抓取netstat获取远程IP地址列表的替代方案?
抓取netstat获取远程IP地址列表的替代方案?
提问于 2013-03-15 01:04:47
我目前正在抓取Linux上的netstat -n -A inet和Mac上的netstat -n -f inet的输出,以使用以下(Python默认值)正则表达式获取机器连接到的远程IP地址和端口的集合:
'(?:[0-9]+\.){3}[0-9]+[.:][0-9]+\s+((?:[0-9]+\.){3}[0-9]+)[.:]([0-9]+)'这为我提供了组1中的远程IP和组2中的远程端口。
但是,这似乎不是可移植或可维护的(并且仅限于IPv4地址)。
有没有比获取活动远程IP列表更好的方法?
回答 2
Stack Overflow用户
发布于 2013-03-15 01:58:51
好的,总会有SNMP...完整的TCP连接表位于.1.3.6.1.2.1.6.19 (也称为.iso.org.dod.internet.mgmt.mib-2.tcp.tcpConnectionTable) ),完整的UDP表位于.1.3.6.1.2.1.7.7 (也称为.iso.org.dod.internet.mgmt.mib-2.udp.udpEndpointTable).
这是我的本地Linux机器的一个例子:
$ snmpbulkwalk -v2c -c xxxx -m ALL 83.137.17.100 .iso.org.dod.internet.mgmt.mib-2.tcp.tcpConnectionTable
TCP-MIB::tcpConnectionState.ipv4."83.137.17.100".44463.ipv4."91.189.89.90".80 = INTEGER: timeWait(11)
TCP-MIB::tcpConnectionState.ipv4."83.137.17.100".44470.ipv4."91.189.89.90".80 = INTEGER: timeWait(11)
TCP-MIB::tcpConnectionState.ipv6."00:00:00:00:00:00:00:00:00:00:ff:ff:53:89:11:64".80.ipv6."00:00:00:00:00:00:00:00:00:00:ff:ff:53:55:f2:7b".51612 = INTEGER: timeWait(11)
TCP-MIB::tcpConnectionState.ipv6."00:00:00:00:00:00:00:00:00:00:ff:ff:53:89:11:64".80.ipv6."00:00:00:00:00:00:00:00:00:00:ff:ff:53:55:f2:7b".51622 = INTEGER: timeWait(11)
TCP-MIB::tcpConnectionState.ipv6."00:00:00:00:00:00:00:00:00:00:ff:ff:53:89:11:64".80.ipv6."00:00:00:00:00:00:00:00:00:00:ff:ff:53:55:f2:7b".51623 = INTEGER: timeWait(11)
TCP-MIB::tcpConnectionState.ipv6."00:00:00:00:00:00:00:00:00:00:ff:ff:53:89:11:64".80.ipv6."00:00:00:00:00:00:00:00:00:00:ff:ff:53:55:f2:7b".51624 = INTEGER: finWait2(7)
TCP-MIB::tcpConnectionState.ipv6."00:00:00:00:00:00:00:00:00:00:ff:ff:53:89:11:64".80.ipv6."00:00:00:00:00:00:00:00:00:00:ff:ff:53:f7:0a:da".59728 = INTEGER: timeWait(11)
TCP-MIB::tcpConnectionState.ipv6."20:01:40:38:00:00:00:16:00:00:00:00:00:00:00:16".22.ipv6."2a:00:86:40:00:01:00:00:54:f4:06:96:6c:48:aa:a9".49644 = INTEGER: established(5)
TCP-MIB::tcpConnectionProcess.ipv4."83.137.17.100".44463.ipv4."91.189.89.90".80 = Gauge32: 0
TCP-MIB::tcpConnectionProcess.ipv4."83.137.17.100".44470.ipv4."91.189.89.90".80 = Gauge32: 0
TCP-MIB::tcpConnectionProcess.ipv6."00:00:00:00:00:00:00:00:00:00:ff:ff:53:89:11:64".80.ipv6."00:00:00:00:00:00:00:00:00:00:ff:ff:53:55:f2:7b".51612 = Gauge32: 0
TCP-MIB::tcpConnectionProcess.ipv6."00:00:00:00:00:00:00:00:00:00:ff:ff:53:89:11:64".80.ipv6."00:00:00:00:00:00:00:00:00:00:ff:ff:53:55:f2:7b".51622 = Gauge32: 0
TCP-MIB::tcpConnectionProcess.ipv6."00:00:00:00:00:00:00:00:00:00:ff:ff:53:89:11:64".80.ipv6."00:00:00:00:00:00:00:00:00:00:ff:ff:53:55:f2:7b".51623 = Gauge32: 0
TCP-MIB::tcpConnectionProcess.ipv6."00:00:00:00:00:00:00:00:00:00:ff:ff:53:89:11:64".80.ipv6."00:00:00:00:00:00:00:00:00:00:ff:ff:53:55:f2:7b".51624 = Gauge32: 0
TCP-MIB::tcpConnectionProcess.ipv6."00:00:00:00:00:00:00:00:00:00:ff:ff:53:89:11:64".80.ipv6."00:00:00:00:00:00:00:00:00:00:ff:ff:53:f7:0a:da".59728 = Gauge32: 0
TCP-MIB::tcpConnectionProcess.ipv6."20:01:40:38:00:00:00:16:00:00:00:00:00:00:00:16".22.ipv6."2a:00:86:40:00:01:00:00:54:f4:06:96:6c:48:aa:a9".49644 = Gauge32: 0Net-SNMP工具使输出更具可读性。在数值形式中,第一个输出行将是:
1.3.6.1.2.1.6.19.1.7.1.4.83.137.17.100.44463.1.4.91.189.89.90.80 = INTEGER: 11或在完全展开的文本中:
.iso.org.dod.internet.mgmt.mib-2.tcp.tcpConnectionTable.tcpConnectionEntry.tcpConnectionState.ipv4."83.137.17.100".44463.ipv4."91.189.89.90".80我不确定这是否比你现在所做的更容易,但这是一种标准化的方式……
Stack Overflow用户
发布于 2013-03-15 01:10:10
如果你不怕C和U*X内部,你可以反向工程netstat。
看看这里,https://unix.stackexchange.com/questions/21503/source-code-of-netstat
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/15415678
复制相关文章
相似问题
腾讯云开发者
