parere su esito comando lsof-i e netstat
Calogero Bonasia
kbonasia@linuxteam.it
Gio 31 Mar 2005 00:35:19 CEST
premessa:
da quel che ne so, lsof è un comando utile per il debugging dei processi, può
essere utilizzato anche per vericare la corrispondenza nome, PID processo e
porte aperte sul proprio sistema. L'opzione -i abilita la visualizzazione
della corrispondenza processo, servizio e numero porta, invece le opzioni -n
e -P evitano la risoluzione dell'host e port name.
di seguito un esempio di lsof in una macchina da me gestita:
[root@GIOVE root]# lsof -i -P -n
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
sshd 470 root 3u IPv4 1032 TCP *:22 (LISTEN)
xinetd 481 root 5u IPv4 1112 TCP *:23 (LISTEN)
mysqld 525 mysql 3u IPv4 1113 TCP *:3306 (LISTEN)
mysqld 527 mysql 3u IPv4 1113 TCP *:3306 (LISTEN)
mysqld 528 mysql 3u IPv4 1113 TCP *:3306 (LISTEN)
sshd 529 root 4u IPv4 1119 TCP 10.0.0.16:22->10.0.0.93:33
(ESTABLISHED)
qui, invece, l'esito di lsof -i:20080 nella macchina di un cliente che lamenta
continue e ripetute, nonche' inspiegabili cadute "di rete" in merito ad un
applicativo che io amministro sul server del cliente che, appunto gira sulla
porta 20080. Per motivi di tutela della privacy, ho cambiato il nome host del
server:
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
python 9166 mioapplicativo 12r IPv4 17095 TCP *:20080 (LISTEN)
python 9166 mioapplicativo 15u IPv4 17499 TCP
nome.server.cliente:20080->172.10.0.120:ansoft-lm-2 (ESTABLISHED)
python 9166 mioapplicativo 16u IPv4 17196 TCP
nome.server.cliente:20080->172.10.0.120:socks (ESTABLISHED)
python 9166 mioapplicativo 18u IPv4 17208 TCP
nome.server.cliente:20080->172.10.1.41:rdrmshc (ESTABLISHED)
python 9166 mioapplicativo 19u IPv4 17465 TCP
nome.server.cliente:20080->172.10.0.144:1187 (ESTABLISHED)
python 9166 mioapplicativo 20u IPv4 17497 TCP
nome.server.cliente:20080->172.10.1.41:imgames (ESTABLISHED)
python 9166 mioapplicativo 21u IPv4 17221 TCP
nome.server.cliente:20080->172.10.1.34:cognex-insight (ESTABLISHED)
python 9166 mioapplicativo 22u IPv4 17498 TCP
nome.server.cliente:20080->172.10.1.34:bsquare-voip (ESTABLISHED)
python 9166 mioapplicativo 23u IPv4 18890 TCP
nome.server.cliente:20080->172.10.0.53:nfsd-status (ESTABLISHED)
python 9166 mioapplicativo 25u IPv4 17589 TCP
nome.server.cliente:20080->172.10.1.41:ansoft-lm-2 (ESTABLISHED)
python 9166 mioapplicativo 26u IPv4 18222 TCP
nome.server.cliente:20080->172.10.1.93:1177 (ESTABLISHED)
python 9166 mioapplicativo 27u IPv4 18574 TCP
nome.server.cliente:20080->172.10.0.144:emperion (ESTABLISHED)
python 9166 mioapplicativo 28u IPv4 18855 TCP
nome.server.cliente:20080->172.10.10.56:1039 (ESTABLISHED)
python 9166 mioapplicativo 29u IPv4 18252 TCP
nome.server.cliente:20080->172.10.1.41:proofd (ESTABLISHED)
python 9166 mioapplicativo 31u IPv4 18253 TCP
nome.server.cliente:20080->172.10.1.41:rootd (ESTABLISHED)
python 9166 mioapplicativo 32u IPv4 18710 TCP
nome.server.cliente:20080->172.10.10.56:nsstp (ESTABLISHED)
python 9166 mioapplicativo 33u IPv4 18727 TCP
nome.server.cliente:20080->172.10.10.56:1038 (ESTABLISHED)
python 9166 mioapplicativo 34u IPv4 18305 TCP
