#!/bin/bash # Linux端口系统性分析脚本 # 用法: ./port_analyzer.sh <端口号> [协议类型:tcp/udp/all] # 颜色定义 RED='\033[0;31m' GREEN='\033[0;32m' YELLOW='\033[1;33m' BLUE='\033[0;34m' PURPLE='\033[0;35m' CYAN='\033[0;36m' NC='\033[0m' # No Color # 检查是否为root用户 check_root() { if [[ $EUID -eq 0 ]]; then echo -e "${GREEN}[INFO]${NC} 以root权限运行,可获取完整信息" else echo -e "${YELLOW}[WARNING]${NC} 非root用户,某些信息可能无法获取" fi } # 打印分隔线 print_separator() { echo -e "${BLUE}===============================================${NC}" } # 打印标题 print_title() { echo -e "${PURPLE}$1${NC}" print_separator } # 验证端口号 validate_port() { local port=$1 if ! [[ "$port" =~ ^[0-9]+$ ]] || [ "$port" -lt 1 ] || [ "$port" -gt 65535 ]; then echo -e "${RED}[ERROR]${NC} 无效的端口号: $port (范围: 1-65535)" exit 1 fi } # 获取端口基本信息 get_port_basic_info() { local port=$1 local protocol=${2:-"all"} print_title "端口基本信息分析" echo -e "${CYAN}端口号:${NC} $port" echo -e "${CYAN}协议类型:${NC} $protocol" echo -e "${CYAN}分析时间:${NC} $(date '+%Y-%m-%d %H:%M:%S')" echo } # 检查端口监听状态 check_port_listening() { local port=$1 local protocol=$2 print_title "端口监听状态检查" if [ "$protocol" = "all" ] || [ "$protocol" = "tcp" ]; then echo -e "${YELLOW}TCP协议监听状态:${NC}" # 使用netstat检查 if command -v netstat >/dev/null 2>&1; then netstat_tcp=$(netstat -tlnp 2>/dev/null | grep ":$port ") if [ -n "$netstat_tcp" ]; then echo -e "${GREEN}[LISTENING]${NC} TCP端口正在监听:" echo "$netstat_tcp" | while read line; do echo " $line" done else echo -e "${RED}[NOT LISTENING]${NC} TCP端口未在监听" fi fi # 使用ss检查 if command -v ss >/dev/null 2>&1; then echo echo -e "${YELLOW}ss命令检查结果:${NC}" ss_tcp=$(ss -tlnp 2>/dev/null | grep ":$port ") if [ -n "$ss_tcp" ]; then echo -e "${GREEN}[LISTENING]${NC} TCP端口正在监听:" echo "$ss_tcp" | while read line; do echo " $line" done else echo -e "${RED}[NOT LISTENING]${NC} TCP端口未在监听" fi fi fi if [ "$protocol" = "all" ] || [ "$protocol" = "udp" ]; then echo echo -e "${YELLOW}UDP协议监听状态:${NC}" # 使用netstat检查UDP if command -v netstat >/dev/null 2>&1; then netstat_udp=$(netstat -ulnp 2>/dev/null | grep ":$port ") if [ -n "$netstat_udp" ]; then echo -e "${GREEN}[LISTENING]${NC} UDP端口正在监听:" echo "$netstat_udp" | while read line; do echo " $line" done else echo -e "${RED}[NOT LISTENING]${NC} UDP端口未在监听" fi fi # 使用ss检查UDP if command -v ss >/dev/null 2>&1; then echo echo -e "${YELLOW}ss命令检查UDP结果:${NC}" ss_udp=$(ss -ulnp 2>/dev/null | grep ":$port ") if [ -n "$ss_udp" ]; then echo -e "${GREEN}[LISTENING]${NC} UDP端口正在监听:" echo "$ss_udp" | while read line; do echo " $line" done else echo -e "${RED}[NOT LISTENING]${NC} UDP端口未在监听" fi fi fi echo } # 分析占用端口的进程 