실시간으로 TCP와 UDP 포트를 감시하는 방법
리눅스 운영체제에서 간혹 포트 감시를 해야하는 경우가 있다.
특히나 TCP나 UDP 포트에 대해 감시를 해야하는 경우가 있다.
이럴 경우 netstat 혹은 ss 명령어를 사용하게 된다.
아래는 TCP, UDP 포트를 리스닝 하는 프로그램이나 프로세스에 대해서 확인하는 방법이다.
ss 명령어를 사용하는 경우
[root@testora ~]# ss -tulpn
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
udp UNCONN 0 0 127.0.0.1:916 *:* users:(("rpc.statd",1588,5))
udp UNCONN 0 0 *:802 *:* users:(("rpcbind",1475,7))
udp UNCONN 0 0 *:111 *:* users:(("rpcbind",1475,6))
udp UNCONN 0 0 *:13303 *:* users:(("rpc.statd",1588,8))
udp UNCONN 0 0 52.33.171.180:123 *:* users:(("ntpd",1959,19))
udp UNCONN 0 0 127.0.0.1:123 *:* users:(("ntpd",1959,18))
udp UNCONN 0 0 *:123 *:* users:(("ntpd",1959,16))
udp UNCONN 0 0 ::1:11664 :::* users:(("ora_lreg_testdb",3023,8))
udp UNCONN 0 0 :::802 :::* users:(("rpcbind",1475,10))
udp UNCONN 0 0 ::1:47535 :::* users:(("ora_s000_testdb",3039,7))
udp UNCONN 0 0 :::55602 :::* users:(("rpc.statd",1588,10))
udp UNCONN 0 0 ::1:19397 :::* users:(("asm_lreg_+asm",2915,8))
udp UNCONN 0 0 ::1:59862 :::* users:(("ora_d000_testdb",3035,7))
udp UNCONN 0 0 :::23526 :::* users:(("ora_pmon_testdb",2987,10))
udp UNCONN 0 0 :::111 :::* users:(("rpcbind",1475,9))
udp UNCONN 0 0 ::1:20986 :::* users:(("ohasd.bin",2483,42))
udp UNCONN 0 0 fe80::ea11:32ff:fe81:ecb3:123 :::* users:(("ntpd",1959,22))
udp UNCONN 0 0 ::1:123 :::* users:(("ntpd",1959,20))
udp UNCONN 0 0 :::123 :::* users:(("ntpd",1959,17))
tcp LISTEN 0 128 :::13982 :::* users:(("ora_d000_testdb",3035,8))
tcp LISTEN 0 128 127.0.0.1:2016 *:* users:(("oraagent.bin",19084,73))
tcp LISTEN 0 128 :::25256 :::* users:(("rpc.statd",1588,11))
tcp LISTEN 0 80 :::3306 :::* users:(("mysqld",2271,33))
tcp LISTEN 0 128 :::111 :::* users:(("rpcbind",1475,11))
tcp LISTEN 0 128 *:111 *:* users:(("rpcbind",1475,8))
tcp LISTEN 0 128 :::1521 :::* users:(("tnslsnr",2827,12))
tcp LISTEN 0 32 *:21 *:* users:(("vsftpd",1974,3))
tcp LISTEN 0 128 :::22 :::* users:(("sshd",29428,4))
tcp LISTEN 0 128 *:22 *:* users:(("sshd",29428,3))
tcp LISTEN 0 100 127.0.0.1:25 *:* users:(("master",2420,12))
tcp LISTEN 0 128 :::5500 :::* users:(("tnslsnr",2827,19))
tcp LISTEN 0 128 *:63132 *:* users:(("rpc.statd",1588
netstat 명령어를 사용하는 경우
