在LINUX中:
netstat命令
[root@limt ~]# netstat -tulp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 *:sunrpc *:* LISTEN 2151/rpcbind
tcp 0 0 *:50000 *:* LISTEN 3542/db2sysc 0
tcp 0 0 192.168.122.1:domain *:* LISTEN 2881/dnsmasq
tcp 0 0 *:ftp *:* LISTEN 2640/vsftpd
tcp 0 0 *:ssh *:* LISTEN 2611/sshd
tcp 0 0 localhost:ipp *:* LISTEN 2343/cupsd
tcp 0 0 localhost:smtp *:* LISTEN 2660/sendmail
tcp 0 0 *:38666 *:* LISTEN 2281/rpc.statd
tcp 0 0 *:35339 *:* LISTEN 2281/rpc.statd
tcp 0 0 *:sunrpc *:* LISTEN 2151/rpcbind
tcp 0 0 *:ssh *:* LISTEN 2611/sshd
tcp 0 0 localhost:ipp *:* LISTEN 2343/cupsd
tcp 0 0 *:wbem-https *:* LISTEN 2905/cimservermain
udp 0 0 *:kerberos-iv *:* 2087/portreserve
udp 0 0 *:sunrpc *:* 2151/rpcbind
udp 0 0 *:rda *:* 2151/rpcbind
udp 0 0 *:ipp *:* 2343/cupsd
udp 0 0 *:rxe *:* 2281/rpc.statd
udp 0 0 *:ldaps *:* 2087/portreserve
udp 0 0 *:dhcp-failover *:* 2087/portreserve
udp 0 0 *:783 *:* 2087/portreserve
udp 0 0 192.168.122.1:domain *:* 2881/dnsmasq
udp 0 0 *:bootps *:* 2881/dnsmasq
udp 0 0 *:bootpc *:* 2312/dhclient
udp 0 0 *:dhcp-failover2 *:* 2087/portreserve
udp 0 0 *:33375 *:* 2281/rpc.statd
udp 0 0 *:sunrpc *:* 2151/rpcbind
udp 0 0 *:rda *:* 2151/rpcbind
udp 0 0 *:34398 *:* 2281/rpc.statd
fuser命令
[root@limt ~]# fuser -v 22/tcp
用户 进程号 权限 命令
22/tcp: root 2611 F.... sshd
root 7441 F.... sshd
lsof命令
[root@limt ~]# lsof -i:22
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
sshd 2611 root 3u IPv4 16168 0t0 TCP *:ssh (LISTEN)
sshd 2611 root 4u IPv6 16172 0t0 TCP *:ssh (LISTEN)
sshd 7441 root 3u IPv4 48583 0t0 TCP 192.168.1.105:ssh->192.168.1.100:61791 (ESTABLISHED)
在AIX中:
netstat和rmsock
(1)先使用netstat命令查看端口系统内核地址(16进制),如查看ssh 22端口的进程。
# netstat –Aan |grep 22
f1000600044c7398 tcp4 0 52 134.96.194.9.22 134.96.90.123.1797 ESTABLISHED
f1000600044e4b98 tcp4 0 0 *.22 *.* LISTEN
其中:f1000600044e4b98 tcp4 0 0 *.22 *.* LISTEN
行为侦听端口22端口相关信息, f1000600044e4b98为系统内核地址。
(2)调用rmsock命令查看该端口对应的进程号:
# rmsock f1000600044e4b98 tcpcb ( socket、tcpcb、inpcb、ripcb 或 rawcb)
The socket 0x44e4808 is being held by proccess 447250 (sshd). ---显示端口22的进程号为447250。
lsof命令
# lsof -i:22
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
sshd 107084 root 3u IPv4 0xf100070000a3a3b0 0t0 TCP *:ssh (LISTEN)