 @udevd
unix 3 [ ] STREAM CONNECTED 8334
unix 3 [ ] STREAM CONNECTED 8333
unix 3 [ ] STREAM CONNECTED 6373 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 6372
unix 3 [ ] STREAM CONNECTED 6341 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 6340
unix 3 [ ] STREAM CONNECTED 6242
unix 3 [ ] STREAM CONNECTED 6241
unix 2 [ ] DGRAM 6205
unix 2 [ ] DGRAM 6077
unix 2 [ ] DGRAM 5984
unix 2 [ ] DGRAM 5584
unix 3 [ ] STREAM CONNECTED 5122
unix 3 [ ] STREAM CONNECTED 5121
unix 2 [ ] DGRAM 5009
unix 2 [ ] DGRAM 4955
---------------------------------------------------------------------
# netstat -e
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State User Inode
tcp 0 320 ::ffff:211.167.237.199:ssh ::ffff:221.216.165.189:1972 ESTABLISHED root 8312
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags Type State I-Node Path
unix 8 [ ] DGRAM 4943 /dev/log
unix 2 [ ] DGRAM 6374 @/var/run/hal/hotplug_socket
unix 2 [ ] DGRAM 2617 @udevd
unix 3 [ ] STREAM CONNECTED 8334
unix 3 [ ] STREAM CONNECTED 8333
unix 3 [ ] STREAM CONNECTED 6373 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 6372
unix 3 [ ] STREAM CONNECTED 6341 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 6340
unix 3 [ ] STREAM CONNECTED 6242
unix 3 [ ] STREAM CONNECTED 6241
unix 2 [ ] DGRAM 6205
unix 2 [ ] DGRAM 6077
unix 2 [ ] DGRAM 5984
unix 2 [ ] DGRAM 5584
unix 3 [ ] STREAM CONNECTED 5122
unix 3 [ ] STREAM CONNECTED 5121
unix 2 [ ] DGRAM 5009
unix 2 [ ] DGRAM 4955
--------------------------------------------------------------------
·列出现有监听进程
# netstat -l
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *:32768 *:* LISTEN
tcp 0 0 *:32769 *:* LISTEN
tcp 0 0 *:nfs *:* LISTEN
tcp 0 0 cnscn:32771 *:* LISTEN
tcp 0 0 cnscn:32772 *:* LISTEN
tcp 0 0 *:mysql *:* LISTEN
tcp 0 0 *:970 *:* LISTEN
tcp 0 0 *:sunrpc *:* LISTEN
tcp 0 0 *:ftp *:* LISTEN
tcp 0 0 *:951 *:* LISTEN
tcp 0 0 cnscn:ipp *:* LISTEN
tcp 0 0 *:http *:* LISTEN
tcp 0 0 *:ssh *:* LISTEN
tcp 0 0 *:https *:* LISTEN
udp 0 0 *:32768 *:*
udp 0 0 *:nfs *:*
udp 0 0 *:32770 *:*
udp 0 0 cnscn:32771 *:*
udp 0 0 cnscn:32772 *:*
udp 0 0 cnscn:32773 *:*
udp 0 0 *:688 *:*
udp 0 0 *:948 *:*
udp 0 0 *:967 *:*
udp 0 0 *:sunrpc *:*
udp 0 0 *:ipp *:*
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 7602 /var/tmp/.oracle/sOracle_CSS_LclLstnr_localhost_0
unix 2 [ ACC ] STREAM LISTENING 5985 /dev/gpmctl
unix 2 [ ACC ] STREAM LISTENING 5250 /var/run/acpid.socket
unix 2 [ ACC ] STREAM LISTENING 6164 /tmp/.font-unix/fs7100
unix 2 [ ACC ] STREAM LISTENING 8344 /tmp/ssh-cgXAFE3426/agent.3426
unix 2 [ ACC ] STREAM LISTENING 5928 /var/lib/mysql/mysql.sock
unix 2 [ ACC ] STREAM LISTENING 6117 /var/run/iiim/.iiimp-unix/9010
unix 2 [ ACC ] STREAM LISTENING 6235 /var/run/dbus/system_bus_socket
---------------------------------------------------------------------
# netstat -s
Ip:
20033 total packets received
0 forwarded
0 incoming packets discarded
19925 incoming packets delivered
16887 requests sent out
Icmp:
4 ICMP messages received
1 input ICMP message failed.
ICMP input histogram:
destination unreachable: 1
echo requests: 2
echo replies: 1
8 ICMP messages sent
0 ICMP messages failed
ICMP output histogram:
destination unreachable: 6
echo replies: 2
Tcp:
1660 active connections openings
77 passive connection openings
0 failed connection attempts
23 connection resets received
1 connections established
6042 segments received
5977 segments send out
32 segments retransmited
1 bad segments received.
1722 resets sent
Udp:
10885 packets received
6 packets to unknown port received.
