ss命令抓linux下偶发端口访问

ss

  while true; do pid=$(ss -tanpe state established 'dst 10.11.22.33:4455'  | awk 'match($0,/pid=([0-9]+)/,a){print a[1]}'); [[ -n $pid ]] && tr '\0' ' ' </proc/$pid/cmdline ; sleep 0.2; done;

while true; do ...; sleep 0.2; done;
ss -tanpe state established 'dst 10.11.22.33:4455'

– -t

– -a

– -n

– -p

– -e

– state established

– dst 10.11.22.33:4455
awk 'match($0,/pid=([0-9]+)/,a){print a[1]}'
[[ -n $pid ]] && tr '\0' ' ' </proc/$pid/cmdline\0

while

  while true; do ss -tanp state established 'dport = 2333' | awk 'match($0,/pid=([0-9]+)/,m){print m[1]}' | while read -r pid; do echo $(date '+%F %T') $pid $(readlink -f /proc/$pid/cwd) $(tr '\0' ' ' </proc/$pid/cmdline); done ;  done;