如何列出对udp套接字的所有请求?


9

我正在运行几个使用udp与大量客户端进行通信的服务器守护程序。我如何找到并列出与服务器通信的所有活动udp “连接”,以便估计连接到服务器守护程序的活动客户端的数量?除了用tshark或tcpdump嗅探数据包并查看发送到服务器守护程序的udp数据包的源ip之外,我想不出一种简单的方法,是的,我知道UDP是无连接和无状态协议。


由于到处都没有UDP连接的状态/状态/任何内容,因此唯一的方法可能是为每个数据包(发送或接收)记录一些信息。也许使用iptables将其重定向到某个守护程序,该守护程序将记录IP或保留统计信息或其他内容。
Sandman4 2011年

定义“ 活动 udp连接”。
Sandman4 2011年

@ Sandman4也许他想列出对UDP套接字的所有请求。
2011年

您到底想做什么?没有嗅探器很难跟踪UDP请求,因此可以理解一些上下文。
Rilindo 2011年

您可以将sudo lsof -iUDP
Pieter Temmerman

Answers:


9

UDP是无状态协议-因此,没有状态。

要查看正在监听UDP的内容:

netstat -lnpu


3

在Linux上,假设已安装iproute2,则可以运行ss命令来拉udp套接字,如下所示:

ss -u

或所有udp套接字,以及相关过程:

[root@kerberos ks]# ss -u -pa
State       Recv-Q Send-Q                                   Local Address:Port                                       Peer Address:Port   
UNCONN      0      0                                                    *:kerberos                                               *:*        users:(("krb5kdc",1935,7))
UNCONN      0      0                                                    *:mdns                                                  *:*        users:(("avahi-daemon",1613,13))
UNCONN      0      0                                                    *:rquotad                                               *:*        users:(("rpc.rquotad",1872,3))
UNCONN      0      0                                                    *:kerberos-iv                                               *:*        users:(("krb5kdc",1935,6))
UNCONN      0      0                                                    *:sunrpc                                                *:*        users:(("rpcbind",1569,6))
UNCONN      0      0                                                    *:ipp                                                   *:*        users:(("cupsd",1687,9))
UNCONN      0      0                                       192.168.15.100:ntp                                                   *:*        users:(("ntpd",1976,23))
UNCONN      0      0                                          172.16.15.1:ntp                                                   *:*        users:(("ntpd",1976,22))
UNCONN      0      0                                            127.0.0.1:ntp                                                   *:*        users:(("ntpd",1976,21))
UNCONN      0      0                                                    *:ntp                                                   *:*        users:(("ntpd",1976,16))
UNCONN      0      0                                                    *:892                                                   *:*        users:(("rpc.mountd",1888,7))
UNCONN      0      0                                                    *:896                                                   *:*        users:(("rpcbind",1569,7))
UNCONN      0      0                                                    *:32769                                                 *:*       
UNCONN      0      0                                                    *:nfs                                                   *:*       
UNCONN      0      0                                                    *:syslog                                                *:*        users:(("rsyslogd",1506,1))
UNCONN      0      0                                                    *:42375                                                 *:*        users:(("avahi-daemon",1613,14))
UNCONN      0      0                                                    *:pftp                                                  *:*        users:(("rpc.statd",1643,8))
UNCONN      0      0                                                    *:snmp                                                  *:*        users:(("snmpd",1949,7))
UNCONN      0      0                                                    *:37802                                                 *:*        users:(("squid",2124,9))
UNCONN      0      0                                                    *:bootps                                                *:*        users:(("dhcpd",1987,7))
UNCONN      0      0                                                    *:tftp                                                  *:*        users:(("xinetd",1968,6))
UNCONN      0      0                                                    *:971                                                   *:*        users:(("rpc.statd",1643,5))
UNCONN      0      0                                                    *:kpasswd                                               *:*        users:(("kadmind",1926,6))
UNCONN      0      0                             fe80::2e0:4cff:fe90:40eb:kerberos                                              :::*        users:(("krb5kdc",1935,11))
UNCONN      0      0                             fe80::226:2dff:fe47:309f:kerberos                                              :::*        users:(("krb5kdc",1935,9))
UNCONN      0      0                             fe80::2e0:4cff:fe90:40eb:kerberos-iv                                              :::*        users:(("krb5kdc",1935,10))
UNCONN      0      0                             fe80::226:2dff:fe47:309f:kerberos-iv                                              :::*        users:(("krb5kdc",1935,8))
UNCONN      0      0                                                   :::sunrpc                                               :::*        users:(("rpcbind",1569,9))
UNCONN      0      0                              fe80::fc54:ff:feda:8094:ntp                                                  :::*        users:(("ntpd",1976,26))
UNCONN      0      0                              fe80::fc54:ff:fe52:8f66:ntp                                                  :::*        users:(("ntpd",1976,30))
UNCONN      0      0                              fe80::fc54:ff:feea:63a8:ntp                                                  :::*        users:(("ntpd",1976,29))
UNCONN      0      0                              fe80::fc54:ff:fe16:15c3:ntp                                                  :::*        users:(("ntpd",1976,28))
UNCONN      0      0                              fe80::fc54:ff:fe75:8012:ntp                                                  :::*        users:(("ntpd",1976,27))
UNCONN      0      0                              fe80::fc54:ff:feb3:4da8:ntp                                                  :::*        users:(("ntpd",1976,25))
UNCONN      0      0                             fe80::226:2dff:fe47:309f:ntp                                                  :::*        users:(("ntpd",1976,20))
UNCONN      0      0                             fe80::2e0:4cff:fe90:40eb:ntp                                                  :::*        users:(("ntpd",1976,19))
UNCONN      0      0                                                  ::1:ntp                                                  :::*        users:(("ntpd",1976,18))
UNCONN      0      0                                                   :::ntp                                                  :::*        users:(("ntpd",1976,17))
UNCONN      0      0                                                   :::892                                                  :::*        users:(("rpc.mountd",1888,9))
UNCONN      0      0                                                   :::896                                                  :::*        users:(("rpcbind",1569,10))
UNCONN      0      0                                                   :::32769                                                :::*       
UNCONN      0      0                                                   :::nfs                                                  :::*       
UNCONN      0      0                                                   :::syslog                                               :::*        users:(("rsyslogd",1506,2))
UNCONN      0      0                                                   :::pftp                                                 :::*        users:(("rpc.statd",1643,10))
UNCONN      0      0                             fe80::2e0:4cff:fe90:40eb:kpasswd                                              :::*        users:(("kadmind",1926,8))
UNCONN      0      0                             fe80::226:2dff:fe47:309f:kpasswd                                              :::*        users:(("kadmind",1926,7))
UNCONN      0      0                                                   :::59603                                                :::*        users:(("squid",2124,8))
[root@kerberos ks]# ss -upa
State       Recv-Q Send-Q                                   Local Address:Port                                       Peer Address:Port   
UNCONN      0      0                                                    *:kerberos                                               *:*        users:(("krb5kdc",1935,7))
UNCONN      0      0                                                    *:mdns                                                  *:*        users:(("avahi-daemon",1613,13))
UNCONN      0      0                                                    *:rquotad                                               *:*        users:(("rpc.rquotad",1872,3))
UNCONN      0      0                                                    *:kerberos-iv                                               *:*        users:(("krb5kdc",1935,6))
UNCONN      0      0                                                    *:sunrpc                                                *:*        users:(("rpcbind",1569,6))
UNCONN      0      0                                                    *:ipp                                                   *:*        users:(("cupsd",1687,9))
UNCONN      0      0                                       192.168.15.100:ntp                                                   *:*        users:(("ntpd",1976,23))
UNCONN      0      0                                          172.16.15.1:ntp                                                   *:*        users:(("ntpd",1976,22))
UNCONN      0      0                                            127.0.0.1:ntp                                                   *:*        users:(("ntpd",1976,21))
UNCONN      0      0                                                    *:ntp                                                   *:*        users:(("ntpd",1976,16))
UNCONN      0      0                                                    *:892                                                   *:*        users:(("rpc.mountd",1888,7))
UNCONN      0      0                                                    *:896                                                   *:*        users:(("rpcbind",1569,7))
UNCONN      0      0                                                    *:32769                                                 *:*       
UNCONN      0      0                                                    *:nfs                                                   *:*       
UNCONN      0      0                                                    *:syslog                                                *:*        users:(("rsyslogd",1506,1))
UNCONN      0      0                                                    *:42375                                                 *:*        users:(("avahi-daemon",1613,14))
UNCONN      0      0                                                    *:pftp                                                  *:*        users:(("rpc.statd",1643,8))
UNCONN      0      0                                                    *:snmp                                                  *:*        users:(("snmpd",1949,7))
UNCONN      0      0                                                    *:37802                                                 *:*        users:(("squid",2124,9))
UNCONN      0      0                                                    *:bootps                                                *:*        users:(("dhcpd",1987,7))
UNCONN      0      0                                                    *:tftp                                                  *:*        users:(("xinetd",1968,6))
UNCONN      0      0                                                    *:971                                                   *:*        users:(("rpc.statd",1643,5))
UNCONN      0      0                                                    *:kpasswd                                               *:*        users:(("kadmind",1926,6))
UNCONN      0      0                             fe80::2e0:4cff:fe90:40eb:kerberos                                              :::*        users:(("krb5kdc",1935,11))
UNCONN      0      0                             fe80::226:2dff:fe47:309f:kerberos                                              :::*        users:(("krb5kdc",1935,9))
UNCONN      0      0                             fe80::2e0:4cff:fe90:40eb:kerberos-iv                                              :::*        users:(("krb5kdc",1935,10))
UNCONN      0      0                             fe80::226:2dff:fe47:309f:kerberos-iv                                              :::*        users:(("krb5kdc",1935,8))
UNCONN      0      0                                                   :::sunrpc                                               :::*        users:(("rpcbind",1569,9))
UNCONN      0      0                              fe80::fc54:ff:feda:8094:ntp                                                  :::*        users:(("ntpd",1976,26))
UNCONN      0      0                              fe80::fc54:ff:fe52:8f66:ntp                                                  :::*        users:(("ntpd",1976,30))
UNCONN      0      0                              fe80::fc54:ff:feea:63a8:ntp                                                  :::*        users:(("ntpd",1976,29))
UNCONN      0      0                              fe80::fc54:ff:fe16:15c3:ntp                                                  :::*        users:(("ntpd",1976,28))
UNCONN      0      0                              fe80::fc54:ff:fe75:8012:ntp                                                  :::*        users:(("ntpd",1976,27))
UNCONN      0      0                              fe80::fc54:ff:feb3:4da8:ntp                                                  :::*        users:(("ntpd",1976,25))
UNCONN      0      0                             fe80::226:2dff:fe47:309f:ntp                                                  :::*        users:(("ntpd",1976,20))
UNCONN      0      0                             fe80::2e0:4cff:fe90:40eb:ntp                                                  :::*        users:(("ntpd",1976,19))
UNCONN      0      0                                                  ::1:ntp                                                  :::*        users:(("ntpd",1976,18))
UNCONN      0      0                                                   :::ntp                                                  :::*        users:(("ntpd",1976,17))
UNCONN      0      0                                                   :::892                                                  :::*        users:(("rpc.mountd",1888,9))
UNCONN      0      0                                                   :::896                                                  :::*        users:(("rpcbind",1569,10))
UNCONN      0      0                                                   :::32769                                                :::*       
UNCONN      0      0                                                   :::nfs                                                  :::*       
UNCONN      0      0                                                   :::syslog                                               :::*        users:(("rsyslogd",1506,2))
UNCONN      0      0                                                   :::pftp                                                 :::*        users:(("rpc.statd",1643,10))
UNCONN      0      0                             fe80::2e0:4cff:fe90:40eb:kpasswd                                              :::*        users:(("kadmind",1926,8))
UNCONN      0      0                             fe80::226:2dff:fe47:309f:kpasswd                                              :::*        users:(("kadmind",1926,7))
UNCONN      0      0                                                   :::59603                                                :::*        users:(("squid",2124,8))

