| 知乎專欄 | 多維度架構 | 微信號 netkiller-ebook | QQ群:128659835 請註明“讀者” |
列出所有的網絡連接
[root@netkiller neo]# lsof -i COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME php-fpm 2274 www 0u IPv4 96056019 0t0 TCP localhost:cslistener (LISTEN) php-fpm 2274 www 4u IPv4 688391009 0t0 TCP localhost:43483->localhost:27017 (ESTABLISHED) python3 4384 zabbix 6u IPv4 688769849 0t0 TCP iZ623qr3xctZ:zabbix-agent->10.26.6.18:50666 (ESTABLISHED) python3 4385 zabbix 6u IPv4 688769848 0t0 TCP iZ623qr3xctZ:zabbix-agent->10.26.6.18:50668 (ESTABLISHED) redis-ser 5170 redis 4u IPv4 5690059 0t0 TCP localhost:6379 (LISTEN) php-fpm 8277 www 0u IPv4 96056019 0t0 TCP localhost:cslistener (LISTEN) php-fpm 8277 www 4u IPv4 688149893 0t0 TCP localhost:60933->localhost:27017 (ESTABLISHED) php-fpm 8543 www 0u IPv4 96056019 0t0 TCP localhost:cslistener (LISTEN) beam.smp 9703 rabbitmq 8u IPv4 626401894 0t0 TCP *:25672 (LISTEN) beam.smp 9703 rabbitmq 9u IPv4 626401896 0t0 TCP localhost:42821->localhost:epmd (ESTABLISHED) beam.smp 9703 rabbitmq 17u IPv6 626403609 0t0 TCP *:amqp (LISTEN) beam.smp 9703 rabbitmq 18u IPv4 626402643 0t0 TCP *:15672 (LISTEN) beam.smp 9703 rabbitmq 20u IPv6 685257290 0t0 TCP localhost:amqp->localhost:57692 (ESTABLISHED) sshd 11227 root 3u IPv4 626404210 0t0 TCP *:ssh (LISTEN) ntpd 11646 ntp 16u IPv4 626409506 0t0 UDP *:ntp ntpd 11646 ntp 17u IPv6 626406239 0t0 UDP *:ntp ntpd 11646 ntp 18u IPv4 626406244 0t0 UDP localhost:ntp ntpd 11646 ntp 19u IPv4 626406245 0t0 UDP iZ623qr3xctZ:ntp ntpd 11646 ntp 20u IPv4 626406246 0t0 UDP iZ623qr3xctZ:ntp 5 列出所有的網絡連接/連接埠 [root@netkiller ~]# lsof -i COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME portreser 1698 root 5u IPv4 10656 0t0 UDP *:ldaps snmpd 1993 root 7u IPv4 12071 0t0 UDP *:snmp snmpd 1993 root 9u IPv4 12073 0t0 TCP localhost:smux (LISTEN) sshd 2005 root 3u IPv4 12109 0t0 TCP *:ssh (LISTEN)
什麼程序運行在22連接埠上
lsof -i :22
誰在聯繫連接埠
# lsof -i -a -c ssh COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME sshd 2843 root 3r IPv4 27960 0t0 TCP 192.168.6.9:ssh->192.168.6.30:55363 (ESTABLISHED) sshd 3003 root 3u IPv4 28864 0t0 TCP *:ssh (LISTEN) sshd 3003 root 4u IPv6 28866 0t0 TCP *:ssh (LISTEN)
$ lsof -i -a -c nginx COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME nginx 26222 www 8w IPv4 557827648 0t0 TCP 42.121.14.230:http->110.240.206.67:63482 (ESTABLISHED) nginx 26222 www 9u IPv4 557817283 0t0 TCP 42.121.14.230:http->27.106.154.202:18972 (ESTABLISHED) nginx 26222 www 10u IPv4 496452301 0t0 TCP *:http (LISTEN) nginx 26222 www 17u IPv4 557826020 0t0 TCP 42.121.14.230:http->210.177.78.33:62297 (ESTABLISHED) nginx 26222 www 18u IPv4 557827745 0t0 TCP 42.121.14.230:http->115.214.39.230:50628 (ESTABLISHED) nginx 26222 www 19u IPv4 557826475 0t0 TCP 42.121.14.230:http->183.160.124.225:57143 (ESTABLISHED) nginx 26222 www 20u IPv4 557827670 0t0 TCP 42.121.14.230:http->125.88.77.30:8956 (ESTABLISHED) nginx 26222 www 21u IPv4 557826122 0t0 TCP 42.121.14.230:http->116.24.229.173:rfid-rp1 (ESTABLISHED) nginx 26222 