Linux 跟踪特定的 IP 和端口
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/10995781/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
trace a particular IP and port
提问by murtaza52
I have an app running on port 9100 on a remote server serving http pages. After I ssh into the server I can curl localhost 9100 and I receive the response.
我有一个应用程序在服务 http 页面的远程服务器上的端口 9100 上运行。在我通过 ssh 进入服务器后,我可以 curl localhost 9100 并收到响应。
However I am unable to access the same app from the browser using http://ip:9100
但是我无法使用浏览器访问同一个应用程序 http://ip:9100
I am also unable to telnet from my local PC. How do I debug it? Is there a way to traceroute a particular IP and port combination, to see where it is being blocked?
我也无法从本地 PC 远程登录。我该如何调试?有没有办法跟踪路由特定的 IP 和端口组合,以查看它被阻止的位置?
Any linux tools / commands / utilities will be appreciated.
任何 linux 工具/命令/实用程序将不胜感激。
Thanks, Murtaza
谢谢,穆尔塔扎
采纳答案by Rook
Firstly, check the IP address that your application has bound to. It could only be binding to a local address, for example, which would mean that you'd never see it from a different machine regardless of firewall states.
首先,检查您的应用程序绑定到的 IP 地址。例如,它只能绑定到本地地址,这意味着无论防火墙状态如何,您都不会从不同的机器上看到它。
You could try using a portscanner like nmap to see if the port is open and visible externally... it can tell you if the port is closed (there's nothing listening there), open (you should be able to see it fine) or filtered (by a firewall, for example).
你可以尝试使用像 nmap 这样的端口扫描器来查看端口是否打开并且在外部可见......它可以告诉你端口是否关闭(那里没有任何东西在监听),打开(你应该能够看到它)或过滤(例如通过防火墙)。
回答by KING SABRI
tcptraceroute xx.xx.xx.xx 9100
if you didn't find it you can install it
如果你没有找到它,你可以安装它
yum -y install tcptraceroute
or
或者
aptitude -y install tcptraceroute
回答by dwalter
you can use tcpdumpon the server to check if the client even reaches the server.
您可以tcpdump在服务器上使用来检查客户端是否甚至到达服务器。
tcpdump -i any tcp port 9100
also make sure your firewall is not blocking incoming connections.
还要确保您的防火墙没有阻止传入连接。
EDIT: you can also write the dump into a file and view it with wireshark on your client if you don't want to read it on the console.
编辑:如果您不想在控制台上读取它,您也可以将转储写入文件并在客户端上使用 wireshark 进行查看。
2nd Edit: you can check if you can reach the port via
第二次编辑:您可以检查是否可以通过以下方式到达港口
nc ip 9100 -z -v
from your local PC.
从您的本地 PC。
回答by EternalHour
You can use the default traceroutecommand for this purpose, then there will be nothing to install.
traceroute为此,您可以使用默认命令,然后就不需要安装任何东西了。
traceroute -T -p 9100 <IP address/hostname>
The -Targument is required so that the TCP protocol is used instead of UDP.
该-T参数是必需的,以便使用 TCP 协议而不是 UDP。
In the rare case when tracerouteisn't available, you can also use ncat.
在traceroute不可用的极少数情况下,您也可以使用ncat.
nc -Czvw 5 <IP address/hostname> 9100
回答by Hamid Sami
it can be done by using this command: tcptraceroute -p destination port destination IP. like: tcptraceroute -p 9100 10.0.0.50but don't forget to install tcptraceroute package on your system. tcpdump and nc by default installed on the system. regards
可以通过使用以下命令来完成:tcptraceroute -p destination port destination IP. 比如:tcptraceroute -p 9100 10.0.0.50但不要忘记在你的系统上安装 tcptraceroute 包。tcpdump 和 nc 默认安装在系统上。问候
