我目前正在刮Mac OSX上的netstat -n -A inet在Linux和netstat -n -f inet輸出去,該機器使用以下(Python的默認值)連接的遠程IP地址和端口的正則表達式的集合:替代抓取netstat獲取遠程IP地址列表?
'(?:[0-9]+\.){3}[0-9]+[.:][0-9]+\s+((?:[0-9]+\.){3}[0-9]+)[.:]([0-9]+)'
這給了我在第1組的遠程IP和第2組
遠程端口然而,這似乎並沒有攜帶或維護(並僅限於IPv4地址)。
是否有越來越活躍的遠程IP地址的列表,一個更好的選擇?
如果你不害怕C和U的* X內部構件,你可以反向工程的netstat。
採取這裏看看https://unix.stackexchange.com/questions/21503/source-code-of-netstat
嘛,總是有SNMP ...完整的TCP連接表是在.1.3.6.1.2.1.6.19(也稱爲.iso.org.dod.internet.mgmt.mib-2.TCP .tcpConnectionTable),完整的UDP表格位於(也稱爲.iso.org.dod.internet.mgmt.mib-2.udp.udpEndpointTable)。
這裏是我的本地Linux系統中的一個例子:
$ snmpbulkwalk -v2c -c xxxx -m ALL 83.137.17.100 .iso.org.dod.internet.mgmt.mib-2.tcp.tcpConnectionTable
TCP-MIB::tcpConnectionState.ipv4."83.137.17.100".44463.ipv4."91.189.89.90".80 = INTEGER: timeWait(11)
TCP-MIB::tcpConnectionState.ipv4."83.137.17.100".44470.ipv4."91.189.89.90".80 = INTEGER: timeWait(11)
TCP-MIB::tcpConnectionState.ipv6."00:00:00:00:00:00:00:00:00:00:ff:ff:53:89:11:64".80.ipv6."00:00:00:00:00:00:00:00:00:00:ff:ff:53:55:f2:7b".51612 = INTEGER: timeWait(11)
TCP-MIB::tcpConnectionState.ipv6."00:00:00:00:00:00:00:00:00:00:ff:ff:53:89:11:64".80.ipv6."00:00:00:00:00:00:00:00:00:00:ff:ff:53:55:f2:7b".51622 = INTEGER: timeWait(11)
TCP-MIB::tcpConnectionState.ipv6."00:00:00:00:00:00:00:00:00:00:ff:ff:53:89:11:64".80.ipv6."00:00:00:00:00:00:00:00:00:00:ff:ff:53:55:f2:7b".51623 = INTEGER: timeWait(11)
TCP-MIB::tcpConnectionState.ipv6."00:00:00:00:00:00:00:00:00:00:ff:ff:53:89:11:64".80.ipv6."00:00:00:00:00:00:00:00:00:00:ff:ff:53:55:f2:7b".51624 = INTEGER: finWait2(7)
TCP-MIB::tcpConnectionState.ipv6."00:00:00:00:00:00:00:00:00:00:ff:ff:53:89:11:64".80.ipv6."00:00:00:00:00:00:00:00:00:00:ff:ff:53:f7:0a:da".59728 = INTEGER: timeWait(11)
TCP-MIB::tcpConnectionState.ipv6."20:01:40:38:00:00:00:16:00:00:00:00:00:00:00:16".22.ipv6."2a:00:86:40:00:01:00:00:54:f4:06:96:6c:48:aa:a9".49644 = INTEGER: established(5)
TCP-MIB::tcpConnectionProcess.ipv4."83.137.17.100".44463.ipv4."91.189.89.90".80 = Gauge32: 0
TCP-MIB::tcpConnectionProcess.ipv4."83.137.17.100".44470.ipv4."91.189.89.90".80 = Gauge32: 0
TCP-MIB::tcpConnectionProcess.ipv6."00:00:00:00:00:00:00:00:00:00:ff:ff:53:89:11:64".80.ipv6."00:00:00:00:00:00:00:00:00:00:ff:ff:53:55:f2:7b".51612 = Gauge32: 0
TCP-MIB::tcpConnectionProcess.ipv6."00:00:00:00:00:00:00:00:00:00:ff:ff:53:89:11:64".80.ipv6."00:00:00:00:00:00:00:00:00:00:ff:ff:53:55:f2:7b".51622 = Gauge32: 0
TCP-MIB::tcpConnectionProcess.ipv6."00:00:00:00:00:00:00:00:00:00:ff:ff:53:89:11:64".80.ipv6."00:00:00:00:00:00:00:00:00:00:ff:ff:53:55:f2:7b".51623 = Gauge32: 0
TCP-MIB::tcpConnectionProcess.ipv6."00:00:00:00:00:00:00:00:00:00:ff:ff:53:89:11:64".80.ipv6."00:00:00:00:00:00:00:00:00:00:ff:ff:53:55:f2:7b".51624 = Gauge32: 0
TCP-MIB::tcpConnectionProcess.ipv6."00:00:00:00:00:00:00:00:00:00:ff:ff:53:89:11:64".80.ipv6."00:00:00:00:00:00:00:00:00:00:ff:ff:53:f7:0a:da".59728 = Gauge32: 0
TCP-MIB::tcpConnectionProcess.ipv6."20:01:40:38:00:00:00:16:00:00:00:00:00:00:00:16".22.ipv6."2a:00:86:40:00:01:00:00:54:f4:06:96:6c:48:aa:a9".49644 = Gauge32: 0
淨SNMP工具使輸出有點更具可讀性。以數字形式第一輸出線將是:
1.3.6.1.2.1.6.19.1.7.1.4.83.137.17.100.44463.1.4.91.189.89.90.80 = INTEGER: 11
或者在完全展開的文本:
.iso.org.dod.internet.mgmt.mib-2.tcp.tcpConnectionTable.tcpConnectionEntry.tcpConnectionState.ipv4."83.137.17.100".44463.ipv4."91.189.89.90".80
我不知道這是任何比你現在正在做什麼容易,但它爲標準化的方式...
感謝您提醒我關於SNMP。碰巧有一個Python接口[PySNMP](http://pysnmp.sourceforge.net/) – OregonTrail 2013-03-16 19:59:46
我已考慮過它,我可以做到這一點。 – OregonTrail 2013-03-16 19:58:49