[root@testora ~]# netstat -tulpn Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 127.0.0.1:2016 0.0.0.0:* LISTEN 19084/oraagent.bin tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1475/rpcbind tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 1974/vsftpd tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 29428/sshd tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2420/master tcp 0 0 0.0.0.0:63132 0.0.0.0:* LISTEN 1588/rpc.statd tcp 0 0 :::13982 :::* LISTEN 3035/ora_d000_testd tcp 0 0 :::25256 :::* LISTEN 1588/rpc.statd tcp 0 0 :::3306 :::* LISTEN 2271/mysqld tcp 0 0 :::111 :::* LISTEN 1475/rpcbind tcp 0 0 :::1521 :::* LISTEN 2827/tnslsnr tcp 0 0 :::22 :::* LISTEN 29428/sshd tcp 0 0 :::5500 :::* LISTEN 2827/tnslsnr udp 0 0 127.0.0.1:916 0.0.0.0:* 1588/rpc.statd udp 0 0 0.0.0.0:802 0.0.0.0:* 1475/rpcbind udp 0 0 0.0.0.0:111 0.0.0.0:* 1475/rpcbind udp 0 0 0.0.0.0:13303 0.0.0.0:* 1588/rpc.statd udp 0 0 52.33.171.180:123 0.0.0.0:* 1959/ntpd udp 0 0 127.0.0.1:123 0.0.0.0:* 1959/ntpd udp 0 0 0.0.0.0:123 0.0.0.0:* 1959/ntpd udp 0 0 ::1:11664 :::* 3023/ora_lreg_testd udp 0 0 :::802 :::* 1475/rpcbind udp 0 0 ::1:47535 :::* 3039/ora_s000_testd udp 0 0 :::55602 :::* 1588/rpc.statd udp 0 0 ::1:19397 :::* 2915/asm_lreg_+ASM udp 0 0 ::1:59862 :::* 3035/ora_d000_testd udp 0 0 :::23526 :::* 2987/ora_pmon_testd udp 0 0 :::111 :::* 1475/rpcbind udp 0 0 ::1:20986 :::* 2483/ohasd.bin udp 0 0 fe80::ea11:32ff:fe81:ecb:123 :::* 1959/ntpd udp 0 0 ::1:123 :::* 1959/ntpd udp 0 0 :::123 :::* 1959/ntpd [root@testora ~]#
ss와 netstat 명령어에서 사용한 옵션의 기능은 아래와 같다.
- -t : TCP 포트를 확인
- -u : UDP 포트를 확인
- -l : 리스닝하고 있는 소켓을 보여줌
- -n : 포트 넘버를 보여줌
- -p : 프로세스나 프로그램명을 보여줌
이제 위 명령어를 통해 실시간 모니터링을 하는 방법을 알아보자
실시간 모니터링에는 watch 란 명령어를 사용할 것이다. 이 명령어에 대해서는 추후 다시 글을 올리도록 하겠습니다.
명령어는 위에 사용한 명령어 앞에 watch 명령어를 사용해 주면 된다.
watch ss -tulpn or watch netstat -tulpn
터미널 전체 화면으로 아래와 같은 결과가 2초마다 리프레시 될 것이다.
whatch 와 ss 명령어를 같이 사용한 경우
Every 2.0s: ss -tulpn Wed Feb 5 14:46:40 2020
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
udp UNCONN 0 0 127.0.0.1:916 *:* users:(("rpc.statd",1588,5))
udp UNCONN 0 0 *:802 *:* users:(("rpcbind",1475,7))
udp UNCONN 0 0 *:111 *:* users:(("rpcbind",1475,6))
udp UNCONN 0 0 *:13303 *:* users:(("rpc.statd",1588,8))
udp UNCONN 0 0 52.33.171.180:123 *:* users:(("ntpd",1959,19))
udp UNCONN 0 0 127.0.0.1:123 *:* users:(("ntpd",1959,18))
udp UNCONN 0 0 *:123 *:* users:(("ntpd",1959,16))
udp UNCONN 0 0 ::1:11664 :::* users:(("ora_lreg_testdb",3023,8))
udp UNCONN 0 0 :::802 :::* users:(("rpcbind",1475,10))
udp UNCONN 0 0 ::1:47535 :::* users:(("ora_s000_testdb",3039,7))
udp UNCONN 0 0 :::55602 :::* users:(("rpc.statd",1588,10))
udp UNCONN 0 0 ::1:19397 :::* users:(("asm_lreg_+asm",2915,8))
udp UNCONN 0 0 ::1:59862 :::* users:(("ora_d000_testdb",3035,7))
udp UNCONN 0 0 :::23526 :::* users:(("ora_pmon_testdb",2987,10))
udp UNCONN 0 0 :::111 :::* users:(("rpcbind",1475,9))
