如何知道通过特定端口连接到我的机器的进程

2024-6-9 • tag-icon

使用以下命令我想获取通过端口 8088 连接到我的机器上的 IP

18.23.292.9是运行资源管理器服务且端口 8088 的计算机

ss -tanp | grep 8088 | grep ESTAB
ESTAB      0      0      18.23.292.9:8088               118.2.291.2:52874               users:(("java",pid=13970,fd=829))
ESTAB      0      0      18.23.292.9:8088               110.6.52.2:56379               users:(("java",pid=13970,fd=668))
ESTAB      0      0      18.23.292.9:8088               110.6.52.2:52337               users:(("java",pid=13970,fd=666))
ESTAB      0      0      18.23.292.9:8088               118.2.280:34088               users:(("java",pid=13970,fd=790))
ESTAB      0      0      18.23.292.9:8088               110.6.52.2:59794               users:(("java",pid=13970,fd=660))
ESTAB      0      0      18.23.292.9:8088               110.6.52.2:59415               users:(("java",pid=13970,fd=665))
ESTAB      0      0      18.23.292.9:8088               118.2.279:53610               users:(("java",pid=13970,fd=750))
ESTAB      0      0      18.23.292.9:8088               110.6.52.2:63875               users:(("java",pid=13970,fd=661))
ESTAB      0      0      18.23.292.9:8088               110.6.52.2:50267               users:(("java",pid=13970,fd=667))

现在我想知道远程计算机上的哪些应用程序/服务实际上连接到端口 8088

原因是我们看到许多连接到端口 8088，我们想知道哪些进程尝试连接

机器如下例118.2.291.2， 110.6.52.2等等

同时我创建了以下脚本，但没有成功，该脚本捕获所连接机器的IP和端口

#!/bin/bash


port=`  netstat -anp | grep :8088 | grep ESTAB | head -1 | awk '{print $5}' | sed s'/:/ /g' | awk '{print $2}' ` ; IP=` netstat -nape | grep $port | awk '{print $5}' | sed s'/:/ /g' | awk '
{print $1}' `
export PORT=` netstat -nape | grep $port | awk '{print $5}' | sed s'/:/ /g' | awk '{print $2}' `

echo $IP
echo $PORT

也许还有其他好例子

这是一个很好的例子，如何找出 Linux 中哪个进程当前正在使用某个端口。我们还得到了已连接的机器列表（在右侧）

lsof -i tcp:8088
COMMAND   PID   USER   FD   TYPE     DEVICE SIZE/OFF NODE NAME
java    13970   yarn  396u  IPv4 1052681821      0t0  TCP *:radan-http (LISTEN)
java    13970   yarn  559u  IPv4 1201044836      0t0  TCP master02.bigdata130.cgnt:radan-http->worker01.TATA130.cgnt:47506 (ESTABLISHED)
java    13970   yarn  617u  IPv4 1201044953      0t0  TCP master02.TATA130.com:radan-http->master03.TATA130.com:33736 (ESTABLISHED)
java    13970   yarn  621u  IPv4 1200925788      0t0  TCP master02.TATA130.com:radan-http->master01.TATA130.com:37762 (ESTABLISHED)
java    13970   yarn  631u  IPv4 1201038517      0t0  TCP master02.TATA130.com:radan-http->master02.TATA130.com:56258 (ESTABLISHED)
java    13970   yarn  634u  IPv4 1201046323      0t0  TCP master02.TATA130.com:radan-http->master02.TATA130.com:56272 (ESTABLISHED)
java    13970   yarn  635u  IPv4 1201038518      0t0  TCP master02.TATA130.com:radan-http->master02.TATA130.com:56270 (ESTABLISHED)
java    13970   yarn  664u  IPv4 1201049689      0t0  TCP master02.TATA130.com:radan-http->kafka03.TATA130.com:39486 (ESTABLISHED)
java    13970   yarn  693u  IPv4 1201050710      0t0  TCP master02.TATA130.com:radan-http->worker02.TATA130.com:39090 (ESTABLISHED)
java    18394 ambari 1511u  IPv4 1201046322      0t0  TCP master02.TATA130.com:56258->master02.TATA130.com:radan-http (ESTABLISHED)
java    18394 ambari 1515u  IPv4 1201049634      0t0  TCP master02.TATA130.com:56270->master02.TATA130.com:radan-http (ESTABLISHED)
java    18394 ambari 1516u  IPv4 1201008383      0t0  TCP master02.TATA130.com:41112->master01.TATA130.com:radan-http (ESTABLISHED)
java    18394 ambari 1517u  IPv4 1201038519      0t0  TCP master02.TATA130.com:56272->master02.TATA130.com:radan-http (ESTABLISHED)

如果我们知道哪个 PID 的用户使用了目标机器上的端口，这也会非常有用

例如

java    13970   yarn  617u  IPv4 1201044953      0t0  TCP master02.TATA130.com:radan-http->master03.TATA130.com:33736 (ESTABLISHED) PID=32424  user=root
java    13970   yarn  621u  IPv4 1200925788      0t0  TCP master02.TATA130.com:radan-http->master01.TATA130.com:37762 (ESTABLISHED) PID=324424 user=yarn
java    13970   yarn  631u  IPv4 1201038517      0t0  TCP master02.TATA130.com:radan-http->master02.TATA130.com:56258 (ESTABLISHED) PID=324224 user=yarn

或者也许可以这样解释

让我们排队吧

java    13970   yarn  617u  IPv4 1201044953      0t0  TCP master02.TATA130.com:radan-http->master03.TATA130.com:33736 (ESTABLISHED)

因此在 master03 机器上端口是 33736

所以如果我们访问 master03 机器并执行

 netstat -nlp | grep :33736

tcp        0      0 0.0.0.0:33736            0.0.0.0:*               LISTEN      13970/java

和

ps -ef | grep 13970 |  grep -v grep |  awk '{print $1}'
yarn

所以我的问题是 - 我们可以使用该命令 lsof -i tcp:8088，通过管道连接到其他命令，为我们提供预期的结果，或者可能是其他想法作为脚本？

预期成绩

java    13970   yarn  617u  IPv4 1201044953      0t0  TCP master02.TATA130.com:radan-http->master03.TATA130.com:33736 (ESTABLISHED) PID=32424  user=root
java    13970   yarn  621u  IPv4 1200925788      0t0  TCP master02.TATA130.com:radan-http->master01.TATA130.com:37762 (ESTABLISHED) PID=324424 user=yarn
java    13970   yarn  631u  IPv4 1201038517      0t0  TCP master02.TATA130.com:radan-http->master02.TATA130.com:56258 (ESTABLISHED) PID=324224 user=yarn

答案1

我会反过来做。

我假设

您可以连接到远程主机，
远程主机是unix。

赶紧跑

ss -tanp | awk '$5 == "18.23.292.9:8088"'

在远程主机上。

还假设未设置 NAT

答案1

相关内容