在Linux(RHEL)中,我们可以通过“netstat -ntp”命令获得一个ForeignAddress / PID对:
[root@rhel ~]# netstat -ntp Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 10.30.39.13:139 10.30.36.190:22239 ESTABLISHED 15255/smbd tcp 0 0 ::ffff:10.30.39.13:22 ::ffff:10.30.34.64:2523 ESTABLISHED 27970/sshd: james [pri tcp 0 148 ::ffff:10.30.39.13:22 ::ffff:10.30.34.64:2518 ESTABLISHED 27937/3 例如,对于上面的用户詹姆斯,我们有10.30.34.64:2523&27970 。
是否有可能在AIX 5.3中获得相同的信息(ForeignAddress / PID)?
如果你有适用于linux应用程序的AIX toolboox,你可以使用它应该帮助的lsof,例如:
host:/:$ lsof -i :22 sshd 1953 root 3u IPv4 300864051 0t0 TCP *:ssh (LISTEN) sshd 1953 root 4u IPv6 300864053 0t0 TCP *:ssh (LISTEN) sshd 19753 root 3u IPv4 366276287 0t0 TCP XXX.XXX.XXX.XXX:ssh->XXX.XXX.XXX.XXX:54371 (ESTABLISHED) sshd 19755 user 3u IPv4 366276287 0t0 TCP XXX.XXX.XXX.XXX:ssh->XXX.XXX.XXX.XXX:54371 (ESTABLISHED) host:/:$
这样你就可以看到谁在22号港口聆听,谁在接通。
使用AIX的本地工具我认为它比lsof有点棘手,而且比lsof更有帮助:
# netstat -Aan |grep <port_to_match> <hex_number> tcp 0 0 *.XXX *.* LISTEN # rmsock <hex_number> tcpcb The socket <hex_number> is being held by proccess XXX (process_name). # ps -ef |grep XXX user XXX YYY 0 Aug 03 - /your/process
希望它有任何帮助。