在
Linux(RHEL)中,我们可以使用“netstat -ntp”命令获取ForeignAddress / PID对:
[root@rhel ~]# netstat -ntp Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 10.30.39.13:139 10.30.36.190:22239 ESTABLISHED 15255/smbd tcp 0 0 ::ffff:10.30.39.13:22 ::ffff:10.30.34.64:2523 ESTABLISHED 27970/sshd: james [pri tcp 0 148 ::ffff:10.30.39.13:22 ::ffff:10.30.34.64:2518 ESTABLISHED 27937/3
例如,对于上面的用户james,我们有10.30.34.64:2523& 27970.
在AIX 5.3中以某种方式可以获得相同的信息(ForeignAddress / PID)吗?
解决方法
如果您有适用于Linux应用程序的AIX toolboox,您可以使用它应该有帮助的lsof,例如:
host:/:$lsof -i :22 sshd 1953 root 3u IPv4 300864051 0t0 TCP *:ssh (LISTEN) sshd 1953 root 4u IPv6 300864053 0t0 TCP *:ssh (LISTEN) sshd 19753 root 3u IPv4 366276287 0t0 TCP XXX.XXX.XXX.XXX:ssh->XXX.XXX.XXX.XXX:54371 (ESTABLISHED) sshd 19755 user 3u IPv4 366276287 0t0 TCP XXX.XXX.XXX.XXX:ssh->XXX.XXX.XXX.XXX:54371 (ESTABLISHED) host:/:$
通过这种方式,您可以看到谁在22号端口收听,以及谁与之相连.
使用AIX的本机工具,我认为它比lsof更棘手,更有帮助:
# netstat -Aan |grep <port_to_match>
<hex_number> tcp 0 0 *.XXX *.* LISTEN
# rmsock <hex_number> tcpcb
The socket <hex_number> is being held by proccess XXX (process_name).
# ps -ef |grep XXX
user XXX YYY 0 Aug 03 - /your/process
希望它有任何帮助.