www 22u IPv4 557826127 0t0 TCP 42.121.14.230:http->119.137.141.76:21508 (ESTABLISHED) nginx 26222 www 23u IPv4 557826476 0t0 TCP 42.121.14.230:http->183.160.124.225:57144 (ESTABLISHED) nginx 26222 www 24u IPv4 557821930 0t0 TCP 42.121.14.230:http->210.21.127.136:52309 (ESTABLISHED) nginx 26222 www 25u IPv4 557826477 0t0 TCP 42.121.14.230:http->183.160.124.225:57145 (ESTABLISHED) nginx 26222 www 26u IPv4 557827693 0t0 TCP 42.121.14.230:http->111.227.215.135:18628 (ESTABLISHED)
通過進程ID監控網絡連接
$ lsof -i -a -p 26222 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME nginx 26222 www 8w IPv4 557827648 0t0 TCP 42.121.14.230:http->110.240.206.67:63482 (ESTABLISHED) nginx 26222 www 9u IPv4 557817283 0t0 TCP 42.121.14.230:http->27.106.154.202:18972 (ESTABLISHED) nginx 26222 www 10u IPv4 496452301 0t0 TCP *:http (LISTEN) nginx 26222 www 21u IPv4 557826122 0t0 TCP 42.121.14.230:http->116.24.229.173:rfid-rp1 (ESTABLISHED) nginx 26222 www 26u IPv4 557827693 0t0 TCP 42.121.14.230:http->111.227.215.135:18628 (ESTABLISHED) nginx 26222 www 31u IPv4 557798349 0t0 TCP 42.121.14.230:http->213.92.156.27.broad.fz.fj.dynamic.163data.com.cn:novation (ESTABLISHED) nginx 26222 www 33u IPv4 557807306 0t0 TCP 42.121.14.230:http->182.139.49.102:news (ESTABLISHED) nginx 26222 www 38u IPv4 557825270 0t0 TCP 42.121.14.230:http->122.71.50.188:43694 (ESTABLISHED) nginx 26222 www 40u IPv4 557817907 0t0 TCP 42.121.14.230:http->120.28.127.54:62009 (ESTABLISHED) nginx 26222 www 41u IPv4 557800691 0t0 TCP 42.121.14.230:http->27.190.185.75:60475 (ESTABLISHED)
UDP 監控
# lsof -i udp; COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME rpcbind 2431 rpc 6u IPv4 12483 0t0 UDP *:sunrpc rpcbind 2431 rpc 7u IPv4 12487 0t0 UDP *:kink rpcbind 2431 rpc 9u IPv6 12490 0t0 UDP *:sunrpc rpcbind 2431 rpc 10u IPv6 12492 0t0 UDP *:kink avahi-dae 2549 avahi 13u IPv4 12781 0t0 UDP *:mdns avahi-dae 2549 avahi 14u IPv4 12782 0t0 UDP *:45747 rpc.statd 2570 rpcuser 5u IPv4 13011 0t0 UDP *:asia rpc.statd 2570 rpcuser 8u IPv4 13015 0t0 UDP *:55218 rpc.statd 2570 rpcuser 10u IPv6 13023 0t0 UDP *:51236 openvpn 2594 nobody 5u IPv4 13060 0t0 UDP *:openvpn cupsd 2661 root 9u IPv4 13379 0t0 UDP *:ipp ntpd 2832 ntp 16u IPv4 14050 0t0 UDP *:ntp ntpd 2832 ntp 17u IPv6 14051 0t0 UDP *:ntp ntpd 2832 ntp 18u IPv6 14055 0t0 UDP localhost:ntp ntpd 2832 ntp 19u IPv6 14056 0t0 UDP [fe80::225:90ff:fe35:906c]:ntp ntpd 2832 ntp 20u IPv4 14057 0t0 UDP localhost:ntp ntpd 2832 ntp 21u IPv4 14058 0t0 UDP manager.repo:ntp ntpd 2832 ntp 22u IPv4 14059 0t0 UDP 10.8.0.1:ntp ntpd 2832 ntp 24u IPv4 15922 0t0 UDP 192.168.122.1:ntp ntpd 2832 ntp 25u IPv6 27224 0t0 UDP [fe80::fc54:ff:fe94:b3c2]:ntp ntpd 2832 ntp 26u IPv6 27225 0t0 UDP [fe80::fc54:ff:fe54:c9d2]:ntp ntpd 2832 ntp 27u IPv6 27948 0t0 UDP [fe80::fc54:ff:fe4e:a846]:ntp ntpd 2832 ntp 28u IPv6 28197 0t0 UDP [fe80::fc54:ff:fe19:c00e]:ntp ntpd 2832 ntp 29u IPv6 99178415 0t0 UDP [fe80::fc54:ff:fe5a:ace]:ntp ntpd 2832 ntp 30u IPv6 99179648 0t0 UDP [fe80::fc54:ff:fe68:54a0]:ntp ntpd 