analyze_port_processes() { local port=$1 local protocol=$2 print_title "进程信息分析" # 获取占用端口的进程信息 if [ "$protocol" = "all" ] || [ "$protocol" = "tcp" ]; then echo -e "${YELLOW}TCP端口占用进程:${NC}" if command -v lsof >/dev/null 2>&1; then lsof_result=$(lsof -i tcp:$port 2>/dev/null) if [ -n "$lsof_result" ]; then echo "$lsof_result" echo # 获取详细进程信息 pids=$(echo "$lsof_result" | awk 'NR>1 {print $2}' | sort -u) for pid in $pids; do if [ -n "$pid" ] && [ "$pid" != "PID" ]; then echo -e "${CYAN}进程ID $pid 详细信息:${NC}" # 获取命令行 cmdline="" if [ -f "/proc/$pid/cmdline" ]; then cmdline=$(tr '\0' ' ' < /proc/$pid/cmdline 2>/dev/null || echo 'N/A') echo -e " 命令行: $cmdline" fi # 获取进程基本信息 if [ -f "/proc/$pid/status" ]; then proc_name=$(grep '^Name:' /proc/$pid/status 2>/dev/null | cut -f2) echo -e " 进程名: $proc_name" echo -e " 状态: $(grep '^State:' /proc/$pid/status 2>/dev/null | cut -f2-)" echo -e " 用户ID: $(grep '^Uid:' /proc/$pid/status 2>/dev/null | awk '{print $2}')" fi echo -e " 启动时间: $(ps -o lstart= -p $pid 2>/dev/null || echo 'N/A')" echo -e " CPU使用率: $(ps -o pcpu= -p $pid 2>/dev/null || echo 'N/A')%" echo -e " 内存使用: $(ps -o pmem= -p $pid 2>/dev/null || echo 'N/A')%" # Docker特殊分析 if [[ "$proc_name" == "docker-proxy" || "$cmdline" == *"docker-proxy"* ]]; then analyze_docker_proxy "$cmdline" "$pid" elif [[ "$cmdline" == *"docker"* ]]; then analyze_docker_process "$pid" fi echo fi done else echo -e "${RED}[INFO]${NC} 没有进程占用TCP端口 $port" fi else echo -e "${YELLOW}[WARNING]${NC} lsof命令未安装,无法获取详细进程信息" fi fi if [ "$protocol" = "all" ] || [ "$protocol" = "udp" ]; then echo -e "${YELLOW}UDP端口占用进程:${NC}" if command -v lsof >/dev/null 2>&1; then lsof_udp_result=$(lsof -i udp:$port 2>/dev/null) if [ -n "$lsof_udp_result" ]; then echo "$lsof_udp_result" else echo -e "${RED}[INFO]${NC} 没有进程占用UDP端口 $port" fi fi fi echo } # Docker代理进程分析 analyze_docker_proxy() { local cmdline=$1 local pid=$2 echo -e "${PURPLE} 🐳 Docker端口映射分析:${NC}" # 解析docker-proxy命令行参数 if [[ "$cmdline" == *"-host-port"* ]]; then host_port=$(echo "$cmdline" | grep -o '\-host-port [0-9]*' | awk '{print $2}') container_port=$(echo "$cmdline" | grep -o '\-container-port [0-9]*' | awk '{print $2}') container_ip=$(echo "$cmdline" | grep -o '\-container-ip [0-9.]*' | awk '{print $2}') host_ip=$(echo "$cmdline" | grep -o '\-host-ip [0-9.]