标签:
Proc虚拟文件系统下面有许多数字命名的子目录,这些数字表示系统当前运行的进程号;
其中/proc/N/fd目录下面保存了打开的文件描述符,指向实际文件的一个链接。如下:
[root@XXXXXXX_10_1_17_138 song_test]# ll /proc/25465/fd total 0 lrwx------ 1 root root 64 Apr 14 09:36 0 -> /dev/pts/4 (deleted) lrwx------ 1 root root 64 Apr 14 09:36 1 -> /dev/pts/4 (deleted) lrwx------ 1 root root 64 Apr 14 09:36 10 -> socket:[2289128790] lrwx------ 1 root root 64 Apr 14 09:36 100 -> socket:[2305227922] lrwx------ 1 root root 64 Apr 14 09:36 101 -> socket:[2305224138] lrwx------ 1 root root 64 Apr 14 09:36 102 -> socket:[2305233625] lrwx------ 1 root root 64 Apr 14 09:36 103 -> socket:[2305215571] lrwx------ 1 root root 64 Apr 14 09:36 104 -> socket:[2305243589] lrwx------ 1 root root 64 Apr 14 09:36 105 -> socket:[2305394065] lrwx------ 1 root root 64 Apr 14 09:36 106 -> socket:[2305394002]我们想查看101 Socket文件描述符的链接状态该怎么看呢?聪明的注意到后面有个数字【2305224138】,这个数字又是哪儿来的呢?看客请往下看。
在/proc/net/tcp目录下面保存了所有TCP链接的状态信息。
[root@XXXXXXX_10_1_17_138 song_test]# cat /proc/net/tcp sl local_address rem_address st tx_queue rx_queue tr tm->when retrnsmt uid timeout inode 0: 8A11010A:7DC8 00000000:0000 0A 00000000:00000000 00:00000000 00000000 0 0 764789417 1 ffff881051dfcb40 99 0 0 10 -1 1: 8A11010A:0369 00000000:0000 0A 00000000:00000000 00:00000000 00000000 0 0 737748331 1 ffff88106af8f7c0 99 0 0 10 -1 51: 8A11010A:FAF4 9C01010A:0CEA 06 00000000:00000000 03:00000938 00000000 0 0 0 2 ffff8810516c01c0 52: 8A11010A:21CD 0964010A:2227 01 00000000:00000000 00:00000000 00000000 0 0 2305224138 2 ffff8801402f55c0 23 3 30 10 -1 53: 8A11010A:FB8A 9C01010A:0CEA 06 00000000:00000000 03:000012A8 00000000 0 0 0 2 ffff8810516c04c0 54: 8A11010A:73E5 4511010A:0050 06 00000000:00000000 03:00000EA8 00000000 0 0 0 2 ffff88106898a880 55: 8A11010A:89AD F300010A:1F90 08 00000000:00000001 00:00000000 00000000 0 0 2305271480 1 ffff880869b59740 23 3 0 10 -1 187: 8A11010A:0ACB 8811010A:1F90 06 00000000:00000000 03:0000028E 00000000 0 0 0 2 ffff881050e9ccc0 188: 8A11010A:FB6C 9C01010A:0CEA 06 00000000:00000000 03:000010CB 00000000 0 0 0 2 ffff88104fd8dd80看上数字【2305224138】没有,就是这儿来的,到此我们可以找出链接的IP、PORT链接四元组【8A11010A:21CD 0964010A:2227】这个地方是用十六进制保存的,换算成十进制方式【10.1.17.138:8653 10.1.100.9:8743】;
去网络连接状态里面看一下:
[root@XXXXXXX_10_1_17_138 song_test]# netstat -ntp Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 10.1.17.138:64428 10.1.1.156:3306 TIME_WAIT - tcp 0 0 10.1.17.138:64244 10.1.1.156:3306 TIME_WAIT - tcp 0 166 10.1.17.138:8653 10.1.100.9:8743 ESTABLISHED 25465/./index_searc tcp 0 0 10.1.17.138:64394 10.1.1.156:3306 TIME_WAIT - tcp 0 0 10.1.17.138:29669 10.1.17.69:80 TIME_WAIT - tcp 0 0 10.1.17.138:46336 10.1.17.68:80 TIME_WAIT - tcp 0 0 ::ffff:10.1.17.138:8080 ::ffff:10.1.17.136:27247 TIME_WAIT -
回到开始的问题:101 Socket文件描述符代表的是本地【10.1.17.138:8653】到【10.1.100.9:8743】的一条TCP连接!
标签:
原文地址:http://blog.csdn.net/gdutliuyun827/article/details/45038249