Share one Linux Command lsof

Source: Internet
Author: User

First look at this http://www.bkjia.com/ OS /201108/100604.html

For lsof, network administrators should understand the following usage:
# Display the current SSH connection user and source IP address

$ Sudo lsof-n | grep sshd | grep TCP | cut-c18-28, 70-
Root TCP *: 22 (LISTEN)
Root TCP *: 22 (LISTEN)
Root TCP 1.2.3.4: 22-> 6.7.8.9: 2544 (ESTABLISHED)
Huangwei TCP 1.2.3.4: 22-> 6.7.8.9: 2544 (ESTABLISHED)
Root TCP 1.2.3.4: 22-> 6.7.8.9: 29340 (ESTABLISHED)
Huangwei TCP 1.2.3.4: 22-> 6.7.8.9: 29340 (ESTABLISHED)
Root TCP 1.2.3.4: 22-> 6.7.8.9: 33223 (ESTABLISHED)
Huangwei TCP 1.2.3.4: 22-> 6.7.8.9: 33223 (ESTABLISHED)
Huangwei TCP [: 1]: cisco-sccp (LISTEN)
Huangwei TCP 127.0.0.1: cisco-sccp (LISTEN)
Huangwei TCP 1.2.3.4: 40183-> 74.125.227.8: https (ESTABLISHED)
Root TCP 1.2.3.4: 22-> 6.7.8.9: 43698 (ESTABLISHED)
Huangwei TCP 1.2.3.4: 22-> 6.7.8.9: 43698 (ESTABLISHED)
Root TCP 1.2.3.4: 22-> 6.7.8.9: 44943 (ESTABLISHED)
Huangwei TCP 1.2.3.4: 22-> 6.7.8.9: 44943 (ESTABLISHED)
Huangwei TCP 1.2.3.4: 38038-> 74.125.227.20: www (ESTABLISHED)
Let's see who is using a large number of concurrent connections?

DDoS? Website administrator's nightmare! A "simple" command can be used to find the script kids? You can see:

$ Sudo netstat-anp | grep 'tcp \ | udp' | awk '{print $5}' | cut-d:-f1 | sort | uniq-c | sort-nr
8 192.168.0.218
7 192.168.0.38
6 192.168.0.14
6 0.0.0.0
2 192.168.0.166
2 192.168.0.110
2 192.168.0.10
1 192.168.232.223
1 192.168.0.70
1 192.168.0.6
1 192.168.0.50
1 192.168.0.22
1 192.168.0.210
1 192.168.0.194
How many ports are opened on the server? You can see:

$ Sudo lsof-I
Command pid user fd type device size/OFF NODE NAME
Mysqld 1190 mysql 10u IPv4 5022 0t0 TCP localhost: mysql (LISTEN)
Apache2 1347 root 3u IPv4 5327 0t0 TCP *: www (LISTEN)
Svnserve 1759 svn 3u IPv4 6612 0t0 TCP ooxx-vpn: svn (LISTEN)
Sshd 2583 root 3r IPv4 1194924 0t0 TCP 192.168.1.176: 8822-> 192.168.2.223: 40876 (ESTABLISHED)
Sshd 2651 huangwei 3u IPv4 1194924 0t0 TCP 192.168.1.176: 8822-> 192.168.2.223: 40876 (ESTABLISHED)
Apache2 2714 www-data 3u IPv4 5327 0t0 TCP *: www (LISTEN)
Apache2 2715 www-data 3u IPv4 5327 0t0 TCP *: www (LISTEN)
Apache2 2722 www-data 3u IPv4 5327 0t0 TCP *: www (LISTEN)
Apache2 2722 www-data 11u IPv4 1198941 0t0 TCP ooxx-vpn: www-> 192.168.0.50: 4068 (ESTABLISHED)
Apache2 2723 www-data 3u IPv4 5327 0t0 TCP *: www (LISTEN)
Apache2 2725 www-data 3u IPv4 5327 0t0 TCP *: www (LISTEN)
Apache2 2725 www-data 11u IPv4 1198939 0t0 TCP ooxx-vpn: www-> 192.168.0.194: 15397 (ESTABLISHED)
Apache2 2734 www-data 3u IPv4 5327 0t0 TCP *: www (LISTEN)
Apache2 2809 www-data 3u IPv4 5327 0t0 TCP *: www (LISTEN)
Apache2 2809 www-data 11u IPv4 1198940 0t0 TCP ooxx-vpn: www-> 192.168.0.218: 1521 (ESTABLISHED)
Apache2 2810 www-data 3u IPv4 5327 0t0 TCP *: www (LISTEN)
Apache2 2811 www-data 3u IPv4 5327 0t0 TCP *: www (LISTEN)
Apache2 2818 www-data 3u IPv4 5327 0t0 TCP *: www (LISTEN)
Apache2 2819 www-data 3u IPv4 5327 0t0 TCP *: www (LISTEN)
Apache2 2845 www-data 3u IPv4 5327 0t0 TCP *: www (LISTEN)
Apache2 2845 www-data 11u IPv4 1198938 0t0 TCP ooxx-vpn: www-> 192.168.0.14: 36802 (ESTABLISHED)
Proftpd 7191 ftp 0u IPv4 29954 0t0 TCP ooxx-vpn: ftp (LISTEN)
Sshd 9720 root 3u IPv4 47070 0t0 TCP *: 8822 (LISTEN)
Sshd 9720 root 4u IPv6 47072 0t0 TCP *: 8822 (LISTEN)
Svnserve 11217 svn 4u IPv4 1019658 0t0 TCP ooxx-vpn: svn-> 192.168.0.166: 6211 (ESTABLISHED)
Svnserve 11350 svn 4u IPv4 1020389 0t0 TCP ooxx-vpn: svn-> 192.168.0.166: 6286 (ESTABLISHED)
Svnserve 12706 svn 4u IPv4 627093 0t0 TCP ooxx-vpn: svn-> 192.168.0.22: 1084 (ESTABLISHED)
Check all applications that use TCP port 80 on the local machine.

$ Sudo lsof-I tcp: 80
The sample output is as follows:

Command pid user fd type device size/OFF NODE NAME
Apache2 2827 www-data 3u IPv4 1609898 0t0 TCP *: www (LISTEN)
Apache2 2827 www-data 11u IPv4 2026780 0t0 TCP ooxx-vpn: www-> 192.168.0.22: 14949 (ESTABLISHED)
Apache2 2875 www-data 3u IPv4 1609898 0t0 TCP *: www (LISTEN)
Apache2 2919 www-data 3u IPv4 1609898 0t0 TCP *: www (LISTEN)
Apache2 2920 www-data 3u IPv4 1609898 0t0 TCP *: www (LISTEN)
Apache2 2921 www-data 3u IPv4 1609898 0t0 TCP *: www (LISTEN)
Apache2 2924 www-data 3u IPv4 1609898 0t0 TCP *: www (LISTEN)
Apache2 2926 www-data 3u IPv4 1609898 0t0 TCP *: www (LISTEN)
Apache2 2928 www-data 3u IPv4 1609898 0t0 TCP *: www (LISTEN)
Apache2 2930 www-data 3u IPv4 1609898 0t0 TCP *: www (LISTEN)
Apache2 2932 www-data 3u IPv4 1609898 0t0 TCP *: www (LISTEN)
Apache2 2933 www-data 3u IPv4 1609898 0t0 TCP *: www (LISTEN)
Apache2 26081 root 3u IPv4 1609898 0t0 TCP *: www (LISTEN)

 

Smile

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.