0 packet receive errors
10885 packets sent
TcpExt:
8 resets received for embryonic SYN_RECV sockets
ArpFilter: 0
56 TCP sockets finished time wait in fast timer
93 delayed acks sent
17 packets directly queued to recvmsg divqueue.
419 packets header divdicted
TCPPureAcks: 1021
TCPHPAcks: 298
TCPRenoRecovery: 0
TCPSackRecovery: 16
TCPSACKReneging: 0
TCPFACKReorder: 0
TCPSACKReorder: 0
TCPRenoReorder: 0
TCPTSReorder: 0
TCPFullUndo: 0
TCPPartialUndo: 0
TCPDSACKUndo: 0
TCPLossUndo: 0
TCPLoss: 1
TCPLostRetransmit: 0
TCPRenoFailures: 0
TCPSackFailures: 7
TCPLossFailures: 0
TCPFastRetrans: 18
TCPForwardRetrans: 0
TCPSlowStartRetrans: 2
TCPTimeouts: 5
TCPRenoRecoveryFail: 0
TCPSackRecoveryFail: 0
TCPSchedulerFailed: 0
TCPRcvCollapsed: 0
TCPDSACKOldSent: 1
TCPDSACKOfoSent: 0
TCPDSACKRecv: 1
TCPDSACKOfoRecv: 0
TCPAbortOnSyn: 0
TCPAbortOnData: 1655
TCPAbortOnClose: 5
TCPAbortOnMemory: 0
TCPAbortOnTimeout: 0
TCPAbortOnLinger: 0
TCPAbortFailed: 0
TCPMemoryPressures: 0
--------------------------------------------------------------------
·ports
# /home/tools/network/ports
1)TCP
Lcl port Rmt port Status Rmt IP Rmt host
------------------------------------------------------------------------------
32768= ? 0= zero 0A= LISTEN 0.0.0.0 local
32769= ? 0= zero 0A= LISTEN 0.0.0.0 local
2049= nfs 0= zero 0A= LISTEN 0.0.0.0 local
32771= ? 0= zero 0A= LISTEN 0.0.0.0 local
32772= ? 0= zero 0A= LISTEN 0.0.0.0 local
3306= mysql 0= zero 0A= LISTEN 0.0.0.0 local
970= ? 0= zero 0A= LISTEN 0.0.0.0 local
111= sunrpc 0= zero 0A= LISTEN 0.0.0.0 local
21= ftp 0= zero 0A= LISTEN 0.0.0.0 local
951= ? 0= zero 0A= LISTEN 0.0.0.0 local
631= ipp 0= zero 0A= LISTEN 0.0.0.0 local
2)UDP
Lcl port Rmt port Status Rmt IP Rmt host
------------------------------------------------------------------------------
32768= ? 0= zero 07= CLOSE 0.0.0.0 local
2049= nfs 0= zero 07= CLOSE 0.0.0.0 local
32770= ? 0= zero 07= CLOSE 0.0.0.0 local
32771= ? 0= zero 07= CLOSE 0.0.0.0 local
32772= ? 0= zero 07= CLOSE 0.0.0.0 local
32773= ? 0= zero 07= CLOSE 0.0.0.0 local
688= ? 0= zero 07= CLOSE 0.0.0.0 local
948= ? 0= zero 07= CLOSE 0.0.0.0 local
967= ? 0= zero 07= CLOSE 0.0.0.0 local
111= sunrpc 0= zero 07= CLOSE 0.0.0.0 local
631= ipp 0= zero 07= CLOSE 0.0.0.0 local
================================================================
·检查22端口的服务及访问连接
# lsof -i:22
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
sshd 2438 root 3u IPv6 5543 TCP *:ssh (LISTEN)
sshd 3424 root 3u IPv6 8312 TCP 211.167.237.199:ssh->221.216.165.189:1972 (ESTABLISHED)
--------------------------------------------------------------------
·查询命令mysqld_sa的所有进程
# lsof -c mysqld_sa
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
mysqld_sa 2529 root txt REG 3,5 616312 554965 /bin/bash
mysqld_sa 2529 root mem REG 3,5 1454835 424335 /lib/tls/libc-2.3.4.so
mysqld_sa 2529 root 255r REG 3,5 10912 865383 /usr/bin/mysqld_safe
--------------------------------------------------------------------
·查询一个进程在进行的命令
# lsof -p 1007
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
udevd 1007 root cwd DIR 3,5 4096 2 /
udevd 1007 root mem REG 3,5 56320 424434 /lib/libselinux.so.1
udevd 1007 root 5u unix 0xdf4f8300 2617 socket
---------------------------------------------------------------------
·按名称查询
# lsof names /var/log/httpd/error_log
lsof: status error on names: No such file or directory
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
httpd 2660 root 2w REG 3,5 18061 2515805 /var/log/httpd/error_log
httpd 2660 root 7w REG 3,5 18061 2515805 /var/log/httpd/error_log
---------------------------------------------------------------------
# netstat -h
usage: netstat [-veenNcCF] [<Af>] -r
netstat {-V|--version|-h|--help}
netstat [-vnNcaeol] [<Socket> ...]
