查看機(jī)器TCP連接數(shù)
netstat -an|awk '/^tcp/{++S[$NF]}END{for (a in S)print a,S[a]}'
ssh穿透跳板機(jī)
http://www.10tiao.com/html/357/201605/2247483806/1.html
拷貝遠(yuǎn)程輸出到本機(jī)內(nèi)存
ssh root@192.168.100.147 "tshark -r /var/log/suricata/log.pcap.1543224856 -z follow,tcp,hex,2" | pbcopy
查看端口TCP連接數(shù)
netstat -nat|grep -i "80"|wc -l
TCP連接狀態(tài)詳解
LISTEN: 偵聽來(lái)自遠(yuǎn)方的TCP端口的連接請(qǐng)求
SYN-SENT: 再發(fā)送連接請(qǐng)求后等待匹配的連接請(qǐng)求
SYN-RECEIVED:再收到和發(fā)送一個(gè)連接請(qǐng)求后等待對(duì)方對(duì)連接請(qǐng)求的確認(rèn)
ESTABLISHED: 代表一個(gè)打開的連接
FIN-WAIT-1: 等待遠(yuǎn)程TCP連接中斷請(qǐng)求揍障,或先前的連接中斷請(qǐng)求的確認(rèn)
FIN-WAIT-2: 從遠(yuǎn)程TCP等待連接中斷請(qǐng)求
CLOSE-WAIT: 等待從本地用戶發(fā)來(lái)的連接中斷請(qǐng)求
CLOSING: 等待遠(yuǎn)程TCP對(duì)連接中斷的確認(rèn)
LAST-ACK: 等待原來(lái)的發(fā)向遠(yuǎn)程TCP的連接中斷請(qǐng)求的確認(rèn)
TIME-WAIT: 等待足夠的時(shí)間以確保遠(yuǎn)程TCP接收到連接中斷請(qǐng)求的確認(rèn)
CLOSED: 沒有任何連接狀態(tài)
