Linux查看端口號ss和losf指令
SS指令
ss是Socket Statistics的縮寫。顧名思義,ss命令可以用來獲取socket統計信息,它可以顯示和netstat類似的內容。ss的優勢在於它能夠顯示更多更詳細的有關TCP和連接狀態的信息,而且比netstat更快速更高效。
1- 全部命令參數
Usage: ss [ OPTIONS ] ss [ OPTIONS ] [ FILTER ] -h, --help this message -V, --version output version information -n, --numeric don't resolve service names -r, --resolve resolve host names -a, --all display all sockets -l, --listening display listening sockets -o, --options show timer information -e, --extended show detailed socket information -m, --memory show socket memory usage -p, --processes show process using socket -i, --info show internal TCP information -s, --summary show socket usage summary -b, --bpf show bpf filter socket information -E, --events continually display sockets as they are destroyed -Z, --context display process SELinux security contexts -z, --contexts display process and socket SELinux security contexts -N, --net switch to the specified network namespace name -4, --ipv4 display only IP version 4 sockets -6, --ipv6 display only IP version 6 sockets -0, --packet display PACKET sockets -t, --tcp display only TCP sockets -S, --sctp display only SCTP sockets -u, --udp display only UDP sockets -d, --dccp display only DCCP sockets -w, --raw display only RAW sockets -x, --unix display only Unix domain sockets --vsock display only vsock sockets -f, --family=FAMILY display sockets of type FAMILY FAMILY := {inet|inet6|link|unix|netlink|vsock|help} -K, --kill forcibly close sockets, display what was closed -H, --no-header Suppress header line -A, --query=QUERY, --socket=QUERY QUERY := {all|inet|tcp|udp|raw|unix|unix_dgram|unix_stream|unix_seqpacket|packet|netlink|vsock_stream|vsock_dgram}[,QUERY] -D, --diag=FILE Dump raw information about TCP sockets to FILE -F, --filter=FILE read filter information from FILE FILTER := [ state STATE-FILTER ] [ EXPRESSION ] STATE-FILTER := {all|connected|synchronized|bucket|big|TCP-STATES} TCP-STATES := {established|syn-sent|syn-recv|fin-wait-{1,2}|time-wait|closed|close-wait|last-ack|listen|closing} connected := {established|syn-sent|syn-recv|fin-wait-{1,2}|time-wait|close-wait|last-ack|closing} synchronized := {established|syn-recv|fin-wait-{1,2}|time-wait|close-wait|last-ack|closing} bucket := {syn-recv|time-wait} big := {established|syn-sent|fin-wait-{1,2}|closed|close-wait|last-ack|listen|closing}
2-常用命令參數
-n, --numeric don't resolve service names -r, --resolve resolve host names -a, --all display all sockets -l, --listening display listening sockets -s, --summary show socket usage summary -p, --processes show process using socket -t, --tcp display only TCP sockets
3-示例:ss -lntps | grep 22; 查看被監聽的TCP socket,不解析服務名稱,並展示使用概要
[root@izbp10ebr6tsvo83iahgzdz ~]# ss -lntps | grep 22 LISTEN 0 128 *:22 *:* users:(("sshd",pid=5376,fd=3)) LISTEN 0 50 *:39171 *:* users:(("java",pid=5622,fd=84)) LISTEN 0 50 192.168.0.162:9092 *:* users:(("java",pid=5622,fd=100))
losf指令
lsof(list open files)是一個查看進程打開的文件的工具。
在 linux 系統中,一切皆文件。通過文件不僅僅可以訪問常規數據,還可以訪問網絡連接和硬件。所以 lsof 命令不僅可以查看進程打開的文件、目錄,還可以查看進程監聽的端口等 socket 相關的信息。本文將介紹 lsof 命令的基本用法,本文中 demo 的演示環境為 ubuntu 18.04。
1-全部指令
usage: [-?abhKlnNoOPRtUvVX] [+|-c c] [+|-d s] [+D D] [+|-f[gG]] [+|-e s] [-F [f]] [-g [s]] [-i [i]] [+|-L [l]] [+m [m]] [+|-M] [-o [o]] [-p s] [+|-r [t]] [-s [p:s]] [-S [t]] [-T [t]] [-u s] [+|-w] [-x [fl]] [--] [names] Defaults in parentheses; comma-separated set (s) items; dash-separated ranges. -?|-h list help -a AND selections (OR) -b avoid kernel blocks -c c cmd c ^c /c/[bix] +c w COMMAND width (9) +d s dir s files -d s select by FD set +D D dir D tree *SLOW?* +|-e s exempt s *RISKY* -i select IPv[46] files -K list tasKs (threads) -l list UID numbers -n no host names -N select NFS files -o list file offset -O no overhead *RISKY* -P no port names -R list paRent PID -s list file size -t terse listing -T disable TCP/TPI info -U select Unix socket -v list version info -V verbose search +|-w Warnings (+) -X skip TCP&UDP* files -Z Z context [Z] -- end option scan +f|-f +filesystem or -file names +|-f[gG] flaGs -F [f] select fields; -F? for help +|-L [l] list (+) suppress (-) link counts < l (0 = all; default = 0) +m [m] use|create mount supplement +|-M portMap registration (-) -o o o 0t offset digits (8) -p s exclude(^)|select PIDs -S [t] t second stat timeout (15) -T qs TCP/TPI Q,St (s) info -g [s] exclude(^)|select and print process group IDs -i i select by IPv[46] address: [46][proto][@host|addr][:svc_list|port_list] +|-r [t[m<fmt>]] repeat every t seconds (15); + until no files, - forever. An optional suffix to t is m<fmt>; m must separate t from <fmt> and <fmt> is an strftime(3) format for the marker line. -s p:s exclude(^)|select protocol (p = TCP|UDP) states by name(s). -u s exclude(^)|select login|UID set s -x [fl] cross over +d|+D File systems or symbolic Links names select named files or files on named file systems Anyone can list all files; /dev warnings disabled; kernel ID check disabled.
2- 示例lsof -i:80; 查看80端口號使用情況
[root@izbp10ebr6tsvo83iahgzdz ~]# lsof -i:80 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME AliYunDun 1361 root 23u IPv4 138060354 0t0 TCP izbp10ebr6tsvo83iahgzdz:57616->100.100.30.25:http (ESTABLISHED) java 26371 root 52u IPv4 148249126 0t0 TCP *:http (LISTEN) java 26371 root 82u IPv4 148614502 0t0 TCP izbp10ebr6tsvo83iahgzdz:36182->223.71.183.165:http (CLOSE_WAIT) java 26371 root 87u IPv4 149877148 0t0 TCP izbp10ebr6tsvo83iahgzdz:34042->223.71.183.170:http (CLOSE_WAIT) java 26371 root 96u IPv4 149724978 0t0 TCP izbp10ebr6tsvo83iahgzdz:48287->47.111.38.212:http (CLOSE_WAIT)
3-lsof輸出各列信息的意義如下:
COMMAND:進程的名稱 PID:進程標識符
USER:進程所有者
FD:文件描述符,應用程序通過文件描述符識別該文件。如cwd、txt等 TYPE:文件類型,如DIR、REG等
DEVICE:指定磁盤的名稱
SIZE:文件的大小
NODE:索引節點(文件在磁盤上的標識)
NAME:打開文件的確切名稱
FD 列中的文件描述符cwd 值表示應用程序的當前工作目錄,這是該應用程序啟動的目錄,除非它本身對這個目錄進行更改,txt 類型的文件是程序代碼,如應用程序二進制文件本身或共享庫,如上列表中顯示的 /sbin/init 程序。
END