netstat { [-veenNac] -i[<Iface>] | [-cnNe] -M | -s } [delay]
-r, --route display routing table
-i, --interfaces=[<Iface>] display interface table
-g, --groups display multicast group memberships
-s, --statistics display networking statistics (like SNMP)
-M, --masquerade display masqueraded connections
-v, --verbose be verbose
-n, --numeric don't resolve names
--numeric-hosts don't resolve host names
--numeric-ports don't resolve port names
--numeric-users don't resolve user names
-N, --symbolic resolve hardware names
-e, --extend display other/more information
-p, --programs display PID/Program name for sockets
-c, --continuous continuous listing
-l, --listening display listening server sockets
-a, --all, --listening display all sockets (default: connected)
-o, --timers display timers
-F, --fib display Forwarding Information Base (default)
-C, --cache display routing cache instead of FIB
<Iface>: Name of interface to monitor/list.
<Socket>={-t|--tcp} {-u|--udp} {-w|--raw} {-x|--unix} --ax25 --ipx --netrom
<AF>=Use '-A <af>' or '--<af>'; default: inet
List of possible address families (which support routing):
inet (DARPA Internet) inet6 (IPv6) ax25 (AMPR AX.25)
netrom (AMPR NET/ROM) ipx (Novell IPX) ddp (Appletalk DDP)
x25 (CCITT X.25)
# netstat -atuv | more
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *:32768 *:* LISTEN
tcp 0 0 *:32769 *:* LISTEN
tcp 0 0 *:nfs *:* LISTEN
tcp 0 0 cnscn:32771 *:* LISTEN
tcp 0 0 cnscn:32772 *:* LISTEN
tcp 0 0 *:mysql *:* LISTEN
tcp 0 0 *:970 *:* LISTEN
tcp 0 0 *:sunrpc *:* LISTEN
tcp 0 0 *:ftp *:* LISTEN
tcp 0 0 *:951 *:* LISTEN
tcp 0 0 cnscn:ipp *:* LISTEN
tcp 0 0 *:http *:* LISTEN
tcp 0 0 *:ssh *:* LISTEN
tcp 0 0 *:https *:* LISTEN
tcp 0 0 ::ffff:211.167.237.199:http ::ffff:221.216.165.189:2013 TIME_WAIT
udp 0 0 *:32768 *:*
udp 0 0 *:nfs *:*
udp 0 0 *:32770 *:*
udp 0 0 cnscn:32771 *:*
udp 0 0 cnscn:32772 *:*
udp 0 0 cnscn:32773 *:*
udp 0 0 *:688 *:*
udp 0 0 *:948 *:*
udp 0 0 *:967 *:*
udp 0 0 *:sunrpc *:*
udp 0 0 *:ipp *:*
·查看系统所有服务
# cat /etc/services
# nmap -sT -O localhost
Starting nmap 3.70 ( http://www.insecure.org/nmap/ ) at 2005-05-09 22:07 CST
Interesting ports on cnscn (127.0.0.1):
(The 1648 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
443/tcp open https
631/tcp open ipp
951/tcp open unknown
970/tcp open unknown
2049/tcp open nfs
3306/tcp open mysql
32771/tcp open sometimes-rpc5
32772/tcp open sometimes-rpc7
Device type: general purpose
Running: Linux 2.4.X|2.5.X|2.6.X
OS details: Linux 2.5.25 - 2.6.3 or Gentoo 1.2 Linux 2.4.19 rc1-rc7)
Uptime 0.081 days (since Mon May 9 20:11:26 2005)
Nmap run completed -- 1 IP address (1 host up) scanned in 3.014 seconds
-----------------------------------------------------------------------------------
[注]
#netstat
-t 显示tcp协议相关的进程
-u 显示udp协议相关的进程
-p 列出命令名称与进程号
-r 显示路由表
-n 列出服务的名称 | 端口号
·列出所有服务守护进程
# netstat -ap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 *:32768 *:* LISTEN 2208/rpc.statd
tcp 0 0 *:32769 *:* LISTEN -
tcp 0 0 *:nfs *:* LISTEN -
tcp 0 0 cnscn:32771 *:* LISTEN 3300/ocssd.bin
tcp 0 0 cnscn:32772 *:* LISTEN 3300/ocssd.bin
tcp 0 0 *:mysql *:* LISTEN 2556/mysqld
tcp 0 0 *:970 *:* LISTEN 2489/rpc.mountd
tcp 0 0 *:sunrpc *:* LISTEN 2188/portmap
tcp 0 0 *:ftp *:* LISTEN 2516/vsftpd
tcp 0 0 *:951 *:* LISTEN 2467/rpc.rquotad
tcp 0 0 cnscn:ipp *:* LISTEN 2351/cupsd
tcp 0 0 *:http *:* LISTEN 2660/httpd
tcp 0 0 *:ssh *:* LISTEN 2438/sshd
tcp 0 0 *:https *:* LISTEN 2660/httpd
tcp 0 2448 ::ffff:211.167.237.199:ssh ::ffff:221.216.165.189:1972 ESTABLISHED 3424/sshd: cnscn_ad
udp 0 0 *:32768 *:* 2208/rpc.statd
udp 0 0 *:nfs *:* -
udp 0 0 *:32770 *:* -
udp 0 0 cnscn:32771 *:* 3300/ocssd.bin
udp 0 0 cnscn:32772 *:* 3300/ocssd.bin
