1.查找指定目标进程(java的atf web工程)

ps -aux | grep atf
 root      3582  0.1 11.2 382228 190588 ?       Sl   09:31   0:19 java -Datf -jar start.jar etc/jetty.xml
 root     22121  0.0  0.0   1644   508 pts/1    R+   12:12   0:00 grep atf

2.在全部端口中查找进程号为 pid=3582(atf项目的进程号) 的信息
2. netstat -naop | grep 3582

tcp6       0      0 :::8080                 :::*                    LISTEN     3582/java           off (0.00/0/0)
 tcp6       0      0 :::8443                 :::*                    LISTEN     3582/java           off (0.00/0/0)
 tcp6       0      0 ::ffff:192.168.6.:49454 ::ffff:192.168.6.1:1531 ESTABLISHED3582/java           off (0.00/0/0)
 tcp6       0      0 ::ffff:192.168.6.:49593 ::ffff:192.168.6.:61616 ESTABLISHED3582/java           off (0.00/0/0)
 tcp6       0      0 ::ffff:192.168.6.:34871 ::ffff:192.168.6.1:1531 ESTABLISHED3582/java           off (0.00/0/0)
 tcp6       0      0 ::ffff:192.168.6.2:8080 ::ffff:192.168.88.:3692 ESTABLISHED3582/java           off (0.00/0/0)
 tcp6       0      0 ::ffff:192.168.6.2:8080 ::ffff:192.168.88.:3689 ESTABLISHED3582/java           off (0.00/0/0)
 tcp6       0      0 ::ffff:192.168.6.2:8443 ::ffff:192.168.88.:3695 ESTABLISHED3582/java           off (0.00/0/0)
 tcp6       0      0 ::ffff:192.168.6.2:8443 ::ffff:192.168.88.:3697 ESTABLISHED3582/java           off (0.00/0/0)

其中 :::8080 和:::8443  是 atf项目打开的端口号,
其他是已经和atf建立连接的请求服务。
这里建立的7个链接
两个oracle的连接   

::ffff:192.168.6.:49454 ::ffff:192.168.6.1:1531 ESTABLISHED
 ::ffff:192.168.6.:34871 ::ffff:192.168.6.1:1531 ESTABLISHED


一个apache-activemq的连接
        ::ffff:192.168.6.:49593 ::ffff:192.168.6.:61616
四个请求连接(表示有两个用户在使用atf系统系统,在生产环境中可以用来判断当前正在使用atf系统的用户数)

::ffff:192.168.6.2:8080 ::ffff:192.168.88.:3692 ESTABLISHED3582/java           off (0.00/0/0)
 ::ffff:192.168.6.2:8080 ::ffff:192.168.88.:3689 ESTABLISHED3582/java           off (0.00/0/0)
 ::ffff:192.168.6.2:8443 ::ffff:192.168.88.:3695 ESTABLISHED3582/java           off (0.00/0/0)
 ::ffff:192.168.6.2:8443 ::ffff:192.168.88.:3697 ESTABLISHED3582/java           off (0.00/0/0)

netstat在显示连接情景是的state的几个值所代表的意义,其实也就是TCP连接的三次握手细分的状态:

The state of the socket. Since there are no states in raw mode and usually no states used in UDP, this  column  may  be
       left blank. Normally this can be one of several values:ESTABLISHED   #套结字确立连接
              The socket has an established connection.SYN_SENT     
       The socket is actively attempting to establish a connection.SYN_RECV
           A connection request has been received from the network. FIN_WAIT1
       The socket is closed, and the connection is shutting down. FIN_WAIT2
       Connection is closed, and the socket is waiting for a shutdown from the remote end.TIME_WAIT
              The socket is waiting after close to handle packets still in the network.  CLOSED The socket is not being used.
 CLOSE_WAIT
      The remote end has shut down, waiting for the socket to close. LAST_ACK
              The remote end has shut down, and the socket is closed. Waiting for acknowledgement.    LISTEN 
he  socket is listening for incoming connections.  Such sockets are not included in the output unless you spec-
              ify the --listening (-l) or --all (-a) option.  CLOSING
        Both sockets are shut down but we still don’t have all our data sent.
  UNKNOWN
              The state of the socket is unknown.