nome.server.cliente:20080->172.10.0.120:1037 (ESTABLISHED)
python 9166 mioapplicativo 36u IPv4 19110 TCP
nome.server.cliente:20080->172.10.1.118:1140 (ESTABLISHED)
python 9166 mioapplicativo 38u IPv4 19122 TCP
nome.server.cliente:20080->172.10.1.34:lmsocialserver (ESTABLISHED)
python 9166 mioapplicativo 39u IPv4 19136 TCP
nome.server.cliente:20080->172.10.1.34:mini-sql (ESTABLISHED)
python 9166 mioapplicativo 40u IPv4 19200 TCP
nome.server.cliente:20080->172.10.1.93:tsdos390 (ESTABLISHED)
python 9166 mioapplicativo 41u IPv4 19049 TCP
nome.server.cliente:20080->172.10.1.118:1132 (ESTABLISHED)
python 9166 mioapplicativo 42u IPv4 19163 TCP
nome.server.cliente:20080->172.10.1.93:1232 (ESTABLISHED)
python 9166 mioapplicativo 43u IPv4 19283 TCP
nome.server.cliente:20080->172.10.0.144:gv-us (ESTABLISHED)
python 9166 mioapplicativo 44u IPv4 19256 TCP
nome.server.cliente:20080->172.10.1.34:1132 (ESTABLISHED)
python 9166 mioapplicativo 45u IPv4 19398 TCP
nome.server.cliente:20080->172.10.0.144:gwha (ESTABLISHED)
python 9166 mioapplicativo 46u IPv4 19525 TCP
nome.server.cliente:20080->172.10.0.144:proxima-lm (ESTABLISHED)
python 9166 mioapplicativo 47u IPv4 19526 TCP
nome.server.cliente:20080->172.10.0.144:gtegsc-lm (ESTABLISHED)
python 9166 mioapplicativo 48u IPv4 19403 TCP
nome.server.cliente:20080->172.10.1.93:neoiface (ESTABLISHED)
python 9166 mioapplicativo 49u IPv4 19404 TCP
nome.server.cliente:20080->172.10.1.93:netuitive (ESTABLISHED)
python 9166 mioapplicativo 50u IPv4 19573 TCP
nome.server.cliente:20080->172.10.0.144:vpac (ESTABLISHED)
python 9166 mioapplicativo 51u IPv4 19640 TCP
nome.server.cliente:20080->172.10.1.34:1190 (ESTABLISHED)
python 9166 mioapplicativo 52u IPv4 19641 TCP
nome.server.cliente:20080->172.10.1.34:1191 (ESTABLISHED)
python 9166 mioapplicativo 53u IPv4 19669 TCP
nome.server.cliente:20080->172.10.1.34:accord-mgc (ESTABLISHED)
python 9166 mioapplicativo 54u IPv4 19670 TCP
nome.server.cliente:20080->172.10.1.34:anthony-data (ESTABLISHED)
python 9166 mioapplicativo 55u IPv4 19755 TCP
nome.server.cliente:20080->172.10.1.34:hpss-ndapi (ESTABLISHED)
python 9166 mioapplicativo 56u IPv4 19850 TCP
nome.server.cliente:20080->172.10.1.34:tgp (ESTABLISHED)
python 9166 mioapplicativo 57u IPv4 19783 TCP
nome.server.cliente:20080->172.10.1.34:nerv (ESTABLISHED)
python 9166 mioapplicativo 58u IPv4 19837 TCP
nome.server.cliente:20080->172.10.1.93:bbn-mmx (ESTABLISHED)
python 9166 mioapplicativo 59u IPv4 19788 TCP
nome.server.cliente:20080->172.10.1.93:bbn-mmc (ESTABLISHED)
python 9166 mioapplicativo 60u IPv4 20271 TCP
nome.server.cliente:20080->172.10.1.34:boomerang (ESTABLISHED)
python 9166 mioapplicativo 61u IPv4 19982 TCP
nome.server.cliente:20080->172.10.1.93:timeflies (ESTABLISHED)
python 9166 mioapplicativo 62u IPv4 19983 TCP
nome.server.cliente:20080->172.10.1.93:ndm-requester (ESTABLISHED)
python 9166 mioapplicativo 63u IPv4 20118 TCP
nome.server.cliente:20080->172.10.0.144:jlicelmd (ESTABLISHED)
python 9166 mioapplicativo 64u IPv4 19895 TCP
nome.server.cliente:20080->172.10.1.34:servergraph (ESTABLISHED)
python 9166 mioapplicativo 65u IPv4 20295 TCP
