美文网首页
why netstat show a listening por

why netstat show a listening por

作者: HackerZGZ | 来源:发表于2018-05-13 21:44 被阅读0次

    Happen

    使用 RPC 很久了,但是一直使用的是 tcpdump ,某天我需要在服务器上确认某个端口是否被 RPC 服务占用的时候,发现平常一直使用的 lsof 命令却没有找到实际占用着端口的 RPC 服务,却在 netstat 命令中找到了:

    # use netstat
    $ netstat -aln | grep 14667
    tcp6       0      0 :::14667                :::*                    LISTEN      -
    
    # use lsof
    $ lsof -i :14667
    
    真让人头大

    Search

    由此,我先想到的是看下 lsof 这个命令的说明文档,输入 $ man lsof 命令即可看到文档描述:

    NAME
    lsof - list open files

    ...

    DESCRIPTION

    ...

    ​ An open file may be a regular file, a directory, a block special file, a character special file, an executing text reference, a library, a stream or a network file (Internet socket, NFS file or UNIX domain socket.) A specific file or all the files in a file system may be selected by path.

    可以看到, lsof 就是 list open files 的缩写,而在 Linux 环境下,一切皆文件,当操作系统与应用程序进行交互的时候,都会为其创建一个文件描述符,该活动的文件描述符就可以被称为 open file

    如果仅仅根据这段文档描述,lsof 是一定能够显示 RPC 服务的 ,因为 RPC 是建立在 TCP Socket 之上,而 TCP 为了监听端口,必须要与操作系统交互,建立一个 open file

    知识盲区

    继续往下看,而在接下来的一段中,还有这样的描述:

    SECURITY

    ​ ...

    ​ Restricting the listing of all open files is controlled by the compile-time HASSECURITY and HAS- NOSOCKSECURITY options. When HASSECURITY is defined, lsof will allow only the root user to list all open files. The non-root user may list only open files of processes with the same user IDentification number as the real user ID number of the lsof process (the one that its user logged on with).

    原来因为 open file 需要访问操作系统核心内存、文件,为了安全,便有了 HASSECURITY 以及 HASNOSOCKSECURITY 两个相对应的参数,如果 HASSECURITY 被定义的时候,我们只有在 root 权限下才能在 lsof 中看到所有的 open file

    于是赶紧在服务器上使用 root 权限用户尝试一下 lsof ,果然能看到占用着该端口的应用程序:

    # sudo root
    $ sudo su
    
    # use lsof
    $ lsof -i :14667
    COMMAND   PID    USER   FD   TYPE             DEVICE SIZE/OFF NODE NAME
    xxxx    44258    root  74u  IPv6 0xd5e8f554d9ed6ee7      0t0  TCP *:14194 (LISTEN)
    

    那问题又来了,为什么 netstat 命令不需要 root 权限呢?那就输入 $ man netstat 继续看文档吧:

    NAME
    netstat -- show network status

    ...

    DESCRIPTION
    The netstat command symbolically displays the contents of various network-related data structures.
    There are a number of output formats, depending on the options for the information presented. The
    first form of the command displays a list of active sockets for each protocol. The second form
    presents the contents of one of the other network data structures according to the option
    selected. Using the third form, with a wait interval specified, netstat will continuously display
    the information regarding packet traffic on the configured network interfaces. The fourth form
    displays statistics for the specified protocol or address family. If a wait interval is specified,
    the protocol information over the last interval seconds will be displayed. The fifth form dis-
    plays per-interface statistics for the specified protocol or address family. The sixth form dis-
    plays mbuf(9) statistics. The seventh form displays routing table for the specified address fam-
    ily. The eighth form displays routing statistics.

    原来,netstat 只是将网络套接字的连接情况显示出来,不涉及到操作系统被屏蔽起来的 进程信息 等,所以就无需管理员权限了。

    当然,如果你添加了 -p 参数,还是需要在 root 权限下才能看到结果的。

    相关文章

      网友评论

          本文标题:why netstat show a listening por

          本文链接:https://www.haomeiwen.com/subject/eylrdftx.html