2832 ntp 31u IPv6 99180801 0t0 UDP [fe80::fc54:ff:fed6:3593]:ntp postmaste 3391 postgres 9u IPv6 15004 0t0 UDP localhost:56631->localhost:56631 postmaste 3395 postgres 9u IPv6 15004 0t0 UDP localhost:56631->localhost:56631 postmaste 3396 postgres 9u IPv6 15004 0t0 UDP localhost:56631->localhost:56631 postmaste 3397 postgres 9u IPv6 15004 0t0 UDP localhost:56631->localhost:56631 postmaste 3398 postgres 9u IPv6 15004 0t0 UDP localhost:56631->localhost:56631 postmaste 3399 postgres 9u IPv6 15004 0t0 UDP localhost:56631->localhost:56631 dnsmasq 3647 nobody 5u IPv4 15671 0t0 UDP *:bootps dnsmasq 3647 nobody 7u IPv4 15680 0t0 UDP 192.168.122.1:domain
TCP 監控
lsof -i tcp;
特定的tcp/udp連接埠, 監控 udp 連接埠 123
[root@netkiller neo]# lsof -i udp:123 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME ntpd 11646 ntp 16u IPv4 626409506 0t0 UDP *:ntp ntpd 11646 ntp 17u IPv6 626406239 0t0 UDP *:ntp ntpd 11646 ntp 18u IPv4 626406244 0t0 UDP localhost:ntp ntpd 11646 ntp 19u IPv4 626406245 0t0 UDP iZ623qr3xctZ:ntp ntpd 11646 ntp 20u IPv4 626406246 0t0 UDP iZ623qr3xctZ:ntp 檢測某個連接埠所占用的進程,如22連接埠 [root@netkiller ~]# lsof -i :22 [root@netkiller ~]# lsof -i udp:53
列出所有tcp/UDP 網絡連接信息
[root@netkiller ~]# lsof -i tcp/udp
列出nginx用戶活躍的連結
[root@netkiller neo]# lsof -a -u nginx -i COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME nginx 20536 nginx 19u IPv4 686393040 0t0 TCP *:http (LISTEN) nginx 20536 nginx 20u IPv4 686393041 0t0 TCP *:https (LISTEN) nginx 20536 nginx 42u IPv4 688774445 0t0 TCP iZ623qr3xctZ:http->112.224.19.79:32751 (ESTABLISHED) nginx 20536 nginx 49u IPv4 688774400 0t0 TCP iZ623qr3xctZ:http->117.156.4.113:58212 (ESTABLISHED) nginx 20536 nginx 52u IPv4 688774494 0t0 TCP iZ623qr3xctZ:http->112.224.19.79:32753 (ESTABLISHED) nginx 20536 nginx 53u IPv4 688774495 0t0 TCP iZ623qr3xctZ:http->112.224.19.79:32752 (ESTABLISHED) nginx 20536 nginx 54u IPv4 688774555 0t0 TCP iZ623qr3xctZ:http->113.128.232.89:37529 (ESTABLISHED) nginx 20536 nginx 55u IPv4 688774497 0t0 TCP iZ623qr3xctZ:http->112.224.19.79:32754 (ESTABLISHED) nginx 20536 nginx 56u IPv4 688774556 0t0 TCP iZ623qr3xctZ:http->113.128.232.89:37530 (ESTABLISHED) nginx 20536 nginx 58u IPv4 688774500 0t0 TCP iZ623qr3xctZ:http->112.224.19.79:32755 (ESTABLISHED) nginx 20536 nginx 60u IPv4 688778242 0t0 TCP iZ623qr3xctZ:http->113.128.232.89:37532 (ESTABLISHED) nginx 20536 nginx 61u IPv4 688774559 0t0 TCP iZ623qr3xctZ:http->113.128.232.89:37528 (ESTABLISHED) nginx 20536 nginx 64u IPv4 688774562 0t0 TCP iZ623qr3xctZ:http->113.128.232.89:37531 (ESTABLISHED) nginx 20537 nginx 19u IPv4 686393040 0t0 TCP *:http (LISTEN) nginx 20537 nginx 20u IPv4 686393041 0t0 TCP *:https (LISTEN) nginx 20538 nginx 19u IPv4 686393040 0t0 TCP *:http (LISTEN) nginx 20538 nginx 20u IPv4 686393041 0t0 TCP *:https (LISTEN) nginx 20539 nginx 18u IPv4 688777804 0t0 TCP iZ623qr3xctZ:http->39.187.213.246:49624 (ESTABLISHED) nginx 20539 nginx 19u IPv4 686393040 0t0 TCP *:http (LISTEN) nginx 20539 nginx 20u IPv4 686393041 0t0 TCP *:https (LISTEN)