是否有可能login所有的IP地址,试图连接或连接到端口“5901”在Linux Debian?
我怎样才能做到这一点?
问候
你可以用iptables来做
iptables -I INPUT -p tcp -m tcp --dport 5901 -m state --state NEW -j LOG --log-level 1 --log-prefix "New Connection " 这将在端口5901上logging新的tcp连接到/var/log/syslog和/var/log/kernel.log像这样
Dec 12 07:52:48 u-10-04 kernel:[591690.935432]新连接IN = eth0 OUT = MAC = 00:0c:29:2e:78:f1:00:0c:29:eb:43:22: 08:00 SRC = 192.168.254.181 DST = 192.168.254.196 LEN = 60 TOS = 0x10 PREC = 0x00 TTL = 64 ID = 40815 DF PROTO = TCP SPT = 36972 DPT = 5901 WINDOW = 14600 RES = 0x00 SYN URGP = 0
如果是短期的 – 这应该是:
tcpdump -n -i eth0 -w file.cap "port 5901"
或者你可以使用iptables的日志目标:
iptables -A INPUT -p tcp --dport 5901 -j LOG --log-prefix '** guests **'--log-level 4
这可能会泛滥您的日志
你可以使用带有选项-v,-n,-t,-a的netstat
例如netstat -anp | :8080 | grep ESTABLISHED | wc -l netstat -anp | :8080 | grep ESTABLISHED | wc -l netstat -anp | :8080 | grep ESTABLISHED | wc -l OR
root@user:/home# netstat -vatn Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 192.168.1.174:8080 192.168.1.126:53021 ESTABLISHED tcp 0 0 192.168.1.174:8080 192.168.1.126:32950 ESTABLISHED tcp 0 0 192.168.1.174:8080 192.168.1.126:39634 ESTABLISHED tcp 0 0 192.168.1.174:8080 192.168.1.126:59300 ESTABLISHED tcp 0 0 192.168.1.174:8080 192.168.1.188:49551 ESTABLISHED tcp 0 0 192.168.1.174:9090 192.168.1.126:37865 ESTABLISHED tcp 0 0 192.168.1.174:9090 192.168.1.188:51411 ESTABLISHED tcp 0 0 192.168.1.174:8080 192.168.1.126:50824 ESTABLISHED