nome.server.cliente:20080->172.10.1.34:pe-mike (ESTABLISHED)
python 9166 mioapplicativo 66u IPv4 20031 TCP
nome.server.cliente:20080->172.10.1.34:q55-pcc (ESTABLISHED)
python 9166 mioapplicativo 67u IPv4 20301 TCP
nome.server.cliente:20080->172.10.0.144:aas (ESTABLISHED)
python 9166 mioapplicativo 68u IPv4 20313 TCP
nome.server.cliente:20080->172.10.0.144:stt (ESTABLISHED)
python 9166 mioapplicativo 69u IPv4 20315 TCP
nome.server.cliente:20080->172.10.1.34:bytex (ESTABLISHED)
python 9166 mioapplicativo 70u IPv4 20344 TCP
nome.server.cliente:20080->172.10.1.93:cadsi-lm (ESTABLISHED)
python 9166 mioapplicativo 71u IPv4 20369 TCP
nome.server.cliente:20080->172.10.1.93:iclpv-nlc (ESTABLISHED)
python 9166 mioapplicativo 72u IPv4 20442 TCP
nome.server.cliente:20080->172.10.1.34:gandalf-lm (ESTABLISHED)
python 9166 mioapplicativo 73u IPv4 20378 TCP
nome.server.cliente:20080->172.10.0.144:nimrod-agent (ESTABLISHED)
python 9166 mioapplicativo 75u IPv4 20963 TCP
nome.server.cliente:20080->172.10.1.34:blueberry-lm (ESTABLISHED)
chiedo lumi a chi ne sa piu' di me, su "cosa siano" questi nomi particolari,
ad esempio "bytex" o "cadsi-lm" o "nimrod-agent" correlati agli indirizzi ip
dei client che risulta stiano accedendo alle risorse sul server del cliente.
In particolare, desidero specificare che si tratta di macchine sulle quali
gira Windows e che sono "palesemente" infette con virus, troiani, spyware et
similia...
ancora, di seguito, l'esito del comando lsof -i:5432, cioe' eseguito sul
server per verificare chi in quel momento stesse richiedendo "servizi" al
database postgresql:
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
postmaste 4515 postgres 3u IPv6 7496 TCP *:postgresql (LISTEN)
postmaste 4515 postgres 4u IPv4 7497 TCP *:postgresql (LISTEN)
python 9166 mioapplicativo 17u IPv4 17224 TCP
localhost:talarian-tcp->localhost:postgresql (ESTABLISHED)
python 9166 mioapplicativo 24u IPv4 17335 TCP
localhost:5108->localhost:postgresql (ESTABLISHED)
python 9166 mioapplicativo 30u IPv4 17358 TCP
localhost:5110->localhost:postgresql (ESTABLISHED)
python 9166 mioapplicativo 35u IPv4 20998 TCP
localhost:5217->localhost:postgresql (ESTABLISHED)
python 9166 mioapplicativo 37u IPv4 20070 TCP
localhost:5198->localhost:postgresql (ESTABLISHED)
postmaste 9178 postgres 9u IPv4 17225 TCP
localhost:postgresql->localhost:talarian-tcp (ESTABLISHED)
postmaste 9203 postgres 9u IPv4 17336 TCP
localhost:postgresql->localhost:5108 (ESTABLISHED)
postmaste 9205 postgres 9u IPv4 17359 TCP
localhost:postgresql->localhost:5110 (ESTABLISHED)
postmaste 10162 postgres 9u IPv4 20071 TCP
localhost:postgresql->localhost:5198 (ESTABLISHED)
postmaste 10614 postgres 9u IPv4 20999 TCP
localhost:postgresql->localhost:5217 (ESTABLISHED)
ed infine: l'esito del comando netstat, dato da root, sul server in argomento
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 nome.host.server:20080 172.10.0.144:stt ESTABLISHED
tcp 0 0 nome.host.server:20080 172.10.0.144:aas ESTABLISHED
tcp 0 0 nome.host.server:20080 172.10.1.93:iclpv-nlc ESTABLISHED
tcp 0 0 nome.host.server:20080 172.10.10.56:1039 ESTABLISHED