udp 0 0 cnscn:32773 *:* 3300/ocssd.bin
udp 0 0 *:688 *:* 2208/rpc.statd
udp 0 0 *:948 *:* 2467/rpc.rquotad
udp 0 0 *:967 *:* 2489/rpc.mountd
udp 0 0 *:sunrpc *:* 2188/portmap
udp 0 0 *:ipp *:* 2351/cupsd
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node PID/Program name Path
unix 2 [ ACC ] STREAM LISTENING 7602 3300/ocssd.bin /var/tmp/.oracle/sOracle_CSS_LclLstnr_localhost_0
unix 8 [ ] DGRAM 4943 2165/syslogd /dev/log
unix 2 [ ACC ] STREAM LISTENING 5985 2649/gpm /dev/gpmctl
unix 2 [ ] DGRAM 6374 2796/hald @/var/run/hal/hotplug_socket
unix 2 [ ACC ] STREAM LISTENING 5250 2320/acpid /var/run/acpid.socket
unix 2 [ ] DGRAM 2617 1007/udevd @udevd
unix 2 [ ACC ] STREAM LISTENING 6164 2735/xfs /tmp/.font-unix/fs7100
unix 2 [ ACC ] STREAM LISTENING 8344 3426/0 /tmp/ssh-cgXAFE3426/agent.3426
unix 2 [ ACC ] STREAM LISTENING 5928 2556/mysqld /var/lib/mysql/mysql.sock
unix 2 [ ACC ] STREAM LISTENING 6117 2689/htt_server /var/run/iiim/.iiimp-unix/9010
unix 2 [ ACC ] STREAM LISTENING 6235 2771/dbus-daemon-1 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 8334 3424/sshd: cnscn_ad
unix 3 [ ] STREAM CONNECTED 8333 3426/0
unix 3 [ ] STREAM CONNECTED 6373 2771/dbus-daemon-1 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 6372 2796/hald
unix 3 [ ] STREAM CONNECTED 6341 2771/dbus-daemon-1 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 6340 2785/cups-config-da
unix 3 [ ] STREAM CONNECTED 6242 2771/dbus-daemon-1
unix 3 [ ] STREAM CONNECTED 6241 2771/dbus-daemon-1
unix 2 [ ] DGRAM 6205 2735/xfs
unix 2 [ ] DGRAM 6077 2699/crond
unix 2 [ ] DGRAM 5984 2649/gpm
unix 2 [ ] DGRAM 5584 2453/xinetd
unix 3 [ ] STREAM CONNECTED 5122 2241/rpc.idmapd
unix 3 [ ] STREAM CONNECTED 5121 2241/rpc.idmapd
unix 2 [ ] DGRAM 5009 2208/rpc.statd
unix 2 [ ] DGRAM 4955 2169/klogd
-----------------------------------------------------------------------------
# netstat -anp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:32768 0.0.0.0:* LISTEN 2208/rpc.statd
tcp 0 0 127.0.0.1:32771 0.0.0.0:* LISTEN 3300/ocssd.bin
tcp 0 0 127.0.0.1:32772 0.0.0.0:* LISTEN 3300/ocssd.bin
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 2556/mysqld
tcp 0 0 0.0.0.0:970 0.0.0.0:* LISTEN 2489/rpc.mountd
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 2188/portmap
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 2516/vsftpd
tcp 0 0 0.0.0.0:951 0.0.0.0:* LISTEN 2467/rpc.rquotad
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 2351/cupsd
tcp 0 0 :::80 :::* LISTEN 2660/httpd
tcp 0 0 :::22 :::* LISTEN 2438/sshd
tcp 0 0 :::443 :::* LISTEN 2660/httpd
tcp 0 2448 ::ffff:211.167.237.199:22 ::ffff:221.216.165.189:1972 ESTABLISHED 3424/sshd: cnscn_ad
udp 0 0 0.0.0.0:32768 0.0.0.0:* 2208/rpc.statd
udp 0 0 127.0.0.1:32771 0.0.0.0:* 3300/ocssd.bin
udp 0 0 127.0.0.1:32772 0.0.0.0:* 3300/ocssd.bin
udp 0 0 127.0.0.1:32773 0.0.0.0:* 3300/ocssd.bin
udp 0 0 0.0.0.0:688 0.0.0.0:* 2208/rpc.statd
udp 0 0 0.0.0.0:948 0.0.0.0:* 2467/rpc.rquotad
udp 0 0 0.0.0.0:967 0.0.0.0:* 2489/rpc.mountd
udp 0 0 0.0.0.0:111 0.0.0.0:* 2188/portmap
udp 0 0 0.0.0.0:631 0.0.0.0:* 2351/cupsd
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node PID/Program name Path
unix 2 [ ACC ] STREAM LISTENING 7602 3300/ocssd.bin /var/tmp/.oracle/sOracle_CSS_LclLstnr_localhost_0
unix 8 [ ] DGRAM 4943 2165/syslogd /dev/log
unix 2 [ ACC ] STREAM LISTENING 5985 2649/gpm /dev/gpmctl
unix 2 [ ] DGRAM 6374 2796/hald @/var/run/hal/hotplug_socket
unix 2 [ ACC ] STREAM LISTENING 5250 2320/acpid /var/run/acpid.socket
unix 2 [ ] DGRAM 2617 1007/udevd @udevd
unix 2 [ ACC ] STREAM LISTENING 6164 2735/xfs /tmp/.font-unix/fs7100
unix 2 [ ACC ] STREAM LISTENING 8344 3426/0 /tmp/ssh-cgXAFE3426/agent.3426
