在Linux中查看进程占⽤的端⼝号
对于 Linux 系统管理员来说,清楚某个服务是否正确地绑定或监听某个端⼝,是⾄关重要的。如果你需要处理端⼝相关的问题,这篇⽂章可能会对你有⽤。
端⼝是 Linux 系统上特定进程之间逻辑连接的标识,包括物理端⼝和软件端⼝。由于 Linux 操作系统是⼀个软件,因此本⽂只讨论软件端⼝。软件端⼝始终与主机的 IP 地址和相关的通信协议相关联,因此端⼝常⽤于区分应⽤程序。⼤部分涉及到⽹络的服务都必须打开⼀个套接字来监听传⼊的⽹络请求,⽽每个服务都使⽤⼀个独⽴的套接字。
套接字是和 IP 地址、软件端⼝和协议结合起来使⽤的,⽽端⼝号对传输控制协议(TCP)和⽤户数据报协议(UDP)协议都适⽤,TCP 和 UDP 都可以使⽤ 0 到 65535 之间的端⼝号进⾏通信。
以下是端⼝分配类别:
0 - 1023:常⽤端⼝和系统端⼝
1024 - 49151:软件的注册端⼝冬天的词语
49152 - 65535:动态端⼝或私有端⼝
端口被占用在 Linux 上的 /etc/services ⽂件可以查看到更多关于保留端⼝的信息。
# less /etc/services
# /etc/services:
# $Id: services,v 1.55 2013/04/14 ovasik Exp $
# Network services, Internet style
# IANA services version: last updated 2013-04-10
# Note that it is presently the policy of IANA to assign a single well-known
# port number for both TCP and UDP; hence, most entries here have two entries
# even if the protocol doesn't support UDP operations.
# Updated from RFC 1700, ``Assigned Numbers'' (October 1994). Not all ports
# are included, only the more common ones.
# The latest IANA port assignments can be gotten from
# /assignments/port-numbers
# The Well Known Ports are those from 0 through 1023.
# The Registered Ports are those from 1024 through 49151
# The Dynamic and/or Private Ports are those from 49152 through 65535
# Each line describes one service, and is of the form:
# service-name port/protocol [aliases ...] [# comment]
tcpmux 1/tcp # TCP port service multiplexer
tcpmux 1/udp # TCP port service multiplexer
rje 5/tcp # Remote Job Entry
rje 5/udp # Remote Job Entry
echo 7/tcp
echo 7/udp
discard 9/tcp sink null
discard 9/udp sink null
systat 11/tcp users
systat 11/udp users
daytime 13/tcp
daytime 13/udp
qotd 17/tcp quote
qotd 17/udp quote
msp 18/tcp # message send protocol (historic)
msp 18/udp # message send protocol (historic)
chargen 19/tcp ttytst source
chargen 19/udp ttytst source
ftp-data 20/tcp
ftp-data 20/udp
# 21 is registered to ftp, but also used by fsp
ftp 21/tcp
ftp 21/udp fsp fspd
ssh 22/tcp # The Secure Shell (SSH) Protocol
ssh 22/udp # The Secure Shell (SSH) Protocol
telnet 23/tcp
telnet 23/udp
# 24 - private mail system
lmtp 24/tcp # LMTP Mail Delivery
lmtp 24/udp # LMTP Mail Delivery
可以使⽤以下六种⽅法查看端⼝信息。
ss:可以⽤于转储套接字统计信息。
netstat:可以显⽰打开的套接字列表。
lsof:可以列出打开的⽂件。
