参考:http://linux.vbird.org/linux_server/0210network-secure.php#portlimit
查看端口情况
netstat
查看正在监听的端口
1 2 3 4 5 |
[root@hadoop01 ~]# netstat -tunl Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:10033 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:4242 0.0.0.0:* LISTEN |
查看输入输出端口(端口连接状态)
加了-l则将输出端口筛选掉了。
以下命令行输出均应为IP,这里全部替换为主机名。
1 2 3 4 5 |
[root@hadoop01 ~]# netstat -tun Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 hadoop01:41906 hadoop01:8020 TIME_WAIT tcp 0 0 hadoop01:59464 hadoop01:2181 ESTABLISHED |
删除已连接或在监听的端口
新起一个ssh连接
从hadoop02机器ssh到hadoop01,观察hadoop01机器上的端口变化。
1 2 3 4 |
[root@hadoop02 ~]# ssh hadoop01 Last login: Wed Apr 1 14:00:09 2015 from 10.62.250.103 Authorized users only.All activities will be monitored and reported. [root@hadoop01 ~]# |
查看端口进程号(无关端口略)
1 2 3 4 |
[root@hadoop01 ~]# netstat -tunp Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name <strong>tcp 0 0 hadoop01:22 hadoop02:34751 ESTABLISHED 6591/sshd</strong> |
杀死端口号对应进程
1 2 3 4 5 |
[root@hadoop01 ~]# netstat -tunp | grep sshd tcp 0 0 hadoop01:22 hadoop02:34751 ESTABLISHED 6591/sshd [root@hadoop01 ~]# kill -9 6591 [root@hadoop01 ~]# netstat -tunp | grep sshd [root@hadoop01 ~]# |
查看登录机器的提示
1 2 3 |
[root@hadoop01 ~]# Connection to hadoop01 closed by remote host. Connection to hadoop01 closed. [root@hadoop02 ~]# |
nmap
用法
直接引用鸟哥的用法文档:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
[root@www ~]# nmap [掃瞄類型] [掃瞄參數] [hosts 位址與範圍] 選項與參數: [掃瞄類型]:主要的掃瞄類型有底下幾種: -sT:掃瞄 TCP 封包已建立的連線 connect() ! -sS:掃瞄 TCP 封包帶有 SYN 標籤的資料 -sP:以 ping 的方式進行掃瞄 -sU:以 UDP 的封包格式進行掃瞄 -sO:以 IP 的協定 (protocol) 進行主機的掃瞄 [掃瞄參數]:主要的掃瞄參數有幾種: -PT:使用 TCP 裡頭的 ping 的方式來進行掃瞄,可以獲知目前有幾部電腦存活(較常用) -PI:使用實際的 ping (帶有 ICMP 封包的) 來進行掃瞄 -p :這個是 port range ,例如 1024-, 80-1023, 30000-60000 等等的使用方式 [Hosts 位址與範圍]:這個有趣多了,有幾種類似的類型 192.168.1.100 :直接寫入 HOST IP 而已,僅檢查一部; 192.168.1.0/24 :為 C Class 的型態, 192.168.*.* :嘿嘿!則變為 B Class 的型態了!掃瞄的範圍變廣了! 192.168.1.0-50,60-100,103,200 :這種是變形的主機範圍啦!很好用吧! |
扫描某一主机打开的端口(仅TCP)
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
[root@hadoop01 ~]# nmap hadoop02 Starting Nmap 5.51 ( http://nmap.org ) at 2015-04-01 14:53 CST Nmap scan report for hadoop02 (10.62.228.212) Host is up (0.00025s latency). Not shown: 993 closed ports PORT STATE SERVICE 22/tcp open ssh 111/tcp open rpcbind 2049/tcp open nfs 4242/tcp open vrml-multi-use 8042/tcp open fs-agent 14000/tcp open scotty-ft 60020/tcp open unknown MAC Address: 00:50:56:89:65:62 (VMware) Nmap done: 1 IP address (1 host up) scanned in 0.15 seconds |
查看主机打开的所有端口
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 |
[root@hadoop01 ~]# nmap -sTU localhost Starting Nmap 5.51 ( http://nmap.org ) at 2015-04-02 09:25 CST Nmap scan report for localhost (127.0.0.1) Host is up (0.00035s latency). Not shown: 1988 closed ports PORT STATE SERVICE 22/tcp open ssh 111/tcp open rpcbind 631/tcp open ipp 2049/tcp open nfs 3306/tcp open mysql 4242/tcp open vrml-multi-use 8042/tcp open fs-agent 8888/tcp open sun-answerbook 10000/tcp open snet-sensor-mgmt 14000/tcp open scotty-ft 111/udp open rpcbind 631/udp open|filtered ipp Nmap done: 1 IP address (1 host up) scanned in 1.33 seconds |
扫描网段内的机器(机器多了略耗时)
本处隐去了原始IP,用192.168.1.*示意。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 |
[root@hadoop01 ~]# nmap -sP 192.168.1.1/24 Starting Nmap 5.51 ( http://nmap.org ) at 2015-04-02 09:26 CST Nmap scan report for 192.168.1.200 Host is up (0.00094s latency). MAC Address: 00:50:56:89:50:91 (VMware) Nmap scan report for 192.168.1.201 Host is up (0.00064s latency). MAC Address: 00:50:56:89:08:64 (VMware) Nmap scan report for 192.168.1.202 Host is up (0.00093s latency). MAC Address: 00:50:56:89:50:91 (VMware) Nmap scan report for 192.168.1.203 Host is up (0.00093s latency). MAC Address: 00:50:56:89:3E:57 (VMware) Nmap scan report for 192.168.1.204 Host is up (0.00093s latency). MAC Address: 00:50:56:89:2B:BA (VMware) Nmap scan report for 192.168.1.205 Host is up (0.00052s latency). MAC Address: 00:50:56:89:6B:10 (VMware) Nmap scan report for 192.168.1.206 Host is up (0.00088s latency). MAC Address: 00:50:56:89:24:AC (VMware) Nmap scan report for 192.168.1.208 Host is up (0.00046s latency). MAC Address: 00:50:56:89:68:1B (VMware) Nmap scan report for hadoop01 (192.168.1.211) Host is up. Nmap scan report for hadoop02 (192.168.1.212) Host is up (0.00072s latency). MAC Address: 00:50:56:89:65:62 (VMware) Nmap scan report for hadoop03 (192.168.1.213) Host is up (0.0011s latency). MAC Address: 00:50:56:89:05:C9 (VMware) Nmap scan report for 192.168.1.250 Host is up (0.0014s latency). MAC Address: 74:8E:F8:CA:2A:40 (Brocade Communications Systems) Nmap scan report for 192.168.1.251 Host is up (0.0014s latency). MAC Address: 74:8E:F8:CA:2A:00 (Brocade Communications Systems) Nmap scan report for 192.168.1.252 Host is up (0.093s latency). MAC Address: 90:17:AC:BF:F2:B5 (Unknown) Nmap scan report for 192.168.1.253 Host is up (0.045s latency). MAC Address: 90:17:AC:BF:F2:A1 (Unknown) Nmap scan report for 192.168.1.254 Host is up (0.049s latency). MAC Address: 00:00:5E:00:01:1C (USC Information Sciences Inst) Nmap done: 256 IP addresses (16 hosts up) scanned in 32.64 seconds |