{"id":198548,"date":"2024-11-14T20:10:04","date_gmt":"2024-11-14T12:10:04","guid":{"rendered":"https:\/\/server.hk\/cnblog\/198548\/"},"modified":"2024-11-14T20:10:05","modified_gmt":"2024-11-14T12:10:05","slug":"%e3%80%8c%e6%95%99%e7%a8%8b%e3%80%8d%e5%a6%82%e4%bd%95%e5%9c%a8linux%e4%b8%8a%e7%b5%b1%e8%a8%88tcp%e9%80%a3%e6%8e%a5%e6%99%82%e9%95%b7-linux-%e7%b5%b1%e8%a8%88tcp%e9%80%a3%e6%8e%a5%e6%99%82%e9%95%b7","status":"publish","type":"post","link":"https:\/\/server.hk\/cnblog\/198548\/","title":{"rendered":"\u300c\u6559\u7a0b\u300d\u5982\u4f55\u5728Linux\u4e0a\u7d71\u8a08TCP\u9023\u63a5\u6642\u9577 (linux \u7d71\u8a08TCP\u9023\u63a5\u6642\u9577)"},"content":{"rendered":"

\u300c\u6559\u7a0b\u300d\u5982\u4f55\u5728Linux\u4e0a\u7d71\u8a08TCP\u9023\u63a5\u6642\u9577<\/h1>\n

\u5728\u7db2\u7d61\u7ba1\u7406\u548c\u7cfb\u7d71\u76e3\u63a7\u4e2d\uff0c\u4e86\u89e3TCP\u9023\u63a5\u7684\u6301\u7e8c\u6642\u9593\u5c0d\u65bc\u8a3a\u65b7\u554f\u984c\u548c\u512a\u5316\u6027\u80fd\u81f3\u95dc\u91cd\u8981\u3002\u672c\u6587\u5c07\u4ecb\u7d39\u5982\u4f55\u5728Linux\u7cfb\u7d71\u4e0a\u7d71\u8a08TCP\u9023\u63a5\u7684\u6642\u9577\uff0c\u4e26\u63d0\u4f9b\u4e00\u4e9b\u5be6\u7528\u7684\u547d\u4ee4\u548c\u5de5\u5177\u4f86\u5e6b\u52a9\u60a8\u5b8c\u6210\u9019\u4e00\u4efb\u52d9\u3002<\/p>\n

TCP\u9023\u63a5\u7684\u57fa\u672c\u6982\u5ff5<\/h2>\n

TCP\uff08\u50b3\u8f38\u63a7\u5236\u5354\u8b70\uff09\u662f\u4e00\u7a2e\u9762\u5411\u9023\u63a5\u7684\u5354\u8b70\uff0c\u5ee3\u6cdb\u61c9\u7528\u65bc\u4e92\u806f\u7db2\u901a\u4fe1\u3002\u6bcf\u7576\u4e00\u500b\u5ba2\u6236\u7aef\u8207\u670d\u52d9\u5668\u5efa\u7acbTCP\u9023\u63a5\u6642\uff0c\u7cfb\u7d71\u6703\u70ba\u8a72\u9023\u63a5\u5206\u914d\u4e00\u500b\u552f\u4e00\u7684\u7aef\u53e3\u865f\u548cIP\u5730\u5740\u3002\u4e86\u89e3\u9019\u4e9b\u9023\u63a5\u7684\u6301\u7e8c\u6642\u9593\u53ef\u4ee5\u5e6b\u52a9\u7cfb\u7d71\u7ba1\u7406\u54e1\u8b58\u5225\u6f5b\u5728\u7684\u6027\u80fd\u74f6\u9838\u6216\u5b89\u5168\u554f\u984c\u3002<\/p>\n