fuser:可以列出那些打开了⽂件的进程的进程 ID。
怎么去水印nmap:是⽹络检测⼯具和端⼝扫描程序。
systemctl:是 systemd 系统的控制管理器和服务管理器。
以下我们将出 sshd 守护进程所使⽤的端⼝号。
⽅法 1:使⽤ ss 命令
ss ⼀般⽤于转储套接字统计信息。它能够输出类似于 netstat 输出的信息,但它可以⽐其它⼯具显⽰更多的 TCP 信息和状态信息。
它还可以显⽰所有类型的套接字统计信息,包括 PACKET、TCP、UDP、DCCP、RAW、Unix 域等。
# ss -tnlp | grep ssh
国内十大男装品牌LISTEN 0 128 *:22 *:* users:(("sshd",pid=997,fd=3))
LISTEN 0 128 :::22 :::* users:(("sshd",pid=997,fd=4))
也可以使⽤端⼝号来检查。
# ss -tnlp | grep ":22"
LISTEN 0 128 *:22 *:* users:(("sshd",pid=997,fd=3))
LISTEN 0 128 :::22 :::* users:(("sshd",pid=997,fd=4))
⽅法 2:使⽤ netstat 命令
netstat 能够显⽰⽹络连接、路由表、接⼝统计信息、伪装连接以及多播成员。
默认情况下,netstat 会列出打开的套接字。如果不指定任何地址族,则会显⽰所有已配置地址族的活动套接字。但 netstat 已经过时了,⼀般会使⽤ ss 来替代。
# netstat -tnlp | grep ssh
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 997/sshd
tcp6 0 0 :::22 :::* LISTEN 997/sshd
也可以使⽤端⼝号来检查。
# netstat -tnlp | grep ":22"
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1208/sshd
tcp6 0 0 :::22 :::* LISTEN 1208/sshd
⽅法 3:使⽤ lsof 命令
lsof 能够列出打开的⽂件,并列出系统上被进程打开的⽂件的相关信息。
# lsof -i -P | grep ssh
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
sshd 11584 root 3u IPv4 27625 0t0 TCP *:22 (LISTEN)
sshd 11584 root 4u IPv6 27627 0t0 TCP *:22 (LISTEN)
sshd 11592 root 3u IPv4 27744 0t0 TCP vps.2daygeek:ssh->103.5.134.167:49902 (ESTABLISHED)
也可以使⽤端⼝号来检查。
# lsof -i tcp:22
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
sshd 1208 root 3u IPv4 20919 0t0 TCP *:ssh (LISTEN)
sshd 1208 root 4u IPv6 20921 0t0 TCP *:ssh (LISTEN)
sshd 11592 root 3u IPv4 27744 0t0 TCP vps.2daygeek:ssh->103.5.134.167:49902 (ESTABLISHED)
⽅法 4:使⽤ fuser 命令
fuser ⼯具会将本地系统上打开了⽂件的进程的进程 ID 显⽰在标准输出中。
# fuser -v 22/tcp
USER PID ACCESS COMMAND
22/tcp: root sshd
root sshd
OLED电视root sshd
⽅法 5:使⽤ nmap 命令
nmap(“Network Mapper”)是⼀款⽤于⽹络检测和安全审计的开源⼯具。它最初⽤于对⼤型⽹络进⾏快速扫描,但它对于单个主机的扫描也有很好的表现。
nmap 使⽤原始 IP 数据包来确定⽹络上可⽤的主机,这些主机的服务(包括应⽤程序名称和版本)、主机运⾏的操作系统(包
括操作系统版本等信息)、正在使⽤的数据包过滤器或防⽕墙的类型,以及很多其它信息。
# nmap -sV -p 22 localhost
Starting Nmap 6.40 ( ) at 2018-09-23 12:36 IST
Nmap scan report for localhost (127.0.0.1)
描写人多的四字词语Host is up (0.000089s latency).
Other addresses for localhost (not scanned): 127.0.0.1
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 7.4 (protocol 2.0)
Service detection performed. Please report any incorrect results at /submit/ .