*' | awk '{print $2}') proto=$(echo "$cmdline" | grep -o '\-proto [a-z]*' | awk '{print $2}') echo -e " 📍 端口映射: ${host_ip:-0.0.0.0}:${host_port} → ${container_ip}:${container_port}" echo -e " 🔗 协议类型: ${proto}" echo -e " 🏠 主机端口: ${host_port}" echo -e " 📦 容器端口: ${container_port}" echo -e " 🌐 容器IP: ${container_ip}" # 尝试找到对应的容器 if command -v docker >/dev/null 2>&1; then echo -e " 🔍 查找对应容器:" container_info=$(docker ps --format "table {{.ID}}\t{{.Image}}\t{{.Names}}\t{{.Ports}}" | grep ":${host_port}->" 2>/dev/null) if [ -n "$container_info" ]; then echo -e " 📋 容器信息:" echo "$container_info" | while read line; do echo " $line" done # 获取容器ID container_id=$(echo "$container_info" | awk '{print $1}' | head -1) if [ -n "$container_id" ]; then echo -e " 🏷️ 容器详情:" docker inspect --format ' 镜像: {{.Config.Image}}' "$container_id" 2>/dev/null || true docker inspect --format ' 创建时间: {{.Created}}' "$container_id" 2>/dev/null || true docker inspect --format ' 状态: {{.State.Status}}' "$container_id" 2>/dev/null || true fi else echo -e " ❌ 未找到对应的运行中容器" fi fi fi } # Docker进程分析 analyze_docker_process() { local pid=$1 echo -e "${PURPLE} 🐳 Docker相关进程:${NC}" # 检查是否为容器内进程 if [ -f "/proc/$pid/cgroup" ]; then cgroup_info=$(cat /proc/$pid/cgroup 2>/dev/null) if echo "$cgroup_info" | grep -q "docker"; then container_id=$(echo "$cgroup_info" | grep docker | head -1 | sed 's/.*docker[/-]\([a-f0-9]*\).*/\1/') echo -e " 📦 容器进程 (容器ID: ${container_id:0:12})" if command -v docker >/dev/null 2>&1 && [ -n "$container_id" ]; then docker_name=$(docker ps --format "{{.Names}}" --filter "id=$container_id" 2>/dev/null) docker_image=$(docker ps --format "{{.Image}}" --filter "id=$container_id" 2>/dev/null) [ -n "$docker_name" ] && echo -e " 🏷️ 容器名称: $docker_name" [ -n "$docker_image" ] && echo -e " 🖼️ 镜像: $docker_image" fi fi fi } # 检查防火墙规则 check_firewall_rules() { local port=$1 print_title "防火墙规则检查" # 检查iptables规则 if command -v iptables >/dev/null 2>&1; then echo -e "${YELLOW}iptables规则检查:${NC}" iptables_rules=$(iptables -L -n --line-numbers 2>/dev/null | grep -E ":$port|$port:") if [ -n "$iptables_rules" ]; then echo -e "${GREEN}[FOUND]${NC} 找到相关iptables规则:" echo "$iptables_rules" else echo -e "${RED}[INFO]${NC} 未找到针对端口 $port 的iptables规则" fi echo # 检查NAT表 nat_rules=$(iptables -t nat -L -n --line-numbers 2>/dev/null | grep -E ":$port|$port:") if [ -n "$nat_rules" ]; then echo -e "${GREEN}[FOUND]${NC} 找到相关NAT规则:" echo "$nat_rules" echo fi fi # 检查firewalld if command -v firewall-cmd >/dev/null 2>&1 && systemctl is-active firewalld >/dev/null 2>&1; then echo -e "${YELLOW}firewalld规则检查:${NC}" # 检查端口是否开放 if firewall-cmd --query-port=$port/tcp 2>/dev/null; then echo -e "${GREEN}[OPEN]${NC} TCP端口 $port 在firewalld中已开放" else echo -e "${RED}[CLOSED]${NC} TCP端口 $port 在firewalld中未开放" fi if firewall-cmd --query-port=$port/udp 2>/dev/null; then echo -e "${GREEN}[OPEN]${NC} UDP端口 $port 