unix 2 [ ACC ] STREAM LISTENING 5928 2556/mysqld /var/lib/mysql/mysql.sock
unix 2 [ ACC ] STREAM LISTENING 6117 2689/htt_server /var/run/iiim/.iiimp-unix/9010
unix 2 [ ACC ] STREAM LISTENING 6235 2771/dbus-daemon-1 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 8334 3424/sshd: cnscn_ad
unix 3 [ ] STREAM CONNECTED 8333 3426/0
unix 3 [ ] STREAM CONNECTED 6373 2771/dbus-daemon-1 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 6372 2796/hald
unix 3 [ ] STREAM CONNECTED 6341 2771/dbus-daemon-1 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 6340 2785/cups-config-da
unix 3 [ ] STREAM CONNECTED 6242 2771/dbus-daemon-1
unix 3 [ ] STREAM CONNECTED 6241 2771/dbus-daemon-1
unix 2 [ ] DGRAM 6205 2735/xfs
unix 2 [ ] DGRAM 6077 2699/crond
unix 2 [ ] DGRAM 5984 2649/gpm
unix 2 [ ] DGRAM 5584 2453/xinetd
unix 3 [ ] STREAM CONNECTED 5122 2241/rpc.idmapd
unix 3 [ ] STREAM CONNECTED 5121 2241/rpc.idmapd
unix 2 [ ] DGRAM 5009 2208/rpc.statd
unix 2 [ ] DGRAM 4955 2169/klogd
--------------------------------------------------------------------
# netstat -r
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
211.167.237.0 * 255.255.255.0 U 0 0 0 eth1
192.168.0.0 * 255.255.255.0 U 0 0 0 eth0
169.254.0.0 * 255.255.0.0 U 0 0 0 eth0
default 211.167.237.129 0.0.0.0 UG 0 0 0 eth1
--------------------------------------------------------------------
# netstat -i
Kernel Interface table
Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0 1500 0 5280 0 0 0 16 0 0 0 BMRU
eth1 1500 0 12139 0 0 0 2709 0 0 0 BMRU
lo 16436 0 14083 0 0 0 14083 0 0 0 LRU
--------------------------------------------------------------------
# netstat -g
IPv6/IPv4 Group Memberships
Interface RefCnt Group
--------------- ------ ---------------------
lo 1 ALL-SYSTEMS.MCAST.NET
eth0 1 ALL-SYSTEMS.MCAST.NET
eth1 1 ALL-SYSTEMS.MCAST.NET
lo 1 ff02::1
eth0 1 ff02::1:ff16:b985
eth0 1 ff02::1
eth1 1 ff02::1:ff16:ba87
eth1 1 ff02::1
--------------------------------------------------------------------
访问计时功能
# netstat -o
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State Timer
tcp 0 304 ::ffff:211.167.237.199:ssh ::ffff:221.216.165.189:1972 ESTABLISHED on (0.31/0/0)
--------------------------------------------------------------------
# netstat -F
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 256 ::ffff:211.167.237.199:ssh ::ffff:221.216.165.189:1972 ESTABLISHED
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags Type State I-Node Path
unix 8 [ ] DGRAM 4943 /dev/log
unix 2 [ ] DGRAM 6374 @/var/run/hal/hotplug_socket
unix 2 [ ] DGRAM 2617 @udevd
unix 3 [ ] STREAM CONNECTED 8334
unix 3 [ ] STREAM CONNECTED 8333
unix 3 [ ] STREAM CONNECTED 6373 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 6372
unix 3 [ ] STREAM CONNECTED 6341 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 6340
unix 3 [ ] STREAM CONNECTED 6242
unix 3 [ ] STREAM CONNECTED 6241
unix 2 [ ] DGRAM 6205
unix 2 [ ] DGRAM 6077
unix 2 [ ] DGRAM 5984
unix 2 [ ] DGRAM 5584
unix 3 [ ] STREAM CONNECTED 5122
unix 3 [ ] STREAM CONNECTED 5121
unix 2 [ ] DGRAM 5009
unix 2 [ ] DGRAM 4955
-----------------------------------------------------------------------------
# netstat -C
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 304 ::ffff:211.167.237.199:ssh ::ffff:221.216.165.189:1972 ESTABLISHED
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags Type State I-Node Path
unix 8 [ ] DGRAM 4943 /dev/log
unix 2 [ ] DGRAM 6374 @/var/run/hal/hotplug_socket
unix 2 [ ] DGRAM 2617 @udevd
unix 3 [ ] STREAM CONNECTED 8334
unix 3 [ ] STREAM CONNECTED 8333
unix 3 [ ] STREAM CONNECTED 6373 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 6372
unix 3 [ ] STREAM CONNECTED 6341 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 6340
