分享1个Linux命令lsof
分享1个Linux命令lsof
首先看这个 http://www.2cto.com/os/201108/100604.html
关于lsof,网管员应该了解以下这个用法:
# 显示当前SSH的连接用户和源IP地址
$ sudo lsof -n | grep sshd | grep TCP | cut -c18-28,70-
root TCP *:22 (LISTEN)
root TCP *:22 (LISTEN)
root TCP 1.2.3.4:22->6.7.8.9:2544 (ESTABLISHED)
huangwei TCP 1.2.3.4:22->6.7.8.9:2544 (ESTABLISHED)
root TCP 1.2.3.4:22->6.7.8.9:29340 (ESTABLISHED)
huangwei TCP 1.2.3.4:22->6.7.8.9:29340 (ESTABLISHED)
root TCP 1.2.3.4:22->6.7.8.9:33223 (ESTABLISHED)
huangwei TCP 1.2.3.4:22->6.7.8.9:33223 (ESTABLISHED)
huangwei TCP [::1]:cisco-sccp (LISTEN)
huangwei TCP 127.0.0.1:cisco-sccp (LISTEN)
huangwei TCP 1.2.3.4:40183->74.125.227.8:https (ESTABLISHED)
root TCP 1.2.3.4:22->6.7.8.9:43698 (ESTABLISHED)
huangwei TCP 1.2.3.4:22->6.7.8.9:43698 (ESTABLISHED)
root TCP 1.2.3.4:22->6.7.8.9:44943 (ESTABLISHED)
huangwei TCP 1.2.3.4:22->6.7.8.9:44943 (ESTABLISHED)
huangwei TCP 1.2.3.4:38038->74.125.227.20:www (ESTABLISHED)
看看是谁在大量并发连接呢?
DDoS?网站管理员的噩梦!一条”简单”命令就能找出script kids?看过来:
$ sudo netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -nr
8 192.168.0.218
7 192.168.0.38
6 192.168.0.14
6 0.0.0.0
2 192.168.0.166
2 192.168.0.110
2 192.168.0.10
1 192.168.232.223
1 192.168.0.70
1 192.168.0.6
1 192.168.0.50
1 192.168.0.22
1 192.168.0.210
1 192.168.0.194
看看现在服务器打开了多少端口?看过来:
$ sudo lsof -i
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
mysqld 1190 mysql 10u IPv4 5022 0t0 TCP localhost:mysql (LISTEN)
apache2 1347 root 3u IPv4 5327 0t0 TCP *:www (LISTEN)
svnserve 1759 svn 3u IPv4 6612 0t0 TCP ooxx-vpn:svn (LISTEN)
sshd 2583 root 3r IPv4 1194924 0t0 TCP 192.168.1.176:8822->192.168.2.223:40876 (ESTABLISHED)
sshd 2651 huangwei 3u IPv4 1194924 0t0 TCP 192.168.1.176:8822->192.168.2.223:40876 (ESTABLISHED)
apache2 2714 www-data 3u IPv4 5327 0t0 TCP *:www (LISTEN)
apache2 2715 www-data 3u IPv4 5327 0t0 TCP *:www (LISTEN)
apache2 2722 www-data 3u IPv4 5327 0t0 TCP *:www (LISTEN)
apache2 2722 www-data 11u IPv4 1198941 0t0 TCP ooxx-vpn:www->192.168.0.50:4068 (ESTABLISHED)
apache2 2723 www-data 3u IPv4 5327 0t0 TCP *:www (LISTEN)
apache2 2725 www-data 3u IPv4 5327 0t0 TCP *:www (LISTEN)
apache2 2725 www-data 11u IPv4 1198939 0t0 TCP ooxx-vpn:www->192.168.0.194:15397 (ESTABLISHED)
apache2 2734 www-data 3u IPv4 5327 0t0 TCP *:www (LISTEN)
apache2 2809 www-data 3u IPv4 5327 0t0 TCP *:www (LISTEN)
apache2 2809 www-data 11u IPv4 1198940 0t0 TCP ooxx-vpn:www->192.168.0.218:1521 (ESTABLISHED)
apache2 2810 www-data 3u IPv4 5327 0t0 TCP *:www (LISTEN)
apache2 2811 www-data 3u IPv4 5327 0t0 TCP *:www (LISTEN)
apache2 2818 www-data 3u IPv4 5327 0t0 TCP *:www (LISTEN)
apache2 2819 www-data 3u IPv4 5327 0t0 TCP *:www (LISTEN)
apache2 2845 www-data 3u IPv4 5327 0t0 TCP *:www (LISTEN)
apache2 2845 www-data 11u IPv4 1198938 0t0 TCP ooxx-vpn:www->192.168.0.14:36802 (ESTABLISHED)
proftpd 7191 ftp 0u IPv4 29954 0t0 TCP ooxx-vpn:ftp (LISTEN)
sshd 9720 root 3u IPv4 47070 0t0 TCP *:8822 (LISTEN)
sshd 9720 root 4u IPv6 47072 0t0 TCP *:8822 (LISTEN)
svnserve 11217 svn 4u IPv4 1019658 0t0 TCP ooxx-vpn:svn->192.168.0.166:6211 (ESTABLISHED)
svnserve 11350 svn 4u IPv4 1020389 0t0 TCP ooxx-vpn:svn->192.168.0.166:6286 (ESTABLISHED)
svnserve 12706 svn 4u IPv4 627093 0t0 TCP ooxx-vpn:svn->192.168.0.22:1084 (ESTABLISHED)
看看本机上所有占用 TCP 80端口的应用程序
$ sudo lsof -i tcp:80
样例输出如下:
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
apache2 2827 www-data 3u IPv4 1609898 0t0 TCP *:www (LISTEN)
apache2 2827 www-data 11u IPv4 2026780 0t0 TCP ooxx-vpn:www->192.168.0.22:14949 (ESTABLISHED)
apache2 2875 www-data 3u IPv4 1609898 0t0 TCP *:www (LISTEN)
apache2 2919 www-data 3u IPv4 1609898 0t0 TCP *:www (LISTEN)
apache2 2920 www-data 3u IPv4 1609898 0t0 TCP *:www (LISTEN)
apache2 2921 www-data 3u IPv4 1609898 0t0 TCP *:www (LISTEN)
apache2 2924 www-data 3u IPv4 1609898 0t0 TCP *:www (LISTEN)
apache2 2926 www-data 3u IPv4 1609898 0t0 TCP *:www (LISTEN)
apache2 2928 www-data 3u IPv4 1609898 0t0 TCP *:www (LISTEN)
apache2 2930 www-data 3u IPv4 1609898 0t0 TCP *:www (LISTEN)
apache2 2932 www-data 3u IPv4 1609898 0t0 TCP *:www (LISTEN)
apache2 2933 www-data 3u IPv4 1609898 0t0 TCP *:www (LISTEN)
apache2 26081 root 3u IPv4 1609898 0t0 TCP *:www (LISTEN)
猪在笑
评论暂时关闭