论坛徽章:: 0

电梯直达

1楼 [收藏(0)] [报告]

发表于 2014-07-03 10:09 |只看该作者 |倒序浏览

本帖最后由 esamaa 于 2014-07-03 10:11 编辑

如下。netstat -tupln 看到的0 0.0.0.0:50098 PID/Program name 为空~
[root@nfs1 ~]# netstat -tupln
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address             Foreign Address          State    PID/Program name
tcp       0    0 0.0.0.0:2049             0.0.0.0:*                LISTEN    -
tcp       0    0 0.0.0.0:5666             0.0.0.0:*                LISTEN    17562/nrpe
tcp       0    0 127.0.0.1:199             0.0.0.0:*                LISTEN    26751/snmpd
tcp       0    0 0.0.0.0:873                0.0.0.0:*                LISTEN    10562/rsync
tcp       0    0 192.168.58.6:7789          0.0.0.0:*                LISTEN    -
tcp       0    0 0.0.0.0:111                0.0.0.0:*                LISTEN    3283/portmap
tcp       0    0 0.0.0.0:784                0.0.0.0:*                LISTEN    10356/rpc.rquotad
tcp       0    0 0.0.0.0:50098             0.0.0.0:*                LISTEN    -
tcp       0    0 0.0.0.0:978                0.0.0.0:*                LISTEN    3340/rpc.statd
tcp       0    0 0.0.0.0:822                0.0.0.0:*                LISTEN    10395/rpc.mountd
tcp       0    0 127.0.0.1:631             0.0.0.0:*                LISTEN    3707/cupsd
tcp       0    0 :::5666                   :::*                      LISTEN    17562/nrpe
tcp       0    0 :::873                   :::*                      LISTEN    10562/rsync
tcp       0    0 :::22                      :::*                      LISTEN    11728/sshd
tcp       0    0 :::7900                   :::*                      LISTEN    18143/beansdb

但是发现又有其他服务器连接此端口而已是ESTABLISHED  的状态~

[root@nfs1 chkServer]# netstat -tuen | grep ESTABLISHED |grep :50098
tcp       0    0 192.168.1.8:50098          192.168.1.101:792          ESTABLISHED 0       2144741947

通过抓包是这样的
[root@nfs1 chkServer]# tcpdump -i eth0 -n port 50098 -A -vv
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
09:41:03.142552 IP (tos 0x0, ttl  64, id 15998, offset 0, flags [DF], proto: TCP (6), length: 52) 192.168.1.101.876 > 192.168.1.8.50098: F, cksum 0x102e (correct), 36083751:36083751(0) ack 2276826593 win 46 <nop,nop,timestamp 3535879890 137052640>
E..4>~@.@.x....e.....l...&.'...............
..>..+A.
09:41:03.142674 IP (tos 0x0, ttl  64, id 56484, offset 0, flags [DF], proto: TCP (6), length: 52) 192.168.1.8.50098 > 192.168.1.101.876: F, cksum 0x7c45 (correct), 1:1(0) ack 1 win 51 <nop,nop,timestamp 137352638 3535879890>
E..4..@.@..a.......e...l.....&.(...3|E.....
./....>.
09:41:03.142826 IP (tos 0x0, ttl  64, id 15999, offset 0, flags [DF], proto: TCP (6), length: 52) 192.168.1.101.876 > 192.168.1.8.50098: ., cksum 0x7c4a (correct), 1:1(0) ack 2 win 46 <nop,nop,timestamp 3535879890 137352638>
E..4>.@.@.x....e.....l...&.(........|J.....
..>../..
09:42:03.407388 IP (tos 0x0, ttl  64, id 55380, offset 0, flags [DF], proto: TCP (6), length: 60) 192.168.1.101.962 > 192.168.1.8.50098: S, cksum 0xff5f (correct), 426963567:426963567(0) win 5792 <mss 1460,sackOK,timestamp 3535940155 137352638,nop,wscale 7>
E..<.T@.@......e.........r.o........._.........
..*;./......
09:42:03.407400 IP (tos 0x0, ttl  64, id 0, offset 0, flags [DF], proto: TCP (6), length: 60) 192.168.1.8.50098 > 192.168.1.101.962: S, cksum 0x32aa (correct), 2651013943:2651013943(0) ack 426963568 win 5792 <mss 1460,sackOK,timestamp 137412903 3535940155,nop,wscale 7>
E..<..@.@..........e......C7.r.p....2..........
.0.'..*;....
09:42:03.407475 IP (tos 0x0, ttl  64, id 55381, offset 0, flags [DF], proto: TCP (6), length: 52) 192.168.1.101.962 > 192.168.1.8.50098: ., cksum 0x77e8 (correct), 1:1(0) ack 1 win 46 <nop,nop,timestamp 3535940155 137412903>
E..4.U@.@......e.........r.p..C8....w......
..*;.0.'

这个命令也没有此端口~

lsof -Pnl +M -i4|grep 50098

查到是root用户的
[root@nfs1 ~]# netstat -tuea | grep ESTABLISHED |grep :50098
tcp       0    0 192.168.1.8:50098          192.168.1.101:814          ESTABLISHED root    2144762327

求大神解答。在线等~