udp UNCONN 0 0 ::1:20986 :::* users:(("ohasd.bin",2483,42))
udp UNCONN 0 0 fe80::ea11:32ff:fe81:ecb3:123 :::* users:(("ntpd",1959,22))
udp UNCONN 0 0 ::1:123 :::* users:(("ntpd",1959,20))
udp UNCONN 0 0 :::123 :::* users:(("ntpd",1959,17))
tcp LISTEN 0 128 :::13982 :::* users:(("ora_d000_testdb",3035,8))
tcp LISTEN 0 128 127.0.0.1:2016 *:* users:(("oraagent.bin",19084,73))
tcp LISTEN 0 128 :::25256 :::* users:(("rpc.statd",1588,11))
tcp LISTEN 0 80 :::3306 :::* users:(("mysqld",2271,33))
tcp LISTEN 0 128 :::111 :::* users:(("rpcbind",1475,11))
tcp LISTEN 0 128 *:111 *:* users:(("rpcbind",1475,8))
tcp LISTEN 0 128 :::1521 :::* users:(("tnslsnr",2827,12))
tcp LISTEN 0 32 *:21 *:* users:(("vsftpd",1974,3))
tcp LISTEN 0 128 :::22 :::* users:(("sshd",29428,4))
tcp LISTEN 0 128 *:22 *:* users:(("sshd",29428,3))
tcp LISTEN 0 100 127.0.0.1:25 *:* users:(("master",2420,12))
tcp LISTEN 0 128 :::5500 :::* users:(("tnslsnr",2827,19))
tcp LISTEN 0 128 *:63132 *:* users:(("rpc.statd",1588,9))
watch와 netstat 명령어를 같이 사용한 경우
Every 2.0s: netstat -tulpn Wed Feb 5 14:49:04 2020 Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 127.0.0.1:2016 0.0.0.0:* LISTEN 19084/oraagent.bin tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1475/rpcbind tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 1974/vsftpd tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 29428/sshd tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2420/master tcp 0 0 0.0.0.0:63132 0.0.0.0:* LISTEN 1588/rpc.statd tcp 0 0 :::13982 :::* LISTEN 3035/ora_d000_testd tcp 0 0 :::25256 :::* LISTEN 1588/rpc.statd tcp 0 0 :::3306 :::* LISTEN 2271/mysqld tcp 0 0 :::111 :::* LISTEN 1475/rpcbind tcp 0 0 :::1521 :::* LISTEN 2827/tnslsnr tcp 0 0 :::22 :::* LISTEN 29428/sshd tcp 0 0 :::5500 :::* LISTEN 2827/tnslsnr udp 0 0 127.0.0.1:916 0.0.0.0:* 1588/rpc.statd udp 0 0 0.0.0.0:802 0.0.0.0:* 1475/rpcbind udp 0 0 0.0.0.0:111 0.0.0.0:* 1475/rpcbind udp 0 0 0.0.0.0:13303 0.0.0.0:* 1588/rpc.statd udp 0 0 52.33.171.180:123 0.0.0.0:* 1959/ntpd udp 0 0 127.0.0.1:123 0.0.0.0:* 1959/ntpd udp 0 0 0.0.0.0:123 0.0.0.0:* 1959/ntpd udp 0 0 ::1:11664 :::* 3023/ora_lreg_testd udp 0 0 :::802 :::* 1475/rpcbind udp 0 0 ::1:47535 :::* 3039/ora_s000_testd udp 0 0 :::55602 :::* 1588/rpc.statd udp 0 0 ::1:19397 :::* 2915/asm_lreg_+ASM udp 0 0 ::1:59862 :::* 3035/ora_d000_testd udp 0 0 :::23526 :::* 2987/ora_pmon_testd udp 0 0 :::111 :::* 1475/rpcbind udp 0 0 ::1:20986 :::* 2483/ohasd.bin udp 0 0 fe80::ea11:32ff:fe81:ecb:123 :::* 1959/ntpd udp 0 0 ::1:123 :::* 1959/ntpd udp 0 0 :::123 :::* 1959/ntpd
