“完全意识到-/即将到来的连接意识”-脚本?
“完全意识到-/即将到来的连接意识”-脚本?
提问于 2022-08-11 05:48:15
一旦我找到了bash (或者Perl;它是如此之久以前,我对bash的知识还不足以区分一组象形文字和另一组象形文字)脚本,我认为该脚本通过lsof或ps -aux命令通过网络连接过滤了打开的文件,并通过解析域名对其进行了定期更新。对开放连接、打开连接、关闭连接有一个很好的概述,真是太好了。我是通过某人的博客抄袭的,但我怀疑他自己写的,只是他自己抄写的,只是在流传,因为它是在一些公开的非商业许可下出版的。
你可能会认真研究这个脚本,或者你会不会知道一个Ansatz会在Bash中写一些类似的东西?
你真诚的冯·斯波茨
回答 1
Unix & Linux用户
发布于 2022-09-23 03:11:42
这也许能满足你的需要:
#!/bin/sh
BASE=`basename "${0}" ".sh" `
TMP="/tmp/tmp.$.${BASE}"
sudo lsof -Pni | grep '(ESTABLISHED)' >"${TMP}.connections"
#COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
#firefox 2713 username 88u IPv4 445702 0t0 TCP 192.168.0.10:42564->142.251.41.4:443 (ESTABLISHED)
#firefox 2713 username 94u IPv4 445943 0t0 TCP 192.168.0.10:50416->108.138.106.67:443 (ESTABLISHED)
#firefox 2713 username 119u IPv4 44675 0t0 TCP 192.168.0.10:49430->104.16.249.249:443 (ESTABLISHED)
#firefox 2713 username 158u IPv4 285032 0t0 TCP 192.168.0.10:57148->198.252.206.25:443 (ESTABLISHED)
#firefox 2713 username 256u IPv4 446322 0t0 TCP 192.168.0.10:53810->20.127.253.7:443 (ESTABLISHED)"
sudo lsof -Pi | grep '(ESTABLISHED)' >"${TMP}.connections"
#COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
#firefox 2317 username 80u IPv4 41156 0t0 TCP 192.168.0.10:37300->ec2-44-228-207-167.us-west-2.compute.amazonaws.com:443 (ESTABLISHED)
#firefox 2317 username 82u IPv4 244978 0t0 TCP 192.168.0.10:50412->239.237.117.34.bc.googleusercontent.com:443 (ESTABLISHED)
#firefox 2317 username 128u IPv4 173831 0t0 TCP 192.168.0.10:42774->stackoverflow.com:443 (ESTABLISHED)
#firefox 2317 username 129u IPv4 41121 0t0 TCP 192.168.0.10:47274->104.16.248.249:443 (ESTABLISHED)
#firefox 2317 username 136u IPv4 48202 0t0 TCP 192.168.0.10:35086->stackoverflow.com:443 (ESTABLISHED)
cat "${TMP}.connections" |
awk '{
#printf("/proc/%s/fd/1|%s|%s|%s\n", $2, $4, $9, $10 ) ;
printf("/proc/%s/mountinfo|%s|%s|%s\n", $2, $4, $9, $10 ) ;
}' |
while [ true ]
do
read line
if [ -z "${line}" ] ; then exit 0 ; fi
procpath=`echo "${line}" | awk -F \| '{ print $1 }' `
fd=`echo "${line}" | awk -F \| '{ print $2 }' `
conn=`echo "${line}" | awk -F \| '{ print $3 }' `
status=`echo "${line}" | awk -F \| '{ print $4 }' `
age=`stat "${procpath}" | grep '^Change' | awk '{ p=index( $3, "." ) ; time=substr( $3, 1, p-1 ) ; print $2, time ; }' `
dat=`awk -v FD="${fd}" '{ if( $4 == FD ){ print $0 ; exit } ; }' "${TMP}.connections" `
echo "${age} ${dat}"
done输出如下:
2022-09-22 23:06:32 firefox 2317 username 80u IPv4 41156 0t0 TCP 192.168.0.10:37300->ec2-44-228-207-167.us-west-2.compute.amazonaws.com:443 (ESTABLISHED)
2022-09-22 23:06:32 firefox 2317 username 82u IPv4 244978 0t0 TCP 192.168.0.10:50412->239.237.117.34.bc.googleusercontent.com:443 (ESTABLISHED)
2022-09-22 23:06:32 firefox 2317 username 128u IPv4 173831 0t0 TCP 192.168.0.10:42774->stackoverflow.com:443 (ESTABLISHED)
2022-09-22 23:06:32 firefox 2317 username 129u IPv4 41121 0t0 TCP 192.168.0.10:47274->104.16.248.249:443 (ESTABLISHED)
2022-09-22 23:06:32 firefox 2317 username 136u IPv4 48202 0t0 TCP 192.168.0.10:35086->stackoverflow.com:443 (ESTABLISHED)它的重点是开放连接,因为它们是与系统进行积极交互的连接。
页面原文内容由Unix & Linux提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://unix.stackexchange.com/questions/713247
复制相关文章
相似问题
腾讯云开发者