unix 3 [ ] STREAM CONNECTED 6242
unix 3 [ ] STREAM CONNECTED 6241
unix 2 [ ] DGRAM 6205
unix 2 [ ] DGRAM 6077
unix 2 [ ] DGRAM 5984
unix 2 [ ] DGRAM 5584
unix 3 [ ] STREAM CONNECTED 5122
unix 3 [ ] STREAM CONNECTED 5121
unix 2 [ ] DGRAM 5009
unix 2 [ ] DGRAM 4955
--------------------------------------------------------------------
# netstat -N
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 256 ::ffff:211.167.237.199:ssh ::ffff:221.216.165.189:1972 ESTABLISHED
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags Type State I-Node Path
unix 8 [ ] DGRAM 4943 /dev/log
unix 2 [ ] DGRAM 6374 @/var/run/hal/hotplug_socket
unix 2 [ ] DGRAM 2617 @udevd
unix 3 [ ] STREAM CONNECTED 8334
unix 3 [ ] STREAM CONNECTED 8333
unix 3 [ ] STREAM CONNECTED 6373 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 6372
unix 3 [ ] STREAM CONNECTED 6341 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 6340
unix 3 [ ] STREAM CONNECTED 6242
unix 3 [ ] STREAM CONNECTED 6241
unix 2 [ ] DGRAM 6205
unix 2 [ ] DGRAM 6077
unix 2 [ ] DGRAM 5984
unix 2 [ ] DGRAM 5584
unix 3 [ ] STREAM CONNECTED 5122
unix 3 [ ] STREAM CONNECTED 5121
unix 2 [ ] DGRAM 5009
unix 2 [ ] DGRAM 4955
---------------------------------------------------------------------
# netstat -e
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State User Inode
tcp 0 320 ::ffff:211.167.237.199:ssh ::ffff:221.216.165.189:1972 ESTABLISHED root 8312
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags Type State I-Node Path
unix 8 [ ] DGRAM 4943 /dev/log
unix 2 [ ] DGRAM 6374 @/var/run/hal/hotplug_socket
unix 2 [ ] DGRAM 2617 @udevd
unix 3 [ ] STREAM CONNECTED 8334
unix 3 [ ] STREAM CONNECTED 8333
unix 3 [ ] STREAM CONNECTED 6373 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 6372
unix 3 [ ] STREAM CONNECTED 6341 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 6340
unix 3 [ ] STREAM CONNECTED 6242
unix 3 [ ] STREAM CONNECTED 6241
unix 2 [ ] DGRAM 6205
unix 2 [ ] DGRAM 6077
unix 2 [ ] DGRAM 5984
unix 2 [ ] DGRAM 5584
unix 3 [ ] STREAM CONNECTED 5122
unix 3 [ ] STREAM CONNECTED 5121
unix 2 [ ] DGRAM 5009
unix 2 [ ] DGRAM 4955
--------------------------------------------------------------------
·列出现有监听进程
# netstat -l
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *:32768 *:* LISTEN
tcp 0 0 *:32769 *:* LISTEN
tcp 0 0 *:nfs *:* LISTEN
tcp 0 0 cnscn:32771 *:* LISTEN
tcp 0 0 cnscn:32772 *:* LISTEN
tcp 0 0 *:mysql *:* LISTEN
tcp 0 0 *:970 *:* LISTEN
tcp 0 0 *:sunrpc *:* LISTEN
tcp 0 0 *:ftp *:* LISTEN
tcp 0 0 *:951 *:* LISTEN
tcp 0 0 cnscn:ipp *:* LISTEN
tcp 0 0 *:http *:* LISTEN
tcp 0 0 *:ssh *:* LISTEN
tcp 0 0 *:https *:* LISTEN
udp 0 0 *:32768 *:*
udp 0 0 *:nfs *:*
udp 0 0 *:32770 *:*
udp 0 0 cnscn:32771 *:*
udp 0 0 cnscn:32772 *:*
udp 0 0 cnscn:32773 *:*
udp 0 0 *:688 *:*
udp 0 0 *:948 *:*
udp 0 0 *:967 *:*
udp 0 0 *:sunrpc *:*
udp 0 0 *:ipp *:*
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 7602 /var/tmp/.oracle/sOracle_CSS_LclLstnr_localhost_0
unix 2 [ ACC ] STREAM LISTENING 5985 /dev/gpmctl
unix 2 [ ACC ] STREAM LISTENING 5250 /var/run/acpid.socket
unix 2 [ ACC ] STREAM LISTENING 6164 /tmp/.font-unix/fs7100
unix 2 [ ACC ] STREAM LISTENING 8344 /tmp/ssh-cgXAFE3426/agent.3426
unix 2 [ ACC ] STREAM LISTENING 5928 /var/lib/mysql/mysql.sock
unix 2 [ ACC ] STREAM LISTENING 6117 /var/run/iiim/.iiimp-unix/9010
unix 2 [ ACC ] STREAM LISTENING 6235 /var/run/dbus/system_bus_socket
---------------------------------------------------------------------
# netstat -s
Ip:
20033 total packets received
0 forwarded
0 incoming packets discarded
19925 incoming packets delivered
16887 requests sent out
Icmp:
4 ICMP messages received
1 input ICMP message failed.
