ale*_*ace 3 security networking
我最近一直在监视我的系统,我发现我的系统上正在运行一些奇怪的东西。谁能解释一下它们是什么以及为什么同一个程序使用多个进程?netstat和 的输出ps -aux:
netstat -antplF
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name<br>
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN - <br>
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN - <br>
tcp 0 0 127.0.0.1:9050 0.0.0.0:* LISTEN - <br>
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN - <br>
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN - <br>
tcp 0 0 127.0.0.1:587 0.0.0.0:* LISTEN - <br>
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN - <br>
tcp 0 0 127.0.1.1:53 0.0.0.0:* LISTEN - <br>
tcp 0 0 192.168.0.100:44952 144.76.244.204:443 ESTABLISHED 2705/chromium-brows<br>
tcp 0 0 192.168.0.100:49334 66.196.66.212:443 ESTABLISHED 6796/firefox <br>
tcp 0 0 192.168.0.100:40249 69.171.235.19:443 ESTABLISHED 6796/firefox <br>
tcp 0 0 192.168.0.100:51498 173.194.39.246:443 ESTABLISHED 6796/firefox <br>
tcp 0 0 192.168.0.100:39152 198.252.206.24:80 ESTABLISHED 2705/chromium-brows<br>
tcp 0 0 192.168.0.100:49050 2.20.142.212:80 ESTABLISHED 2705/chromium-brows<br>
tcp 0 0 192.168.0.100:56883 74.125.136.84:443 ESTABLISHED 2705/chromium-brows<br>
tcp 0 0 192.168.0.100:39153 198.252.206.24:80 ESTABLISHED 2705/chromium-brows<br>
tcp 0 0 192.168.0.100:50371 142.0.72.109:3389 ESTABLISHED 5777/xfreerdp <br>
tcp 0 0 192.168.0.100:56903 66.196.120.54:5050 ESTABLISHED 5809/pidgin <br>
tcp 0 0 192.168.0.100:51073 66.196.120.77:5050 ESTABLISHED 5809/pidgin <br>
tcp 0 0 192.168.0.100:54875 193.149.89.57:443 ESTABLISHED 6796/firefox <br>
tcp 0 0 192.168.0.100:40648 152.163.0.143:80 ESTABLISHED 6796/firefox <br>
tcp 0 0 192.168.0.100:53681 173.194.116.106:443 ESTABLISHED 2705/chromium-brows<br>
tcp 1 0 192.168.0.100:51012 91.189.89.144:80 CLOSE_WAIT 3829/ubuntu-geoip-p<br>
tcp 1 0 192.168.0.100:44527 91.189.89.31:80 CLOSE_WAIT 3871/gvfsd-http <br>
tcp 0 0 192.168.0.100:47284 74.125.136.94:443 ESTABLISHED 2705/chromium-brows<br>
tcp 0 0 192.168.0.100:36697 173.194.66.95:80 ESTABLISHED 2705/chromium-brows<br>
tcp 0 0 192.168.0.100:37008 173.194.44.52:443 ESTABLISHED 2705/chromium-brows<br>
tcp 0 0 192.168.0.100:40558 66.196.121.49:5050 ESTABLISHED 5809/pidgin <br>
tcp 0 0 192.168.0.100:56115 172.227.184.65:443 ESTABLISHED 2705/chromium-brows<br>
tcp 0 0 192.168.0.100:35533 66.196.120.117:5050 ESTABLISHED 5809/pidgin <br>
tcp 0 0 192.168.0.100:57169 64.4.44.81:443 ESTABLISHED 6796/firefox <br>
tcp 0 0 192.168.0.100:58695 198.252.206.25:443 ESTABLISHED 2705/chromium-brows<br>
tcp 0 0 192.168.0.100:43395 213.157.220.180:443 ESTABLISHED 2705/chromium-brows<br>
tcp6 0 0 ::1:631 :::* LISTEN - <br>
tcp6 0 0 :::445 :::* LISTEN - <br>
tcp6 0 0 :::139 :::* LISTEN - <br>
tcp6 0 0 :::111 :::* LISTEN - <br>
tcp6 0 0 :::80 :::* LISTEN - <br>
tcp6 1 0 ::1:33153 ::1:631 CLOSE_WAIT -<br>
开头和结尾的LISTEN端口和IP分别是什么?为什么他们喜欢0.0.0.0:*任何 ip 和任何端口?这是什么意思?请问它们具体是干什么用的?
nmbdSamba 设置的一部分使用。请参阅标准端口列表。
将Local Address 告诉您接口它正在侦听(什么127.0.0.1是localhost和0.0.0.0手段所有接口)。如果远程系统已连接到端口,Foreign Address 将显示该系统的地址,0.0.0.0否则显示。
听:
这些行显示您正在运行的服务,等待联系
已确立的
活动的网络连接
关闭_等待
即将关闭的网络连接
本地地址
服务:在这里您可以看到本地 IP 地址,该服务正在侦听的位置以及(在 a 之后:)它正在侦听的端口,以及
活动连接:该特殊连接使用的 IP 地址和端口
国外地址
例子
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN:您有一个服务正在运行,它仅从本地主机侦听端口 25(显然是邮件服务器)上的连接tcp 0 0 192.168.0.100:51498 173.194.39.246:443 ESTABLISHED 6796/firefox: Firefox 已在 173.194.39.246 上建立到 https 端口的连接端口??
这些只是数字,用于区分一台机器上的连接端点,一台机器上的两个程序不能同时使用同一个端口。
| 归档时间: |
|
| 查看次数: |
42002 次 |
| 最近记录: |