tcp 0 0 nome.host.server:20080 172.10.10.56:1038 ESTABLISHED
tcp 0 0 nome.host.server:20080 172.10.0.1:nimrod-agent ESTABLISHED
tcp 0 0 nome.host.server:20080 172.10.10.56:nsstp ESTABLISHED
tcp 0 0 nome.host.server:20080 172.10.1.93:cadsi-lm ESTABLISHED
tcp 0 0 nome.host.server:20080 172.10.0.144:gv-us ESTABLISHED
tcp 0 0 nome.host.server:20080 172.10.0.144:gwha ESTABLISHED
tcp 0 0 nome.host.server:20080 172.10.1.:ndm-requester ESTABLISHED
tcp 0 0 nome.host.server:20080 172.10.1.93:timeflies ESTABLISHED
tcp 0 0 localhost:5110 localhost:postgresql
ESTABLISHED
tcp 0 0 localhost:5108 localhost:postgresql
ESTABLISHED
tcp 0 0 localhost:talarian-tcp localhost:postgresql
ESTABLISHED
tcp 0 0 localhost:5217 localhost:postgresql
ESTABLISHED
tcp 0 0 localhost:5198 localhost:postgresql
ESTABLISHED
tcp 0 0 nome.host.server:20080 172.10.1.93:bbn-mmx ESTABLISHED
tcp 0 0 nome.host.server:20080 172.10.1.41:rdrmshc ESTABLISHED
tcp 0 0 nome.host.server:20080 172.10.1.41:imgames ESTABLISHED
tcp 0 0 nome.host.server:20080 172.10.1.93:bbn-mmc ESTABLISHED
tcp 0 0 nome.host.server:20080 172.10.1.41:ansoft-lm-2 ESTABLISHED
tcp 0 0 nome.host.server:20080 172.10.0.144:emperion ESTABLISHED
tcp 0 0 nome.host.server:20080 172.10.1.41:proofd ESTABLISHED
tcp 0 0 nome.host.server:20080 172.10.1.41:rootd ESTABLISHED
tcp 0 0 nome.host.server:20080 172.10.0.144:jlicelmd ESTABLISHED
tcp 0 0 localhost:postgresql localhost:5198
ESTABLISHED
tcp 0 0 nome.host.server:20080 172.10.0.120:1037 ESTABLISHED
tcp 0 0 nome.host.server:20080 172.10.0.120:socks ESTABLISHED
tcp 0 0 nome.host.server:20080 172.10.0.12:ansoft-lm-2 ESTABLISHED
tcp 0 0 nome.host.server:20080 172.10.1.93:neoiface ESTABLISHED
tcp 0 0 nome.host.server:20080 172.10.1.93:netuitive ESTABLISHED
tcp 0 0 localhost:postgresql localhost:5217
ESTABLISHED
tcp 0 0 localhost:postgresql localhost:5216 TIME_WAIT
tcp 0 0 nome.host.server:20080 172.10.1.93:tsdos390 ESTABLISHED
tcp 0 0 nome.host.server:20080 172.10.1.93:1232 ESTABLISHED
tcp 0 0 nome.host.server:20080 172.10.0.144:vpac ESTABLISHED
tcp 0 0 localhost:postgresql localhost:5108
ESTABLISHED
tcp 0 0 nome.host.server:20080 172.10.0.144:proxima-lm ESTABLISHED
tcp 0 0 localhost:postgresql localhost:5110
ESTABLISHED
tcp 0 0 nome.host.server:20080 172.10.0.144:1187 ESTABLISHED
tcp 0 0 nome.host.server:20080 172.10.0.144:gtegsc-lm ESTABLISHED
tcp 0 0 nome.host.server:20080 172.10.1.93:1177 ESTABLISHED
tcp 0 0 localhost:postgresql localhost:talarian-tcp
ESTABLISHED
tcp 0 0 nome.host.server:20080 172.10.1.34:boomerang ESTABLISHED
tcp 0 0 nome.host.server:20080 172.10.1.34:pe-mike ESTABLISHED
tcp 0 0 nome.host.server:20080 172.10.1.3:bsquare-voip ESTABLISHED
tcp 0 0 nome.host.server:20080 172.10.1:cognex-insight ESTABLISHED
tcp 0 0 nome.host.server:20080 172.10.1.118:1140 ESTABLISHED
tcp 0 0 nome.host.server:20080 172.10.1.118:1132 ESTABLISHED
tcp 0 0 nome.host.server:20080 172.10.0.53:nfsd-status ESTABLISHED
tcp 0 0 nome.host.server:20080 172.10.1.34:mini-sql ESTABLISHED
tcp 0 0 nome.host.server:20080 172.10.1.34:bytex ESTABLISHED
tcp 0 0 nome.host.server:20080 172.10.1:lmsocialserver ESTABLISHED
tcp 0 0 nome.host.server:20080 172.10.1.34:1132 ESTABLISHED