ICMP input histogram:
destination unreachable: 1
echo requests: 2
echo replies: 1
8 ICMP messages sent
0 ICMP messages failed
ICMP output histogram:
destination unreachable: 6
echo replies: 2
Tcp:
1660 active connections openings
77 passive connection openings
0 failed connection attempts
23 connection resets received
1 connections established
6042 segments received
5977 segments send out
32 segments retransmited
1 bad segments received.
1722 resets sent
Udp:
10885 packets received
6 packets to unknown port received.
0 packet receive errors
10885 packets sent
TcpExt:
8 resets received for embryonic SYN_RECV sockets
ArpFilter: 0
56 TCP sockets finished time wait in fast timer
93 delayed acks sent
17 packets directly queued to recvmsg divqueue.
419 packets header divdicted
TCPPureAcks: 1021
TCPHPAcks: 298
TCPRenoRecovery: 0
TCPSackRecovery: 16
TCPSACKReneging: 0
TCPFACKReorder: 0
TCPSACKReorder: 0
TCPRenoReorder: 0
TCPTSReorder: 0
TCPFullUndo: 0
TCPPartialUndo: 0
TCPDSACKUndo: 0
TCPLossUndo: 0
TCPLoss: 1
TCPLostRetransmit: 0
TCPRenoFailures: 0
TCPSackFailures: 7
TCPLossFailures: 0
TCPFastRetrans: 18
TCPForwardRetrans: 0
TCPSlowStartRetrans: 2
TCPTimeouts: 5
TCPRenoRecoveryFail: 0
TCPSackRecoveryFail: 0
TCPSchedulerFailed: 0
TCPRcvCollapsed: 0
TCPDSACKOldSent: 1
TCPDSACKOfoSent: 0
TCPDSACKRecv: 1
TCPDSACKOfoRecv: 0
TCPAbortOnSyn: 0
TCPAbortOnData: 1655
TCPAbortOnClose: 5
TCPAbortOnMemory: 0
TCPAbortOnTimeout: 0
TCPAbortOnLinger: 0
TCPAbortFailed: 0
TCPMemoryPressures: 0
--------------------------------------------------------------------
·ports
# /home/tools/network/ports
1)TCP
Lcl port Rmt port Status Rmt IP Rmt host
------------------------------------------------------------------------------
32768= ? 0= zero 0A= LISTEN 0.0.0.0 local
32769= ? 0= zero 0A= LISTEN 0.0.0.0 local
2049= nfs 0= zero 0A= LISTEN 0.0.0.0 local
32771= ? 0= zero 0A= LISTEN 0.0.0.0 local
32772= ? 0= zero 0A= LISTEN 0.0.0.0 local
3306= mysql 0= zero 0A= LISTEN 0.0.0.0 local
970= ? 0= zero 0A= LISTEN 0.0.0.0 local
111= sunrpc 0= zero 0A= LISTEN 0.0.0.0 local
21= ftp 0= zero 0A= LISTEN 0.0.0.0 local
951= ? 0= zero 0A= LISTEN 0.0.0.0 local
631= ipp 0= zero 0A= LISTEN 0.0.0.0 local
2)UDP
Lcl port Rmt port Status Rmt IP Rmt host
------------------------------------------------------------------------------
32768= ? 0= zero 07= CLOSE 0.0.0.0 local
2049= nfs 0= zero 07= CLOSE 0.0.0.0 local
32770= ? 0= zero 07= CLOSE 0.0.0.0 local
32771= ? 0= zero 07= CLOSE 0.0.0.0 local
32772= ? 0= zero 07= CLOSE 0.0.0.0 local
32773= ? 0= zero 07= CLOSE 0.0.0.0 local
688= ? 0= zero 07= CLOSE 0.0.0.0 local
948= ? 0= zero 07= CLOSE 0.0.0.0 local
967= ? 0= zero 07= CLOSE 0.0.0.0 local
111= sunrpc 0= zero 07= CLOSE 0.0.0.0 local
631= ipp 0= zero 07= CLOSE 0.0.0.0 local
================================================================
·检查22端口的服务及访问连接
# lsof -i:22
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
sshd 2438 root 3u IPv6 5543 TCP *:ssh (LISTEN)
sshd 3424 root 3u IPv6 8312 TCP 211.167.237.199:ssh->221.216.165.189:1972 (ESTABLISHED)
--------------------------------------------------------------------
·查询命令mysqld_sa的所有进程