在firewalld中已开放" else echo -e "${RED}[CLOSED]${NC} UDP端口 $port 在firewalld中未开放" fi # 显示当前活动区域的端口 echo -e "${CYAN}当前防火墙开放的端口:${NC}" firewall-cmd --list-ports 2>/dev/null || echo "无法获取端口列表" echo fi # 检查ufw if command -v ufw >/dev/null 2>&1; then echo -e "${YELLOW}ufw防火墙检查:${NC}" ufw_status=$(ufw status 2>/dev/null) echo "$ufw_status" echo fi } # 网络连接状态分析 analyze_network_connections() { local port=$1 local protocol=$2 print_title "网络连接状态分析" if [ "$protocol" = "all" ] || [ "$protocol" = "tcp" ]; then echo -e "${YELLOW}TCP连接状态统计:${NC}" if command -v netstat >/dev/null 2>&1; then # 统计各种TCP连接状态 echo -e "${CYAN}端口 $port 的TCP连接状态:${NC}" netstat -an 2>/dev/null | grep ":$port " | awk '{print $6}' | sort | uniq -c | while read count state; do echo " $state: $count 个连接" done echo echo -e "${CYAN}详细连接信息:${NC}" netstat -an 2>/dev/null | grep ":$port " | head -10 total_connections=$(netstat -an 2>/dev/null | grep ":$port " | wc -l) echo -e "${CYAN}总连接数:${NC} $total_connections" fi fi # 添加外部IP连接分析 analyze_external_connections $port $protocol echo } # 分析外部IP连接 analyze_external_connections() { local port=$1 local protocol=$2 print_title "外部IP连接分析" if [ "$protocol" = "all" ] || [ "$protocol" = "tcp" ]; then echo -e "${YELLOW}正在连接的外部IP (TCP):${NC}" # 使用netstat获取连接信息 if command -v netstat >/dev/null 2>&1; then echo -e "${CYAN}活跃TCP连接:${NC}" netstat_connections=$(netstat -tn 2>/dev/null | grep ":$port " | grep -v "127.0.0.1\|::1") if [ -n "$netstat_connections" ]; then # 解析并统计外部IP declare -A ip_stats declare -A ip_states declare -A ip_countries echo "$netstat_connections" | while IFS= read -r line; do # 提取外部IP和状态 remote_addr=$(echo "$line" | awk '{print $5}') state=$(echo "$line" | awk '{print $6}') local_addr=$(echo "$line" | awk '{print $4}') # 提取IP地址(去掉端口) if [[ "$remote_addr" =~ ^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+): ]]; then remote_ip="${BASH_REMATCH[1]}" elif [[ "$remote_addr" =~ ^\[([a-f0-9:]+)\]: ]]; then remote_ip="${BASH_REMATCH[1]}" else remote_ip=$(echo "$remote_addr" | cut -d':' -f1) fi # 跳过本地IP if [[ "$remote_ip" =~ ^(127\.|10\.|172\.(1[6-9]|2[0-9]|3[0-1])\.|192\.168\.) ]]; then continue fi echo -e " ${GREEN}🌐${NC} $remote_ip → $(echo $local_addr | cut -d':' -f2) [$state]" done echo echo -e "${CYAN}外部IP统计:${NC}" # 统计唯一IP数量和连接状态 unique_ips=$(echo "$netstat_connections" | awk '{print $5}' | cut -d':' -f1 | grep -v "127.0.0.1\|^10\.\|^172\.\|^192\.168\." | sort -u) if [ -n "$unique_ips" ]; then ip_count=$(echo "$unique_ips" | wc -l) echo -e " 📊 唯一外部IP数量: ${ip_count}" echo -e "${CYAN}IP详细分析:${NC}" echo "$unique_ips" | while read ip; do if [ -n "$ip" ]; then conn_count=$(echo "$netstat_connections" | grep "^tcp.