如何知道通過特定埠連接到我的機器的程序

使用以下命令，我想獲取在我的機器上使用埠 8088 連接的 IP

18.23.292.9是使用埠 8088 執行資源管理器服務的機器

ss -tanp | grep 8088 | grep ESTAB
ESTAB      0      0      18.23.292.9:8088               118.2.291.2:52874               users:(("java",pid=13970,fd=829))
ESTAB      0      0      18.23.292.9:8088               110.6.52.2:56379               users:(("java",pid=13970,fd=668))
ESTAB      0      0      18.23.292.9:8088               110.6.52.2:52337               users:(("java",pid=13970,fd=666))
ESTAB      0      0      18.23.292.9:8088               118.2.280:34088               users:(("java",pid=13970,fd=790))
ESTAB      0      0      18.23.292.9:8088               110.6.52.2:59794               users:(("java",pid=13970,fd=660))
ESTAB      0      0      18.23.292.9:8088               110.6.52.2:59415               users:(("java",pid=13970,fd=665))
ESTAB      0      0      18.23.292.9:8088               118.2.279:53610               users:(("java",pid=13970,fd=750))
ESTAB      0      0      18.23.292.9:8088               110.6.52.2:63875               users:(("java",pid=13970,fd=661))
ESTAB      0      0      18.23.292.9:8088               110.6.52.2:50267               users:(("java",pid=13970,fd=667))

現在我想知道遠端機器上的哪些應用程序/服務實際上連接到埠 8088

原因是我們看到了很多到 8088 埠的連接，我們想知道哪些是嘗試連接的程序

機器如下例118.2.291.2， 110.6.52.2等

同時我沒有成功創建以下腳本，該腳本擷取連接的機器的 IP 和埠

#!/bin/bash


port=`  netstat -anp | grep :8088 | grep ESTAB | head -1 | awk '{print $5}' | sed s'/:/ /g' | awk '{print $2}' ` ; IP=` netstat -nape | grep $port | awk '{print $5}' | sed s'/:/ /g' | awk '
{print $1}' `
export PORT=` netstat -nape | grep $port | awk '{print $5}' | sed s'/:/ /g' | awk '{print $2}' `

echo $IP
echo $PORT

也許其他很好的例子

這是一個很好的例子，如何找出哪個程序目前正在使用 Linux 中的某個埠。我們還得到了連接的機器列表（在右側）

lsof -i tcp:8088
COMMAND   PID   USER   FD   TYPE     DEVICE SIZE/OFF NODE NAME
java    13970   yarn  396u  IPv4 1052681821      0t0  TCP *:radan-http (LISTEN)
java    13970   yarn  559u  IPv4 1201044836      0t0  TCP master02.bigdata130.cgnt:radan-http->worker01.TATA130.cgnt:47506 (ESTABLISHED)
java    13970   yarn  617u  IPv4 1201044953      0t0  TCP master02.TATA130.com:radan-http->master03.TATA130.com:33736 (ESTABLISHED)
java    13970   yarn  621u  IPv4 1200925788      0t0  TCP master02.TATA130.com:radan-http->master01.TATA130.com:37762 (ESTABLISHED)
java    13970   yarn  631u  IPv4 1201038517      0t0  TCP master02.TATA130.com:radan-http->master02.TATA130.com:56258 (ESTABLISHED)
java    13970   yarn  634u  IPv4 1201046323      0t0  TCP master02.TATA130.com:radan-http->master02.TATA130.com:56272 (ESTABLISHED)
java    13970   yarn  635u  IPv4 1201038518      0t0  TCP master02.TATA130.com:radan-http->master02.TATA130.com:56270 (ESTABLISHED)
java    13970   yarn  664u  IPv4 1201049689      0t0  TCP master02.TATA130.com:radan-http->kafka03.TATA130.com:39486 (ESTABLISHED)
java    13970   yarn  693u  IPv4 1201050710      0t0  TCP master02.TATA130.com:radan-http->worker02.TATA130.com:39090 (ESTABLISHED)
java    18394 ambari 1511u  IPv4 1201046322      0t0  TCP master02.TATA130.com:56258->master02.TATA130.com:radan-http (ESTABLISHED)
java    18394 ambari 1515u  IPv4 1201049634      0t0  TCP master02.TATA130.com:56270->master02.TATA130.com:radan-http (ESTABLISHED)
java    18394 ambari 1516u  IPv4 1201008383      0t0  TCP master02.TATA130.com:41112->master01.TATA130.com:radan-http (ESTABLISHED)
java    18394 ambari 1517u  IPv4 1201038519      0t0  TCP master02.TATA130.com:56272->master02.TATA130.com:radan-http (ESTABLISHED)

如果我們知道哪個是使用目標機器上埠的 PID 使用者，這也將非常有用

例如

java    13970   yarn  617u  IPv4 1201044953      0t0  TCP master02.TATA130.com:radan-http->master03.TATA130.com:33736 (ESTABLISHED) PID=32424  user=root
java    13970   yarn  621u  IPv4 1200925788      0t0  TCP master02.TATA130.com:radan-http->master01.TATA130.com:37762 (ESTABLISHED) PID=324424 user=yarn
java    13970   yarn  631u  IPv4 1201038517      0t0  TCP master02.TATA130.com:radan-http->master02.TATA130.com:56258 (ESTABLISHED) PID=324224 user=yarn

或者也許通過這個解釋為

讓我們排隊

java    13970   yarn  617u  IPv4 1201044953      0t0  TCP master02.TATA130.com:radan-http->master03.TATA130.com:33736 (ESTABLISHED)

所以master03機器上的埠是33736

所以如果我們訪問 master03 機器並執行

netstat -nlp | grep :33736

tcp        0      0 0.0.0.0:33736            0.0.0.0:*               LISTEN      13970/java

和

ps -ef | grep 13970 |  grep -v grep |  awk '{print $1}'
yarn

所以我的問題是-我們可以使用該命令 lsof -i tcp:8088，通過管道連接到其他命令，從而為我們提供預期的結果，或者作為腳本的其他想法？

預期成績

java    13970   yarn  617u  IPv4 1201044953      0t0  TCP master02.TATA130.com:radan-http->master03.TATA130.com:33736 (ESTABLISHED) PID=32424  user=root
java    13970   yarn  621u  IPv4 1200925788      0t0  TCP master02.TATA130.com:radan-http->master01.TATA130.com:37762 (ESTABLISHED) PID=324424 user=yarn
java    13970   yarn  631u  IPv4 1201038517      0t0  TCP master02.TATA130.com:radan-http->master02.TATA130.com:56258 (ESTABLISHED) PID=324224 user=yarn

我會反過來做。

我假設

• 您可以連接到遠端主機，
• 遠端主機是unix。

趕緊跑

ss -tanp | awk '$5 == "18.23.292.9:8088"' 

在遠端主機上。

• 還假設沒有設置 NAT

引用自：https://unix.stackexchange.com/questions/659170