Linux系统下通过Socket文件描述符寻找连接状态

Proc虚拟文件系统下面有许多数字命名的子目录,这些数字表示系统当前运行的进程号;

其中/proc/N/fd目录下面保存了打开的文件描述符,指向实际文件的一个链接。如下:

[root@XXXXXXX_10_1_17_138 song_test]# ll /proc/25465/fd
total 0
lrwx------ 1 root root 64 Apr 14 09:36 0 -> /dev/pts/4 (deleted)
lrwx------ 1 root root 64 Apr 14 09:36 1 -> /dev/pts/4 (deleted)
lrwx------ 1 root root 64 Apr 14 09:36 10 -> socket:[2289128790]
lrwx------ 1 root root 64 Apr 14 09:36 100 -> socket:[2305227922]
lrwx------ 1 root root 64 Apr 14 09:36 101 -> socket:[2305224138]
lrwx------ 1 root root 64 Apr 14 09:36 102 -> socket:[2305233625]
lrwx------ 1 root root 64 Apr 14 09:36 103 -> socket:[2305215571]
lrwx------ 1 root root 64 Apr 14 09:36 104 -> socket:[2305243589]
lrwx------ 1 root root 64 Apr 14 09:36 105 -> socket:[2305394065]
lrwx------ 1 root root 64 Apr 14 09:36 106 -> socket:[2305394002]
我们想查看101 Socket文件描述符的链接状态该怎么看呢?聪明的注意到后面有个数字【2305224138】,这个数字又是哪儿来的呢?看客请往下看。


在/proc/net/tcp目录下面保存了所有TCP链接的状态信息。

[root@XXXXXXX_10_1_17_138 song_test]# cat /proc/net/tcp
  sl  local_address rem_address   st tx_queue rx_queue tr tm->when retrnsmt   uid  timeout inode                                                     
   0: 8A11010A:7DC8 00000000:0000 0A 00000000:00000000 00:00000000 00000000     0        0 764789417 1 ffff881051dfcb40 99 0 0 10 -1                 
   1: 8A11010A:0369 00000000:0000 0A 00000000:00000000 00:00000000 00000000     0        0 737748331 1 ffff88106af8f7c0 99 0 0 10 -1    
  51: 8A11010A:FAF4 9C01010A:0CEA 06 00000000:00000000 03:00000938 00000000     0        0 0 2 ffff8810516c01c0                                      
  52: 8A11010A:21CD 0964010A:2227 01 00000000:00000000 00:00000000 00000000     0        0 2305224138 2 ffff8801402f55c0 23 3 30 10 -1               
  53: 8A11010A:FB8A 9C01010A:0CEA 06 00000000:00000000 03:000012A8 00000000     0        0 0 2 ffff8810516c04c0                                      
  54: 8A11010A:73E5 4511010A:0050 06 00000000:00000000 03:00000EA8 00000000     0        0 0 2 ffff88106898a880                                      
  55: 8A11010A:89AD F300010A:1F90 08 00000000:00000001 00:00000000 00000000     0        0 2305271480 1 ffff880869b59740 23 3 0 10 -1                       
 187: 8A11010A:0ACB 8811010A:1F90 06 00000000:00000000 03:0000028E 00000000     0        0 0 2 ffff881050e9ccc0                                      
 188: 8A11010A:FB6C 9C01010A:0CEA 06 00000000:00000000 03:000010CB 00000000     0        0 0 2 ffff88104fd8dd80             
看上数字【2305224138】没有,就是这儿来的,到此我们可以找出链接的IP、PORT链接四元组【8A11010A:21CD 0964010A:2227】这个地方是用十六进制保存的,换算成十进制方式【10.1.17.138:8653            10.1.100.9:8743】;


去网络连接状态里面看一下:

[root@XXXXXXX_10_1_17_138 song_test]# netstat -ntp     
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name   
tcp        0      0 10.1.17.138:64428           10.1.1.156:3306             TIME_WAIT   -                   
tcp        0      0 10.1.17.138:64244           10.1.1.156:3306             TIME_WAIT   -                   
tcp        0    166 10.1.17.138:8653            10.1.100.9:8743             ESTABLISHED 25465/./index_searc 
tcp        0      0 10.1.17.138:64394           10.1.1.156:3306             TIME_WAIT   -                   
tcp        0      0 10.1.17.138:29669           10.1.17.69:80               TIME_WAIT   -                    
tcp        0      0 10.1.17.138:46336           10.1.17.68:80               TIME_WAIT   -                       
tcp        0      0 ::ffff:10.1.17.138:8080     ::ffff:10.1.17.136:27247    TIME_WAIT   -       


回到开始的问题:101 Socket文件描述符代表的是本地【10.1.17.138:8653】到【10.1.100.9:8743】的一条TCP连接!




你可能感兴趣的:(Linux系统)