Nmap done: 1 IP address (1 host up) scanned in 0.44 seconds
⽅法 6:使⽤ systemctl 命令
systemctl 是 systemd 系统的控制管理器和服务管理器。它取代了旧的 SysV 初始化系统管理,⽬前⼤多数现代 Linux 操作系统都采⽤了 systemd。
# systemctl status sshd
● sshd.service - OpenSSH server daemon
Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled)
Active: active (running) since Sun 2018-09-23 02:08:56 EDT; 6h 11min ago
Docs: man:sshd(8)
man:sshd_config(5)
Main PID: 11584 (sshd)
CGroup: /system.slice/sshd.service
└─11584 /usr/sbin/sshd -D
Sep 23 02:08:56 vps.2daygeek systemd[1]: Starting OpenSSH
Sep 23 02:08:56 vps.2daygeek sshd[11584]: Server listening on 0.0.0.0 port 22.
Sep 23 02:08:56 vps.2daygeek sshd[11584]: Server listening on :: port 22.
Sep 23 02:08:56 vps.2daygeek systemd[1]: Started OpenSSH server daemon.
Sep 23 02:09:15 vps.2daygeek sshd[11589]: Connection closed by 103.5.134.167 port 49899 [preauth]
Sep 23 02:09:41 vps.2daygeek sshd[11592]: Accepted password for root from 103.5.134.167 port 49902 ssh2
以上输出的内容显⽰了最近⼀次启动 sshd 服务时 ssh 服务的监听端⼝。但它不会将最新⽇志更新到输出中。
# systemctl status sshd
● sshd.service - OpenSSH server daemon
Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2018-09-06 07:40:59 IST; 2 weeks 3 days ago
Docs: man:sshd(8)
man:sshd_config(5)
Main PID: 1208 (sshd)
CGroup: /system.slice/sshd.service
├─ 1208 /usr/sbin/sshd -D
├─23951 sshd: [accepted]
└─23952 sshd: [net]
Sep 23 12:50:36 vps.2daygeek sshd[23909]: Invalid user pi from 95.210.113.142 port 51666
Sep 23 12:50:36 vps.2daygeek sshd[23909]: input_userauth_request: invalid user pi [preauth]
Sep 23 12:50:37 vps.2daygeek sshd[23911]: pam_unix(sshd:auth): check pass; user unknown
Sep 23 12:50:37 vps.2daygeek sshd[23911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.210.113.142 Sep 23 12:50:37 vps.2daygeek sshd[23909]: pam_unix(sshd:auth): check pass; user unknown
Sep 23 12:50:37 vps.2daygeek sshd[23909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.210.113.142 Sep 23 12:50:39 vps.2daygeek sshd[23911]: Failed password for invalid user pi from 95.210.113.142 port 51670 ssh2
Sep 23 12:50:39 vps.2daygeek sshd[23909]: Failed password for invalid user pi from 95.210.113.142 port 51666 ssh2
Sep 23 12:50:40 vps.2daygeek sshd[23911]: Connection closed by 95.210.113.142 port 51670 [preauth]
Sep 23 12:50:40 vps.2daygeek sshd[23909]: Connection closed by 95.210.113.142 port 51666 [preauth]
⼤部分情况下,以上的输出不会显⽰进程的实际端⼝号。这时更建议使⽤以下这个 journalctl 命令检查⽇志⽂件中的详细信息。# journalctl | grep -i "openssh|sshd"
Sep 23 02:08:56 vps138235.vps.ovh.ca sshd[997]: Received signal 15; terminating.
Sep 23 02:08:56 vps138235.vps.ovh.ca systemd[1]: Stopping OpenSSH
Sep 23 02:08:56 vps138235.vps.ovh.ca systemd[1]: Starting OpenSSH
Sep 23 02:08:56 vps138235.vps.ovh.ca sshd[11584]: Server listening on 0.0.0.0 port 22.
Sep 23 02:08:56 vps138235.vps.ovh.ca sshd[11584]: Server listening on :: port 22.
Sep 23 02:08:56 vps138235.vps.ovh.ca systemd[1]: Started OpenSSH server daemon.
总结
以上就是这篇⽂章的全部内容了,希望本⽂的内容对⼤家的学习或者⼯作具有⼀定的参考学习价值,
谢谢⼤家对的⽀持。如果你想了解更多相关内容请查看下⾯相关链接
版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系QQ:729038198,我们将在24小时内删除。
发表评论