我目前正在刮Mac OSX上的netstat -n -A inet在Linux和netstat -n -f inet输出去,该机器使用以下(Python的默认值)连接的远程IP地址和端口的正则表达式的集合:替代抓取netstat获取远程IP地址列表?
'(?:[0-9]+\.){3}[0-9]+[.:][0-9]+\s+((?:[0-9]+\.){3}[0-9]+)[.:]([0-9]+)'
这给了我在第1组的远程IP和第2组
远程端口然而,这似乎并没有携带或维护(并仅限于IPv4地址)。
是否有越来越活跃的远程IP地址的列表,一个更好的选择?
如果你不害怕C和U的* X内部构件,你可以反向工程的netstat。
采取这里看看https://unix.stackexchange.com/questions/21503/source-code-of-netstat
嘛,总是有SNMP ...完整的TCP连接表是在.1.3.6.1.2.1.6.19(也称为.iso.org.dod.internet.mgmt.mib-2.TCP .tcpConnectionTable),完整的UDP表格位于(也称为.iso.org.dod.internet.mgmt.mib-2.udp.udpEndpointTable)。
这里是我的本地Linux系统中的一个例子:
$ snmpbulkwalk -v2c -c xxxx -m ALL 83.137.17.100 .iso.org.dod.internet.mgmt.mib-2.tcp.tcpConnectionTable
TCP-MIB::tcpConnectionState.ipv4."83.137.17.100".44463.ipv4."91.189.89.90".80 = INTEGER: timeWait(11)
TCP-MIB::tcpConnectionState.ipv4."83.137.17.100".44470.ipv4."91.189.89.90".80 = INTEGER: timeWait(11)
TCP-MIB::tcpConnectionState.ipv6."00:00:00:00:00:00:00:00:00:00:ff:ff:53:89:11:64".80.ipv6."00:00:00:00:00:00:00:00:00:00:ff:ff:53:55:f2:7b".51612 = INTEGER: timeWait(11)
TCP-MIB::tcpConnectionState.ipv6."00:00:00:00:00:00:00:00:00:00:ff:ff:53:89:11:64".80.ipv6."00:00:00:00:00:00:00:00:00:00:ff:ff:53:55:f2:7b".51622 = INTEGER: timeWait(11)
TCP-MIB::tcpConnectionState.ipv6."00:00:00:00:00:00:00:00:00:00:ff:ff:53:89:11:64".80.ipv6."00:00:00:00:00:00:00:00:00:00:ff:ff:53:55:f2:7b".51623 = INTEGER: timeWait(11)
TCP-MIB::tcpConnectionState.ipv6."00:00:00:00:00:00:00:00:00:00:ff:ff:53:89:11:64".80.ipv6."00:00:00:00:00:00:00:00:00:00:ff:ff:53:55:f2:7b".51624 = INTEGER: finWait2(7)
TCP-MIB::tcpConnectionState.ipv6."00:00:00:00:00:00:00:00:00:00:ff:ff:53:89:11:64".80.ipv6."00:00:00:00:00:00:00:00:00:00:ff:ff:53:f7:0a:da".59728 = INTEGER: timeWait(11)
TCP-MIB::tcpConnectionState.ipv6."20:01:40:38:00:00:00:16:00:00:00:00:00:00:00:16".22.ipv6."2a:00:86:40:00:01:00:00:54:f4:06:96:6c:48:aa:a9".49644 = INTEGER: established(5)
TCP-MIB::tcpConnectionProcess.ipv4."83.137.17.100".44463.ipv4."91.189.89.90".80 = Gauge32: 0
TCP-MIB::tcpConnectionProcess.ipv4."83.137.17.100".44470.ipv4."91.189.89.90".80 = Gauge32: 0
TCP-MIB::tcpConnectionProcess.ipv6."00:00:00:00:00:00:00:00:00:00:ff:ff:53:89:11:64".80.ipv6."00:00:00:00:00:00:00:00:00:00:ff:ff:53:55:f2:7b".51612 = Gauge32: 0
TCP-MIB::tcpConnectionProcess.ipv6."00:00:00:00:00:00:00:00:00:00:ff:ff:53:89:11:64".80.ipv6."00:00:00:00:00:00:00:00:00:00:ff:ff:53:55:f2:7b".51622 = Gauge32: 0
TCP-MIB::tcpConnectionProcess.ipv6."00:00:00:00:00:00:00:00:00:00:ff:ff:53:89:11:64".80.ipv6."00:00:00:00:00:00:00:00:00:00:ff:ff:53:55:f2:7b".51623 = Gauge32: 0
TCP-MIB::tcpConnectionProcess.ipv6."00:00:00:00:00:00:00:00:00:00:ff:ff:53:89:11:64".80.ipv6."00:00:00:00:00:00:00:00:00:00:ff:ff:53:55:f2:7b".51624 = Gauge32: 0
TCP-MIB::tcpConnectionProcess.ipv6."00:00:00:00:00:00:00:00:00:00:ff:ff:53:89:11:64".80.ipv6."00:00:00:00:00:00:00:00:00:00:ff:ff:53:f7:0a:da".59728 = Gauge32: 0
TCP-MIB::tcpConnectionProcess.ipv6."20:01:40:38:00:00:00:16:00:00:00:00:00:00:00:16".22.ipv6."2a:00:86:40:00:01:00:00:54:f4:06:96:6c:48:aa:a9".49644 = Gauge32: 0
净SNMP工具使输出有点更具可读性。以数字形式第一输出线将是:
1.3.6.1.2.1.6.19.1.7.1.4.83.137.17.100.44463.1.4.91.189.89.90.80 = INTEGER: 11
或者在完全展开的文本:
.iso.org.dod.internet.mgmt.mib-2.tcp.tcpConnectionTable.tcpConnectionEntry.tcpConnectionState.ipv4."83.137.17.100".44463.ipv4."91.189.89.90".80
我不知道这是任何比你现在正在做什么容易,但它为标准化的方式...
感谢您提醒我关于SNMP。碰巧有一个Python接口[PySNMP](http://pysnmp.sourceforge.net/) – OregonTrail 2013-03-16 19:59:46
我已考虑过它,我可以做到这一点。 – OregonTrail 2013-03-16 19:58:49