有一个进程, 在朝某ip, port发数据, 在没有源码的情况下, 如何获知ip, port是多少呢?------还是用strace啦

       最近遇到这样一个问题, 有一个进程, 在朝某ip, port发请求, 在没有源码的情况下, 如何获知ip, port是多少呢?

       有的朋友可能会说, 抓包啊。 但问题是, 在机器上, 其他进程也有网络包, 因此不太好过滤。 那怎么办呢?


       我们可以用strace看看进程到底在干什么, 然后就知道ip和port了。 一个strace命令, 为定位问题扫清了障碍, 棒棒哒。 下面用demo代码来看看:

#include 
#include
#include

#include 
#include 

int main()
{
        int sockClient = socket(AF_INET, SOCK_STREAM, 0);

        struct sockaddr_in addrSrv;
        addrSrv.sin_addr.s_addr = inet_addr("127.0.0.1");
        addrSrv.sin_family = AF_INET;
        addrSrv.sin_port = htons(8888);
        connect(sockClient, ( const struct sockaddr *)&addrSrv, sizeof(struct sockaddr_in));

        char szRecvBuf[100] = {0};
        recv(sockClient, szRecvBuf, sizeof(szRecvBuf) - 1, 0);
        printf("%s\n", szRecvBuf);

        getchar();

        close(sockClient);

        return 0;
}
       结果:

taoge@localhost Desktop> g++ main.cpp 
taoge@localhost Desktop> strace -i ./a.out 
[00bd1424] execve("./a.out", ["./a.out"], [/* 38 vars */]) = 0
[0086e2fd] brk(0)                       = 0x8b07000
[0086f6d3] mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7849000
[0086f5d1] access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
[0086f494] open("/etc/ld.so.cache", O_RDONLY) = 3
[0086f45e] fstat64(3, {st_mode=S_IFREG|0644, st_size=49072, ...}) = 0
[0086f6d3] mmap2(NULL, 49072, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb783d000
[0086f4cd] close(3)                     = 0
[0086f494] open("/usr/lib/libstdc++.so.6", O_RDONLY) = 3
[0086f514] read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\20F\254\0044\0\0\0"..., 512) = 512
[0086f45e] fstat64(3, {st_mode=S_IFREG|0755, st_size=942040, ...}) = 0
[0086f6d3] mmap2(0x4a7f000, 969644, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x4a7f000
[0086f6d3] mmap2(0x4b60000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xe0) = 0x4b60000
[0086f6d3] mmap2(0x4b66000, 23468, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x4b66000
[0086f4cd] close(3)                     = 0
[0086f494] open("/lib/libm.so.6", O_RDONLY) = 3
[0086f514] read(3, "\177ELF\1\1\1\3\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0p4\243\0004\0\0\0"..., 512) = 512
[0086f45e] fstat64(3, {st_mode=S_IFREG|0755, st_size=202040, ...}) = 0
[0086f6d3] mmap2(0xa30000, 168064, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xa30000
[0086f6d3] mmap2(0xa58000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x27) = 0xa58000
[0086f4cd] close(3)                     = 0
[0086f494] open("/lib/libgcc_s.so.1", O_RDONLY) = 3
[0086f514] read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\240\257\212\0044\0\0\0"..., 512) = 512
[0086f45e] fstat64(3, {st_mode=S_IFREG|0755, st_size=122232, ...}) = 0
[0086f6d3] mmap2(0x48a9000, 119592, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x48a9000
[0086f6d3] mmap2(0x48c6000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1d) = 0x48c6000
[0086f4cd] close(3)                     = 0
[0086f494] open("/lib/libc.so.6", O_RDONLY) = 3
[0086f514] read(3, "\177ELF\1\1\1\3\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0 N\211\0004\0\0\0"..., 512) = 512
[0086f45e] fstat64(3, {st_mode=S_IFREG|0755, st_size=1855584, ...}) = 0
[0086f6d3] mmap2(0x87e000, 1620360, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x87e000
[0086f754] mprotect(0xa03000, 4096, PROT_NONE) = 0
[0086f6d3] mmap2(0xa04000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x185) = 0xa04000
[0086f6d3] mmap2(0xa07000, 10632, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xa07000
[0086f4cd] close(3)                     = 0
[0086f6d3] mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb783c000
[0086f6d3] mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb783b000
[0085a552] set_thread_area({entry_number:-1 -> 6, base_addr:0xb783b6d0, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}) = 0
[0086f754] mprotect(0xa04000, 8192, PROT_READ) = 0
[0086f754] mprotect(0xa58000, 4096, PROT_READ) = 0
[0086f6d3] mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb783a000
[0086f754] mprotect(0x4b60000, 16384, PROT_READ) = 0
[0086f754] mprotect(0x876000, 4096, PROT_READ) = 0
[0086f711] munmap(0xb783d000, 49072)    = 0
[00392424] socket(PF_INET, SOCK_STREAM, IPPROTO_IP) = 3
[00392424] connect(3, {sa_family=AF_INET, sin_port=htons(8888), sin_addr=inet_addr("127.0.0.1")}, 16) = -1 ECONNREFUSED (Connection refused)
[00392424] recv(3, 0xbfa573c8, 99, 0)   = -1 ENOTCONN (Transport endpoint is not connected)
[00392424] fstat64(1, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 0), ...}) = 0
[00392424] mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7848000
[00392424] write(1, "\n", 1
)            = 1
[00392424] fstat64(0, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 0), ...}) = 0
[00392424] mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7847000
[00392424] read(0, 
      ip和port出来了, 无需多说。




你可能感兴趣的:(s2:,软件进阶,s2:,Linux编程,s2:,Linux杂项,s2:,后台开发)