 

  

WINDOWS自带的无敌kill进程命令
问:怎么才能关掉一个用任务管理器关不了的进程?我前段时间发现我的机子里多了一个进程,只要开机就在,我用任务管理器却怎么关也关不了

答1:杀进程很容易,随便找个工具都行。比如IceSword。关键是找到这个进程的启动方式,不然下次重启它又出来了。顺便教大家一招狠的。其实用Windows自带的工具就能杀大部分进程:

c:>ntsd -c q -p PID

  只有System、SMSS.EXE和CSRSS.EXE不能杀。前两个是纯内核态的,最后那个是Win32子系统,ntsd本身需要它。ntsd从2000开始就是系统自带的用户态调试工具。被调试器附着(attach)的进程会随调试器一起退出,所以可以用来在命令行下终止进程。使用ntsd自动就获得了debug权限,从而能杀掉大部分的进程。ntsd会新开一个调试窗口,本来在纯命令行下无法控制,但如果只是简单的命令,比如退出(q),用-c参数从命令行传递就行了。NtsdNtsd 按照惯例也向软件开发人员提供。只有系统开发人员使用此命令。有关详细信息,请参阅 NTSD 中所附的帮助文件。用法:开个cmd.exe窗口,输入:

 

ntsd -c q -p PID

  把最后那个PID,改成你要终止的进程的ID。如果你不知道进程的ID,任务管理器->进程选项卡->查看->选择列->勾上"PID(进程标识符)",然后就能看见了。

答2:xp下还有两个好东东tasklist和tskill。tasklist能列出所有的进程,和相应的信息。tskill能查杀进程,语法很简单:tskill 程序名!!

附:NTSD 中所附的帮助文件

usage: ntsd [-?] [-2] [-d] [-g] [-G] [-myob] [-lines] [-n] [-o] [-s] [-v] [-w] 
[-r BreakErrorLevel] [-t PrintErrorLevel] 
[-hd] [-pd] [-pe] [-pt #] [-pv] [-x | -x{e|d|n|i} ] 
[-- | -p pid | -pn name | command-line | -z CrashDmpFile] 
[-zp CrashPageFile] [-premote transport] [-robp] 
[-aDllName] [-c "command"] [-i ImagePath] [-y SymbolsPath] 
[-clines #] [-srcpath SourcePath] [-QR machine] [-wake ] 
[-remote transport:server=name,portid] [-server transport:portid] 
[-ses] [-sfce] [-sicv] [-snul] [-noio] [-failinc] [-noshell] where: -? displays this help text 
command-line is the command to run under the debugger 
-- is the same as -G -g -o -p -1 -d -pd 
-aDllName sets the default extension DLL 
-c executes the following debugger command 
-clines number of lines of output history retrieved by a remote client 
-failinc causes incomplete symbol and module loads to fail 
-d sends all debugger output to kernel debugger via DbgPrint 
-d cannot be used with debugger remoting 
-d can only be used when the kernel debugger is enabled 
-g ignores initial breakpoint in debuggee 
-G ignores final breakpoint at process termination 
-hd specifies that the debug heap should not be used 
for created processes. This only works on Windows Whistler. 
-o debugs all processes launched by debuggee 
-p pid specifies the decimal process Id to attach to 
-pd specifies that the debugger should automatically detach 
-pe specifies that any attach should be to an existing debug port 
-pn name specifies the name of the process to attach to 
-pt # specifies the interrupt timeout 
-pv specifies that any attach should be noninvasive 
-r specifies the (0-3) error level to break on (SeeSetErrorLevel) 
-robp allows breakpoints to be set in read-only memory 
-t specifies the (0-3) error level to display (SeeSetErrorLevel) 
-w specifies to debug 16 bit applications in a separate VDM 
-x sets second-chance break on AV exceptions 
-x{e|d|n|i} sets the break status for the specified event 
-2 creates a separate console window for debuggee 
-i ImagePath specifies the location of the executables that generated 
the fault (see _NT_EXECUTABLE_IMAGE_PATH) 
-lines requests that line number information be used if present 
-myob ignores version mismatches in DBGHELP.DLL 
-n enables verbose output from symbol handler 
-noio disables all I/O for dedicated remoting servers 
-noshell disables the .shell (!!) command 
-QR <machine> queries for remote servers 
-s disables lazy symbol loading 
-ses enables strict symbol loading 
-sfce fails critical errors encountered during file searching 
-sicv ignores the CV record when symbol loading 
-snul disables automatic symbol loading for unqualified names 
-srcpath specifies the source search path 
-v enables verbose output from debugger 
-wake wakes up a sleeping debugger and exits 
-y specifies the symbol search path (see _NT_SYMBOL_PATH) 
-z specifies the name of a crash dump file to debug 
-zp specifies the name of a page.dmp file 
to use with a crash dump 
-remote lets you connect to a debugger session started with -server 
must be the first argument if present 
transport: tcp | npipe | ssl | spipe | 1394 | com 
name: machine name on which the debug server was created 
portid: id of the port the debugger server was created on 
for tcp use: port= 
for npipe use: pipe= 
for 1394 use: channel= 
for com use: port=,baud=, 
channel= 
for ssl and spipe see the documentation 
example: ... -remote npipe:server=yourmachine,pipe=foobar 
-server creates a debugger session other people can connect to 
must be the first argument if present 
transport: tcp | npipe | ssl | spipe | 1394 | com 
portid: id of the port remote users can connect to 
for tcp use: port= 
for npipe use: pipe= 
for 1394 use: channel= 
for com use: port=,baud=, 
channel= 
for ssl and spipe see the documentation 
example: ... -server npipe:pipe=foobar 
-premote transport specifies the process server to connect to 
transport arguments are given as with remoting Environment Variables: 
_NT_SYMBOL_PATH=[Drive:][Path] 
Specify symbol image path. _NT_ALT_SYMBOL_PATH=[Drive:][Path] 
Specify an alternate symbol image path. _NT_DEBUGGER_EXTENSION_PATH=[Drive:][Path] 
Specify a path which should be searched first for extensions dlls _NT_EXECUTABLE_IMAGE_PATH=[Drive:][Path] 
Specify executable image path. _NT_SOURCE_PATH=[Drive:][Path] 
Specify source file path. _NT_DEBUG_LOG_FILE_OPEN=filename 
If specified, all output will be written to this file from offset 0. _NT_DEBUG_LOG_FILE_APPEND=filename 
If specified, all output will be APPENDed to this file. _NT_DEBUG_HISTORY_SIZE=size 
Specifies the size of a server's output history in kilobytes Control Keys: 
Quit debugger 
Break into Target 
Force a break into debuggee (same as Ctrl-C) 
Debug Current debugger 
Toggle Verbose mode 
Print version information 
ntsd: exiting - press enter ---