*$ip:" | wc -l) states=$(echo "$netstat_connections" | grep "^tcp.*$ip:" | awk '{print $6}' | sort | uniq -c | tr '\n' ' ') echo -e " 🔍 ${YELLOW}$ip${NC}" echo -e " 📈 连接数: $conn_count" echo -e " 📋 状态: $states" # 尝试获取地理位置信息(如果有whois) if command -v whois >/dev/null 2>&1; then country=$(timeout 3 whois "$ip" 2>/dev/null | grep -i "country\|Country" | head -1 | awk -F':' '{print $2}' | xargs) [ -n "$country" ] && echo -e " 🌍 国家: $country" fi # 检查是否为已知的恶意IP(简单检查) check_ip_reputation "$ip" echo fi done else echo -e " ${GREEN}✓${NC} 当前无外部IP连接" fi else echo -e " ${GREEN}✓${NC} 当前无活跃的外部TCP连接" fi fi # 使用ss命令进行更详细的分析 if command -v ss >/dev/null 2>&1; then echo echo -e "${CYAN}ss命令连接分析:${NC}" ss_connections=$(ss -tn state connected 2>/dev/null | grep ":$port ") if [ -n "$ss_connections" ]; then echo "$ss_connections" | while IFS= read -r line; do if [[ ! "$line" =~ (127\.|10\.|172\.(1[6-9]|2[0-9]|3[0-1])\.|192\.168\.) ]]; then echo " $line" fi done else echo -e " ${GREEN}✓${NC} ss未发现外部连接" fi fi fi # UDP连接分析 if [ "$protocol" = "all" ] || [ "$protocol" = "udp" ]; then echo echo -e "${YELLOW}UDP连接分析:${NC}" echo -e "${CYAN}注意: UDP是无连接协议,以下显示最近通信的IP${NC}" # 检查UDP套接字 if command -v ss >/dev/null 2>&1; then udp_info=$(ss -un 2>/dev/null | grep ":$port ") if [ -n "$udp_info" ]; then echo -e "${CYAN}UDP监听状态:${NC}" echo "$udp_info" fi fi # 尝试从网络统计中获取UDP流量信息 if [ -f "/proc/net/udp" ]; then port_hex=$(printf "%04X" $port) udp_sockets=$(grep ":$port_hex " /proc/net/udp 2>/dev/null) if [ -n "$udp_sockets" ]; then echo -e "${CYAN}UDP套接字信息:${NC}" echo "$udp_sockets" fi fi fi } # 实时连接监控 monitor_real_time_connections() { local port=$1 local duration=${2:-30} print_title "实时连接监控 (${duration}秒)" echo -e "${YELLOW}开始监控端口 $port 的实时连接...${NC}" echo -e "${CYAN}按 Ctrl+C 停止监控${NC}" echo # 记录开始时间 start_time=$(date +%s) end_time=$((start_time + duration)) declare -A seen_ips while [ $(date +%s) -lt $end_time ]; do current_time=$(date '+%H:%M:%S') # 获取当前连接 current_connections=$(netstat -tn 2>/dev/null | grep ":$port " | grep -v "127.0.0.1\|::1") if [ -n "$current_connections" ]; then echo "$current_connections" | while IFS= read -r line; do remote_addr=$(echo "$line" | awk '{print $5}') state=$(echo "$line" | awk '{print $6}') # 提取IP remote_ip=$(echo "$remote_addr" | cut -d':' -f1) remote_port=$(echo "$remote_addr" | cut -d':' -f2) # 跳过内网IP if [[ "$remote_ip" =~ ^(127\.|10\.|172\.(1[6-9]|2[0-9]|3[0-1])\.