\u4f7f\u7528netstat\u547d\u4ee4\u67e5\u770bTCP\u9023\u63a5<\/h2>\n

\u5728Linux\u4e2d\uff0cnetstat<\/code>\u547d\u4ee4\u662f\u4e00\u500b\u975e\u5e38\u6709\u7528\u7684\u5de5\u5177\uff0c\u53ef\u4ee5\u7528\u4f86\u67e5\u770b\u7576\u524d\u7684TCP\u9023\u63a5\u3002\u8981\u67e5\u770b\u6240\u6709TCP\u9023\u63a5\uff0c\u53ef\u4ee5\u4f7f\u7528\u4ee5\u4e0b\u547d\u4ee4\uff1a<\/p>\n

netstat -tn<\/code><\/pre>\n
\u9019\u500b\u547d\u4ee4\u6703\u986f\u793a\u6240\u6709\u7684TCP\u9023\u63a5\uff0c\u5305\u62ec\u672c\u5730\u5730\u5740\u3001\u9060\u7a0b\u5730\u5740\u548c\u9023\u63a5\u72c0\u614b\u3002\u96d6\u7136netstat<\/code>\u53ef\u4ee5\u63d0\u4f9b\u9023\u63a5\u7684\u57fa\u672c\u4fe1\u606f\uff0c\u4f46\u5b83\u4e26\u4e0d\u6703\u986f\u793a\u9023\u63a5\u7684\u6301\u7e8c\u6642\u9593\u3002<\/p>\n
\u4f7f\u7528ss\u547d\u4ee4\u67e5\u770bTCP\u9023\u63a5<\/h2>\n
\u53e6\u4e00\u500b\u66f4\u73fe\u4ee3\u7684\u5de5\u5177\u662fss<\/code>\u547d\u4ee4\uff0c\u5b83\u63d0\u4f9b\u4e86\u66f4\u8a73\u7d30\u7684\u9023\u63a5\u4fe1\u606f\u3002\u8981\u67e5\u770bTCP\u9023\u63a5\uff0c\u53ef\u4ee5\u4f7f\u7528\u4ee5\u4e0b\u547d\u4ee4\uff1a<\/p>\n
ss -tn<\/code><\/pre>\n
\u9019\u500b\u547d\u4ee4\u7684\u8f38\u51fa\u8207netstat<\/code>\u985e\u4f3c\uff0c\u4f46ss<\/code>\u80fd\u5920\u63d0\u4f9b\u66f4\u5feb\u7684\u6027\u80fd\u548c\u66f4\u8a73\u7d30\u7684\u9023\u63a5\u4fe1\u606f\u3002<\/p>\n
\u7d71\u8a08TCP\u9023\u63a5\u6642\u9577<\/h2>\n
\u8981\u7d71\u8a08TCP\u9023\u63a5\u7684\u6642\u9577\uff0c\u6211\u5011\u53ef\u4ee5\u4f7f\u7528tcpdump<\/code>\u5de5\u5177\u4f86\u6355\u7372TCP\u6d41\u91cf\uff0c\u7136\u5f8c\u5206\u6790\u9019\u4e9b\u6578\u64da\u3002\u4ee5\u4e0b\u662f\u4f7f\u7528tcpdump<\/code>\u7684\u57fa\u672c\u6b65\u9a5f\uff1a<\/p>\n
    \n
  1. \u5b89\u88ddtcpdump\uff08\u5982\u679c\u5c1a\u672a\u5b89\u88dd\uff09\uff1a<\/li>\n
    sudo apt-get install tcpdump<\/code><\/pre>\n
  2. \u4f7f\u7528tcpdump\u6355\u7372TCP\u6d41\u91cf\uff1a<\/li>\n
    sudo tcpdump -i any -n -s 0 -A 'tcp' > tcp_traffic.log<\/code><\/pre>\n
  3. \u5206\u6790\u6355\u7372\u7684\u6578\u64da\uff1a<\/li>\n
    \u53ef\u4ee5\u4f7f\u7528\u4e00\u4e9b\u8173\u672c\u4f86\u5206\u6790tcp_traffic.log<\/code>\u6587\u4ef6\uff0c\u63d0\u53d6\u6bcf\u500bTCP\u9023\u63a5\u7684\u6301\u7e8c\u6642\u9593\u3002<\/p>\n<\/ol>\n
    \u793a\u4f8b\u8173\u672c<\/h3>\n
    \u4ee5\u4e0b\u662f\u4e00\u500b\u7c21\u55ae\u7684Python\u8173\u672c\u793a\u4f8b\uff0c\u7528\u65bc\u5206\u6790TCP\u9023\u63a5\u7684\u6301\u7e8c\u6642\u9593\uff1a<\/p>\n