 

 

==============================

liunx 下
1. 查找指定项目的进程PID

ps -aux | grep atf
         root      3582  0.1 11.2 382228 190588 ?       Sl   09:31   0:19 java -Datf -jar start.jar etc/jetty.xml
         root     22121  0.0  0.0   1644   508 pts/1    R+   12:12   0:00 grep atf

2.在全部端口中查找进程号为 pid=3582(atf项目的进程号) 的信息

netstat -naop | grep 3582
         tcp6       0      0 :::8080                 :::*                    LISTEN     3582/java           off (0.00/0/0)
         tcp6       0      0 :::8443                 :::*                    LISTEN     3582/java           off (0.00/0/0)
         tcp6       0      0 ::ffff:192.168.6.:49454 ::ffff:192.168.6.1:1531 ESTABLISHED3582/java           off (0.00/0/0)
         tcp6       0      0 ::ffff:192.168.6.:49593 ::ffff:192.168.6.:61616 ESTABLISHED3582/java           off (0.00/0/0)
         tcp6       0      0 ::ffff:192.168.6.:34871 ::ffff:192.168.6.1:1531 ESTABLISHED3582/java           off (0.00/0/0)
         tcp6       0      0 ::ffff:192.168.6.2:8080 ::ffff:192.168.88.:3692 ESTABLISHED3582/java           off (0.00/0/0)
         tcp6       0      0 ::ffff:192.168.6.2:8080 ::ffff:192.168.88.:3689 ESTABLISHED3582/java           off (0.00/0/0)
         tcp6       0      0 ::ffff:192.168.6.2:8443 ::ffff:192.168.88.:3695 ESTABLISHED3582/java           off (0.00/0/0)
         tcp6       0      0 ::ffff:192.168.6.2:8443 ::ffff:192.168.88.:3697 ESTABLISHED3582/java           off (0.00/0/0)

其中 :::8080 和:::8443  是 atf项目打开的端口号,
其他是已经和atf建立连接的请求服务。
这里建立的7个链接
两个oracle的连接   

::ffff:192.168.6.:49454 ::ffff:192.168.6.1:1531 ESTABLISHED
         ::ffff:192.168.6.:34871 ::ffff:192.168.6.1:1531 ESTABLISHED


一个apache-activemq的连接
     

::ffff:192.168.6.:49593 ::ffff:192.168.6.:61616


四个请求连接(表示有两个用户在使用atf系统系统,在生产环境中可以用来判断当前正在使用atf系统的用户数)

::ffff:192.168.6.2:8080 ::ffff:192.168.88.:3692 ESTABLISHED3582/java           off (0.00/0/0)
         ::ffff:192.168.6.2:8080 ::ffff:192.168.88.:3689 ESTABLISHED3582/java           off (0.00/0/0)
         ::ffff:192.168.6.2:8443 ::ffff:192.168.88.:3695 ESTABLISHED3582/java           off (0.00/0/0)
         ::ffff:192.168.6.2:8443 ::ffff:192.168.88.:3697 ESTABLISHED3582/java           off (0.00/0/0)

二、 windows 下
1.查找指定目标进程(java的atf web工程)

tasklist  -v |find "java"


图像名        PID 

javaw.exe     2760

2.在全部端口中查找进程号为 pid=3582(atf项目的进程号) 的信息

netstat -nao |find "2760"
  TCP    0.0.0.0:8080           0.0.0.0:0              LISTENING       1232
  TCP    0.0.0.0:8443           0.0.0.0:0              LISTENING       1232
  TCP    192.168.88.46:4168     192.168.6.19:1531      ESTABLISHED     1232
  TCP    192.168.88.46:4169     192.168.6.19:1531      ESTABLISHED     1232