这是您可以与ss一起使用的其他示例,包括每个进程获取连接。

http://www.cyberciti.biz/files/ss.html


1
同样,udp如何建立连接?ss只显示UDP套接字而不显示connection
2011年

单词选择错误。就是说,我要求Flit进行澄清,因为不清楚他正在做什么。
Rilindo 2011年

ss -pass -upa示例之间有什么区别?应该删除一半吗?
Mihail Malostanidis

3

正如其他人提到的,UDP是无连接的,因此在您可能会看到的标准位置中不会跟踪状态。

您可以使用的一种方法就是简单地设置一些使用该--state选项的简单Netfilter规则。这将强制netfilter跟踪与UDP相关的状态。设置规则后,您可以使用conntrack之类的工具查看netfilter状态表。例如,这里是我的系统之一。您会看到有几个系统经常与udp / 1194(OpenVPN)通信。

root@enterprise:# conntrack  -L -p udp
udp      17 173 src=192.168.32.1 dst=192.168.32.10 sport=41179 dport=1194 packets=2072 bytes=188058 src=192.168.32.10 dst=192.168.32.1 sport=1194 dport=41179 packets=2081 bytes=201185 [ASSURED] mark=0 secmark=0 use=1
udp      17 175 src=192.168.32.26 dst=192.168.32.10 sport=57440 dport=1194 packets=806767 bytes=154637738 src=192.168.32.10 dst=192.168.32.26 sport=1194 dport=57440 packets=1265893 bytes=1588040830 [ASSURED] mark=0 secmark=0 use=1

您的netfilter规则可能就这么简单。

/sbin/iptables -t filter -A INPUT -m state --state NEW\,ESTABLISHED -j ACCEPT
/sbin/iptables -t filter -A FORWARD -m state --state NEW\,ESTABLISHED -j ACCEPT
/sbin/iptables -t filter -A OUTPUT -m state --state NEW\,ESTABLISHED -j ACCEPT

2

受此答案启发,我发现以下ss语法对我有用:

ss -u state CLOSE

…因为“监听” UDP套接字就像“封闭” TCP套接字。

By using our site, you acknowledge that you have read and understand our Cookie Policy and Privacy Policy.
Licensed under cc by-sa 3.0 with attribution required.