    \nimport re\nfrom datetime import datetime\n\n# \u8b80\u53d6tcp_traffic.log\u6587\u4ef6\nwith open('tcp_traffic.log', 'r') as file:\n    logs = file.readlines()\n\n# \u5b9a\u7fa9\u6b63\u5247\u8868\u9054\u5f0f\u4f86\u5339\u914dTCP\u9023\u63a5\ntcp_pattern = re.compile(r'(d+.d+.d+.d+:d+) > (d+.d+.d+.d+:d+)')\n\n# \u5132\u5b58\u9023\u63a5\u6301\u7e8c\u6642\u9593\nconnection_times = {}\n\nfor log in logs:\n    match = tcp_pattern.search(log)\n    if match:\n        src, dst = match.groups()\n        timestamp = datetime.now()  # \u5047\u8a2d\u6bcf\u884c\u7684\u6642\u9593\u6233\n        connection_times[(src, dst)] = timestamp\n\n# \u8f38\u51fa\u9023\u63a5\u6301\u7e8c\u6642\u9593\nfor connection, start_time in connection_times.items():\n    print(f\"Connection {connection} started at {start_time}\")\n<\/code><\/pre>\n
    \u7d50\u8ad6<\/h2>\n
    \u5728Linux\u4e0a\u7d71\u8a08TCP\u9023\u63a5\u7684\u6642\u9577\u53ef\u4ee5\u5e6b\u52a9\u7cfb\u7d71\u7ba1\u7406\u54e1\u66f4\u597d\u5730\u7406\u89e3\u7db2\u7d61\u6d41\u91cf\u548c\u6027\u80fd\u3002\u901a\u904e\u4f7f\u7528netstat<\/code>\u3001ss<\/code>\u548ctcpdump<\/code>\u7b49\u5de5\u5177\uff0c\u60a8\u53ef\u4ee5\u7372\u53d6\u6709\u95dcTCP\u9023\u63a5\u7684\u8a73\u7d30\u4fe1\u606f\uff0c\u4e26\u9032\u884c\u9032\u4e00\u6b65\u7684\u5206\u6790\u3002<\/p>\n
    \u5982\u679c\u60a8\u9700\u8981\u9ad8\u6548\u7684\u7db2\u7d61\u670d\u52d9\uff0c\u8003\u616e\u4f7f\u7528\u9999\u6e2fVPS<\/a>\u89e3\u6c7a\u65b9\u6848\uff0c\u9019\u5c07\u70ba\u60a8\u7684\u61c9\u7528\u63d0\u4f9b\u7a69\u5b9a\u7684\u652f\u6301\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"
    \u5b78\u7fd2\u5982\u4f55\u5728Linux\u4e0a\u7d71\u8a08TCP\u9023\u63a5\u6642\u9577\uff0c\u638c\u63e1\u547d\u4ee4\u884c\u5de5\u5177\u548c\u6280\u5de7\uff0c\u63d0\u5347\u7db2\u7d61\u7ba1\u7406\u6548\u7387\u3002<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4924],"tags":[],"class_list":["post-198548","post","type-post","status-publish","format-standard","hentry","category-setup-tutorials"],"_links":{"self":[{"href":"https:\/\/server.hk\/cnblog\/wp-json\/wp\/v2\/posts\/198548","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/server.hk\/cnblog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/server.hk\/cnblog\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/server.hk\/cnblog\/wp-json\/wp\/v2\/comments?post=198548"}],"version-history":[{"count":0,"href":"https:\/\/server.hk\/cnblog\/wp-json\/wp\/v2\/posts\/198548\/revisions"}],"wp:attachment":[{"href":"https:\/\/server.hk\/cnblog\/wp-json\/wp\/v2\/media?parent=198548"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/server.hk\/cnblog\/wp-json\/wp\/v2\/categories?post=198548"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/server.hk\/cnblog\/wp-json\/wp\/v2\/tags?post=198548"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}