tcp 0 500 nome.host.server:20080 172.10.1.34:gandalf-lm ESTABLISHED
tcp 0 0 nome.host.server:20080 172.10.1.3:blueberry-lm ESTABLISHED
tcp 0 0 nome.host.server:20080 172.10.1.34:saism ESTABLISHED
tcp 0 0 nome.host.server:20080 172.10.1.34:1190 ESTABLISHED
tcp 0 0 nome.host.server:20080 172.10.1.34:1191 ESTABLISHED
tcp 0 0 nome.host.server:20080 172.10.1.3:anthony-data ESTABLISHED
tcp 0 0 nome.host.server:20080 172.10.1.34:accord-mgc ESTABLISHED
tcp 0 0 nome.host.server:20080 172.10.1.34:hpss-ndapi ESTABLISHED
tcp 0 0 nome.host.server:20080 172.10.1.34:nerv ESTABLISHED
tcp 0 0 nome.host.server:20080 172.10.1.34:tgp ESTABLISHED
tcp 0 0 nome.host.server:20080 172.10.1.34:servergraph ESTABLISHED
tcp 0 0 nome.host.server:20080 172.10.1.34:q55-pcc ESTABLISHED
udp 0 0 localhost:exosee localhost:exosee
ESTABLISHED
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags Type State I-Node Path
unix 9 [ ] DGRAM 4970 /dev/log
unix 2 [ ] DGRAM 4972 /var/lib/ntp/dev/log
unix 2 [ ] DGRAM 20370
unix 2 [ ] DGRAM 14535
unix 3 [ ] STREAM CONNECTED 14521
unix 3 [ ] STREAM CONNECTED 14520
unix 3 [ ] STREAM CONNECTED 14519
unix 3 [ ] STREAM CONNECTED 14518
unix 3 [ ] STREAM CONNECTED 14517
unix 3 [ ] STREAM CONNECTED 14516
unix 3 [ ] STREAM CONNECTED 14515
unix 3 [ ] STREAM CONNECTED 14514
unix 3 [ ] STREAM CONNECTED 14513
unix 3 [ ] STREAM CONNECTED 14512
unix 3 [ ] STREAM CONNECTED 14511
unix 3 [ ] STREAM CONNECTED 14510
unix 3 [ ] STREAM CONNECTED 14509
unix 3 [ ] STREAM CONNECTED 14508
unix 3 [ ] STREAM CONNECTED 14507
unix 3 [ ] STREAM CONNECTED 14506
unix 3 [ ] STREAM CONNECTED 14505
unix 3 [ ] STREAM CONNECTED 14504
unix 3 [ ] STREAM CONNECTED 14503
unix 3 [ ] STREAM CONNECTED 14502
unix 3 [ ] STREAM CONNECTED 14501
unix 3 [ ] STREAM CONNECTED 14500
unix 3 [ ] STREAM CONNECTED 14499
unix 3 [ ] STREAM CONNECTED 14498
unix 3 [ ] STREAM CONNECTED 14497
unix 3 [ ] STREAM CONNECTED 14496
unix 3 [ ] STREAM CONNECTED 14495
unix 3 [ ] STREAM CONNECTED 14494
unix 3 [ ] STREAM CONNECTED 14493
unix 3 [ ] STREAM CONNECTED 14492
unix 3 [ ] STREAM CONNECTED 14491
unix 3 [ ] STREAM CONNECTED 14490
unix 3 [ ] STREAM CONNECTED 14489
unix 3 [ ] STREAM CONNECTED 14488
unix 3 [ ] STREAM CONNECTED 14487
unix 3 [ ] STREAM CONNECTED 14486
unix 3 [ ] STREAM CONNECTED 14485
unix 3 [ ] STREAM CONNECTED 14484
unix 3 [ ] STREAM CONNECTED 14483
unix 3 [ ] STREAM CONNECTED 14482
unix 3 [ ] STREAM CONNECTED 14481
unix 3 [ ] STREAM CONNECTED 14480
unix 3 [ ] STREAM CONNECTED 14479
unix 3 [ ] STREAM CONNECTED 14478
unix 3 [ ] STREAM CONNECTED 14477
unix 3 [ ] STREAM CONNECTED 14476
unix 3 [ ] STREAM CONNECTED 14475
unix 3 [ ] STREAM CONNECTED 14474
unix 3 [ ] STREAM CONNECTED 14473
unix 3 [ ] STREAM CONNECTED 14472
unix 3 [ ] STREAM CONNECTED 14471
unix 3 [ ] STREAM CONNECTED 14470
unix 2 [ ] DGRAM 7741
unix 2 [ ] DGRAM 7588
unix 2 [ ] DGRAM 7464
unix 2 [ ] DGRAM 6467
unix 2 [ ] DGRAM 6084
kalos
-------------- parte successiva --------------
Un allegato HTML è stato rimosso...
URL: http://lists.linux.it/pipermail/palermo/attachments/20050331/28686a53/attachment-0001.htm
Maggiori informazioni sulla lista
palermo