# lsof -c mysqld_sa
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
mysqld_sa 2529 root txt REG 3,5 616312 554965 /bin/bash
mysqld_sa 2529 root mem REG 3,5 1454835 424335 /lib/tls/libc-2.3.4.so
mysqld_sa 2529 root 255r REG 3,5 10912 865383 /usr/bin/mysqld_safe
--------------------------------------------------------------------
·查询一个进程在进行的命令
# lsof -p 1007
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
udevd 1007 root cwd DIR 3,5 4096 2 /
udevd 1007 root mem REG 3,5 56320 424434 /lib/libselinux.so.1
udevd 1007 root 5u unix 0xdf4f8300 2617 socket
---------------------------------------------------------------------
·按名称查询
# lsof names /var/log/httpd/error_log
lsof: status error on names: No such file or directory
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
httpd 2660 root 2w REG 3,5 18061 2515805 /var/log/httpd/error_log
httpd 2660 root 7w REG 3,5 18061 2515805 /var/log/httpd/error_log
---------------------------------------------------------------------
# netstat -h
usage: netstat [-veenNcCF] [<Af>] -r
netstat {-V|--version|-h|--help}
netstat [-vnNcaeol] [<Socket> ...]
netstat { [-veenNac] -i[<Iface>] | [-cnNe] -M | -s } [delay]
-r, --route display routing table
-i, --interfaces=[<Iface>] display interface table
-g, --groups display multicast group memberships
-s, --statistics display networking statistics (like SNMP)
-M, --masquerade display masqueraded connections
-v, --verbose be verbose
-n, --numeric don't resolve names
--numeric-hosts don't resolve host names
--numeric-ports don't resolve port names
--numeric-users don't resolve user names
-N, --symbolic resolve hardware names
-e, --extend display other/more information
-p, --programs display PID/Program name for sockets
-c, --continuous continuous listing
-l, --listening display listening server sockets
-a, --all, --listening display all sockets (default: connected)
-o, --timers display timers
-F, --fib display Forwarding Information Base (default)
-C, --cache display routing cache instead of FIB
<Iface>: Name of interface to monitor/list.
<Socket>={-t|--tcp} {-u|--udp} {-w|--raw} {-x|--unix} --ax25 --ipx --netrom
<AF>=Use '-A <af>' or '--<af>'; default: inet
List of possible address families (which support routing):
inet (DARPA Internet) inet6 (IPv6) ax25 (AMPR AX.25)
netrom (AMPR NET/ROM) ipx (Novell IPX) ddp (Appletalk DDP)
x25 (CCITT X.25)
# netstat -atuv | more
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *:32768 *:* LISTEN
tcp 0 0 *:32769 *:* LISTEN
tcp 0 0 *:nfs *:* LISTEN
tcp 0 0 cnscn:32771 *:* LISTEN
tcp 0 0 cnscn:32772 *:* LISTEN
tcp 0 0 *:mysql *:* LISTEN
tcp 0 0 *:970 *:* LISTEN
tcp 0 0 *:sunrpc *:* LISTEN
tcp 0 0 *:ftp *:* LISTEN
tcp 0 0 *:951 *:* LISTEN
tcp 0 0 cnscn:ipp *:* LISTEN
tcp 0 0 *:http *:* LISTEN
tcp 0 0 *:ssh *:* LISTEN
tcp 0 0 *:https *:* LISTEN
tcp 0 0 ::ffff:211.167.237.199:http ::ffff:221.216.165.189:2013 TIME_WAIT
udp 0 0 *:32768 *:*
udp 0 0 *:nfs *:*
udp 0 0 *:32770 *:*
udp 0 0 cnscn:32771 *:*
udp 0 0 cnscn:32772 *:*
udp 0 0 cnscn:32773 *:*
udp 0 0 *:688 *:*
udp 0 0 *:948 *:*
udp 0 0 *:967 *:*
udp 0 0 *:sunrpc *:*
udp 0 0 *:ipp *:*
·查看系统所有服务
# cat /etc/services
相关阅读 更多 +
