使用 "netstat" 是得到这些信息的捷径.
使用选项: -nlptu
例子:
# netstat -nlptu
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
? PID/Program name
tcp 0 0 0.0.0.0:32768 0.0.0.0:* LISTEN
? 1258/rpc.statd
tcp 0 0 0.0.0.0:32769 0.0.0.0:* LISTEN
? 1502/rpc.mountd
tcp 0 0 0.0.0.0:515 0.0.0.0:* LISTEN
? 22433/lpd Waiting
tcp 0 0 1.2.3.1:139 0.0.0.0:* LISTEN
? 1746/smbd
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN
? 1230/portmap
tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN
? 3551/X
tcp 0 0 1.2.3.1:8081 0.0.0.0:* LISTEN
? 18735/junkbuster
tcp 0 0 1.2.3.1:3128 0.0.0.0:* LISTEN
? 18822/(squid)
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN
? 30734/named
tcp 0 0 ::ffff:1.2.3.1:993 :::* LISTEN
? 6742/xinetd-ipv6
tcp 0 0 :::13 :::* LISTEN
? 6742/xinetd-ipv6
tcp 0 0 ::ffff:1.2.3.1:143 :::* LISTEN
? 6742/xinetd-ipv6
tcp 0 0 :::53 :::* LISTEN
? 30734/named
tcp 0 0 :::22 :::* LISTEN
? 1410/sshd
tcp 0 0 :::6010 :::* LISTEN
? 13237/sshd
udp 0 0 0.0.0.0:32768 0.0.0.0:*
? 1258/rpc.statd
udp 0 0 0.0.0.0:2049 0.0.0.0:*
? -
udp 0 0 0.0.0.0:32770 0.0.0.0:*
? 1502/rpc.mountd
udp 0 0 0.0.0.0:32771 0.0.0.0:*
? -
udp 0 0 1.2.3.1:137 0.0.0.0:*
? 1751/nmbd
udp 0 0 0.0.0.0:137 0.0.0.0:*
? 1751/nmbd
udp 0 0 1.2.3.1:138 0.0.0.0:*
? 1751/nmbd
udp 0 0 0.0.0.0:138 0.0.0.0:*
? 1751/nmbd
udp 0 0 0.0.0.0:33044 0.0.0.0:*
? 30734/named
udp 0 0 1.2.3.1:53 0.0.0.0:*
? 30734/named
udp 0 0 127.0.0.1:53 0.0.0.0:*
? 30734/named
udp 0 0 0.0.0.0:67 0.0.0.0:*
? 1530/dhcpd
udp 0 0 0.0.0.0:67 0.0.0.0:*
? 1530/dhcpd
udp 0 0 0.0.0.0:32858 0.0.0.0:*
? 18822/(squid)
udp 0 0 0.0.0.0:4827 0.0.0.0:*
? 18822/(squid)
udp 0 0 0.0.0.0:111 0.0.0.0:*
? 1230/portmap
udp 0 0 :::53 :::*
? 30734/named
下面是一些被捕获的数据包 ...下一次我会多弄一点来...:
Router advertisement
15:43:49.484751 fe80::212:34ff:fe12:3450 > ff02::1: icmp6: router
? advertisement(chlim=64, router_ltime=30, reachable_time=0,
? retrans_time=0)(prefix info: AR valid_ltime=30, preffered_ltime=20,
? prefix=2002:0102:0304:1::/64)(prefix info: LAR valid_ltime=2592000,
? preffered_ltime=604800, prefix=3ffe:ffff:0:1::/64)(src lladdr:
? 0:12:34:12:34:50) (len 88, hlim 255)
路由器使用link-local 地址 "fe80::212:34ff:fe12:3450" 发送广告至
all-node-on-link multicast address "ff02::1"
在它自己的 layer 2 MAC 地址 "0:12:34:12:34:50"中,
包含两个前缀2002:0102:0304:1::/64" (lifetime 30 s) 和 "3ffe:ffff:0:1::/64" (lifetime 2592000 s)
15:44:21.152646 fe80::212:34ff:fe12:3456 > ff02::2: icmp6: router solicitation
? (src lladdr: 0:12:34:12:34:56) (len 16, hlim 255)
拥有link-local地址 "fe80::212:34ff:fe12:3456" 和 layer 2 MAC 地址 "0:12:34:12:34:56"的节点寻找在线的 路由器. 所以发送一个路由请求到所有在线的路由器地址multicast address "ff02::2"
随著数据包从layer 2 MAC 地址 "0:12:34:12:34:56" 发送出去的同时检查是否有节点用相同的地址发送数据包. Following packets are sent by a node with layer 2 MAC address "0:12:34:12:34:56" during autoconfiguration to check whether a potential address is already used by another node on the link sending this to the solicited-node link-local multicast address
15:44:17.712338 :: > ff02::1:ff12:3456: icmp6: neighbor sol: who has
? fe80::212:34ff:fe12:3456(src lladdr: 0:12:34:12:34:56) (len 32, hlim 255)
15:44:21.905596 :: > ff02::1:ff12:3456: icmp6: neighbor sol: who has
? 2002:0102:0304:1:212:34ff:fe12:3456(src lladdr: 0:12:34:12:34:56) (len 32,
? hlim 255)
15:44:22.304028 :: > ff02::1:ff12:3456: icmp6: neighbor sol: who has
? 3ffe:ffff:0:1:212:34ff:fe12:3456(src lladdr: 0:12:34:12:34:56) (len 32, hlim
? 255)
13:07:47.664538 2002:0102:0304:1:2e0:18ff:fe90:9205 > ff02::1:ff00:10: icmp6:
? neighbor sol: who has 3ffe:ffff:0:1::10(src lladdr: 0:e0:18:90:92:5) (len 32,
? hlim 255)
13:11:20.870070 fe80::2e0:18ff:fe90:9205 > ff02::1:ff00:10: icmp6: neighbor
? sol: who has fe80::10(src lladdr: 0:e0:18:90:92:5) (len 32, hlim 255)