|192\.168\.) ]]; then continue fi # 检查是否为新连接 ip_key="$remote_ip:$remote_port" if [[ -z "${seen_ips[$ip_key]}" ]]; then echo -e "[$current_time] ${GREEN}NEW${NC} 🔗 $remote_ip:$remote_port → :$port [$state]" seen_ips[$ip_key]="$current_time" fi done fi sleep 2 done echo echo -e "${GREEN}监控完成${NC}" } # IP信誉检查 check_ip_reputation() { local ip=$1 # 检查是否为已知的云服务商IP段 case "$ip" in # AWS IP段 (部分示例) 52.*|54.*|3.*) echo -e " ☁️ 可能为AWS云服务IP" ;; # Google Cloud IP段 (部分示例) 35.*|34.*) echo -e " ☁️ 可能为Google Cloud IP" ;; # 阿里云IP段 (部分示例) 47.*|118.*) echo -e " ☁️ 可能为阿里云IP" ;; # 腾讯云IP段 (部分示例) 49.*|119.*) echo -e " ☁️ 可能为腾讯云IP" ;; esac # 检查常见爬虫/扫描器IP段 case "$ip" in # Shodan扫描器 198.20.87.*|71.6.135.*) echo -e " 🚨 ${RED}警告: Shodan扫描器IP${NC}" ;; # Censys扫描器 162.142.125.*) echo -e " 🚨 ${RED}警告: Censys扫描器IP${NC}" ;; esac } # 端口扫描和可达性测试 test_port_connectivity() { local port=$1 local protocol=$2 print_title "端口可达性测试" # 本地连接测试 if [ "$protocol" = "all" ] || [ "$protocol" = "tcp" ]; then echo -e "${YELLOW}本地TCP端口连接测试:${NC}" if timeout 3 bash -c "echo >/dev/tcp/localhost/$port" 2>/dev/null; then echo -e "${GREEN}[SUCCESS]${NC} 本地TCP端口 $port 可连接" else echo -e "${RED}[FAILED]${NC} 本地TCP端口 $port 不可连接" fi # 使用telnet测试 if command -v telnet >/dev/null 2>&1; then echo -e "${CYAN}telnet测试结果:${NC}" timeout 3 telnet localhost $port 2>&1 | head -3 fi fi # 使用nmap扫描(如果可用) if command -v nmap >/dev/null 2>&1; then echo echo -e "${YELLOW}nmap端口扫描结果:${NC}" nmap -p $port localhost 2>/dev/null | grep -E "$port|PORT|STATE" fi echo } # 端口历史和系统日志分析 analyze_port_logs() { local port=$1 print_title "系统日志分析" # 检查系统日志中与端口相关的信息 echo -e "${YELLOW}系统日志中的端口相关信息:${NC}" # 检查auth.log中的连接尝试 if [ -f "/var/log/auth.log" ]; then echo -e "${CYAN}认证日志中的相关信息:${NC}" grep -i "port $port\|:$port" /var/log/auth.log 2>/dev/null | tail -5 fi # 检查syslog if [ -f "/var/log/syslog" ]; then echo -e "${CYAN}系统日志中的相关信息:${NC}" grep -i "port $port\|:$port" /var/log/syslog 2>/dev/null | tail -5 fi # 检查messages if [ -f "/var/log/messages" ]; then echo -e "${CYAN}消息日志中的相关信息:${NC}" grep -i "port $port\|:$port" /var/log/messages 2>/dev/null | tail -5 fi echo } # 安全性分析 security_analysis() { local port=$1 print_title "端口安全性分析" # 检查是否为常见危险端口 declare -A risky_ports=( [21]="FTP - 明文传输" [23]="Telnet - 明文传输" [25]="SMTP - 邮件服务" [53]="DNS - 域名解析" [80]="HTTP - Web服务" [110]="POP3 - 邮件接收" [143]="IMAP - 邮件接收" [443]="HTTPS - 安全Web服务" [993]="IMAPS - 安全邮件接收" [995]="POP3S - 安全邮件接收" [1433]="MSSQL - 数据库" [3306]="MySQL - 数据库" [3389]="RDP - 远程桌面" [5432]="PostgreSQL - 数据库" [6379]="Redis - 缓存数据库" [22]="SSH - 远程登录" ) if [[ -n "${risky_ports[$port]}" ]]; then echo -e "${YELLOW}[WARNING]${NC} 端口 $port 是常见服务端口: ${risky_ports[$port]}" echo -e "${YELLOW}建议:${NC} 