Linux中通过Socket文件描述符寻找连接状态介绍
Proc虚拟文件系统下面有许多数字命名的子目录,这些数字表示系统当前运行的进程号;
其中/proc/N/fd目录下面保存了打开的文件描述符,指向实际文件的一个链接。如下:
代码如下:
[root@XXXXXXX_10_1_17_138 song_test]# ll /proc/25465/fd
total 0
lrwx------ 1 root root 64 Apr 14 09:36 0 -> /dev/pts/4 (deleted)
lrwx------ 1 root root 64 Apr 14 09:36 1 -> /dev/pts/4 (deleted)
lrwx------ 1 root root 64 Apr 14 09:36 10 -> socket:[2289128790]
lrwx------ 1 root root 64 Apr 14 09:36 100 -> socket:[2305227922]
lrwx------ 1 root root 64 Apr 14 09:36 101 -> socket:[2305224138]
lrwx------ 1 root root 64 Apr 14 09:36 102 -> socket:[2305233625]
lrwx------ 1 root root 64 Apr 14 09:36 103 -> socket:[2305215571]
lrwx------ 1 root root 64 Apr 14 09:36 104 -> socket:[2305243589]
lrwx------ 1 root root 64 Apr 14 09:36 105 -> socket:[2305394065]
lrwx------ 1 root root 64 Apr 14 09:36 106 -> socket:[2305394002]
我们想查看101 Socket文件描述符的链接状态该怎么看呢?聪明的注意到后面有个数字【2305224138】,这个数字又是哪儿来的呢?看客请往下看。
在/proc/net/tcp目录下面保存了所有TCP链接的状态信息。
复制代码
代码如下:
[root@XXXXXXX_10_1_17_138 song_test]# cat /proc/net/tcp
sl local_address rem_address st tx_queue rx_queue tr tm->when retrnsmt uid timeout inode
0: 8A11010A:7DC8 00000000:0000 0A 00000000:00000000 00:00000000 00000000 0 0 764789417 1 ffff881051dfcb40 99 0 0 10 -1
1: 8A11010A:0369 00000000:0000 0A 00000000:00000000 00:00000000 00000000 0 0 737748331 1 ffff88106af8f7c0 99 0 0 10 -1
51: 8A11010A:FAF4 9C01010A:0CEA 06 00000000:00000000 03:00000938 00000000 0 0 0 2 ffff8810516c01c0
52: 8A11010A:21CD 0964010A:2227 01 00000000:00000000 00:00000000 00000000 0 0 2305224138 2 ffff8801402f55c0 23 3 30 10 -1
53: 8A11010A:FB8A 9C01010A:0CEA 06 00000000:00000000 03:000012A8 00000000 0 0 0 2 ffff8810516c04c0
54: 8A11010A:73E5 4511010A:0050 06 00000000:00000000 03:00000EA8 00000000 0 0 0 2 ffff88106898a880
55: 8A11010A:89AD F300010A:1F90 08 00000000:00000001 00:00000000 00000000 0 0 2305271480 1 ffff880869b59740 23 3 0 10 -1
187: 8A11010A:0ACB 8811010A:1F90 06 00000000:00000000 03:0000028E 00000000 0 0 0 2 ffff881050e9ccc0
188: 8A11010A:FB6C 9C01010A:0CEA 06 00000000:00000000 03:000010CB 00000000 0 0 0 2 ffff88104fd8dd80
看上数字【2305224138】没有,就是这儿来的,到此我们可以找出链接的IP、PORT链接四元组【8A11010A:21CD 0964010A:2227】这个地方是用十六进制保存的,换算成十进制方式【10.1.17.138:8653 10.1.100.9:8743】;
去网络连接状态里面看一下:
代码如下:
[root@XXXXXXX_10_1_17_138 song_test]# netstat -ntp
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 10.1.17.138:64428 10.1.1.156:3306 TIME_WAIT -
tcp 0 0 10.1.17.138:64244 10.1.1.156:3306 TIME_WAIT -
tcp 0 166 10.1.17.138:8653 10.1.100.9:8743 ESTABLISHED 25465/./index_searc
tcp 0 0 10.1.17.138:64394 10.1.1.156:3306 TIME_WAIT -
tcp 0 0 10.1.17.138:29669 10.1.17.69:80 TIME_WAIT -
tcp 0 0 10.1.17.138:46336 10.1.17.68:80 TIME_WAIT -
tcp 0 0 ::ffff:10.1.17.138:8080 ::ffff:10.1.17.136:27247 TIME_WAIT -
回到开始的问题:101 Socket文件描述符代表的是本地【10.1.17.138:8653】到【10.1.100.9:8743】的一条TCP连接!