确保该服务配置安全,使用强密码,限制访问来源" else echo -e "${GREEN}[INFO]${NC} 端口 $port 不在常见风险端口列表中" fi # 检查端口是否对外暴露 echo -e "${CYAN}端口暴露检查:${NC}" if command -v netstat >/dev/null 2>&1; then external_binding=$(netstat -tln 2>/dev/null | grep ":$port " | grep -v "127.0.0.1\|::1") if [ -n "$external_binding" ]; then echo -e "${RED}[WARNING]${NC} 端口可能对外暴露:" echo "$external_binding" echo -e "${YELLOW}建议:${NC} 检查是否需要对外暴露,考虑使用防火墙限制访问" else echo -e "${GREEN}[SAFE]${NC} 端口仅本地绑定,未对外暴露" fi fi echo } # 性能统计 performance_stats() { local port=$1 print_title "端口性能统计" # 网络统计 if [ -f "/proc/net/tcp" ]; then echo -e "${YELLOW}TCP套接字统计:${NC}" port_hex=$(printf "%04X" $port) tcp_sockets=$(grep ":$port_hex " /proc/net/tcp 2>/dev/null | wc -l) echo -e "${CYAN}TCP套接字数量:${NC} $tcp_sockets" fi if [ -f "/proc/net/udp" ]; then echo -e "${YELLOW}UDP套接字统计:${NC}" port_hex=$(printf "%04X" $port) udp_sockets=$(grep ":$port_hex " /proc/net/udp 2>/dev/null | wc -l) echo -e "${CYAN}UDP套接字数量:${NC} $udp_sockets" fi # 系统整体网络统计 echo echo -e "${YELLOW}系统网络统计:${NC}" if [ -f "/proc/net/sockstat" ]; then echo -e "${CYAN}套接字统计:${NC}" cat /proc/net/sockstat 2>/dev/null fi echo } # 生成分析报告摘要 generate_summary() { local port=$1 local protocol=$2 print_title "分析报告摘要" echo -e "${CYAN}端口:${NC} $port" echo -e "${CYAN}协议:${NC} $protocol" echo -e "${CYAN}分析完成时间:${NC} $(date '+%Y-%m-%d %H:%M:%S')" # 检查端口状态 if command -v netstat >/dev/null 2>&1; then tcp_listening=$(netstat -tln 2>/dev/null | grep ":$port " | wc -l) udp_listening=$(netstat -uln 2>/dev/null | grep ":$port " | wc -l) echo -e "${CYAN}状态摘要:${NC}" [ $tcp_listening -gt 0 ] && echo -e " ${GREEN}✓${NC} TCP端口正在监听" || echo -e " ${RED}✗${NC} TCP端口未监听" [ $udp_listening -gt 0 ] && echo -e " ${GREEN}✓${NC} UDP端口正在监听" || echo -e " ${RED}✗${NC} UDP端口未监听" fi echo echo -e "${GREEN}分析完成!${NC}" print_separator } # 主函数 main() { local port=$1 local protocol=${2:-"all"} # 检查参数 if [ -z "$port" ]; then echo -e "${RED}用法: $0 <端口号> [协议类型:tcp/udp/all]${NC}" echo "示例: $0 80 tcp" echo "示例: $0 53 all" exit 1 fi # 验证端口和协议 validate_port $port if [[ ! "$protocol" =~ ^(tcp|udp|all)$ ]]; then echo -e "${RED}[ERROR]${NC} 无效的协议类型: $protocol (支持: tcp/udp/all)" exit 1 fi # 开始分析 clear echo -e "${GREEN}Linux端口系统性分析工具${NC}" print_separator check_root get_port_basic_info $port $protocol check_port_listening $port $protocol analyze_port_processes $port $protocol check_firewall_rules $port analyze_network_connections $port $protocol test_port_connectivity $port $protocol analyze_port_logs $port security_analysis $port performance_stats $port generate_summary $port $protocol } # 执行主函数 main "$@"