First look at this http://www.bkjia.com/ OS /201108/100604.html
For lsof, network administrators should understand the following usage:
# Display the current SSH connection user and source IP address
$ Sudo lsof-n | grep sshd | grep TCP | cut-c18-28, 70-
Root TCP *: 22 (LISTEN)
Root TCP *: 22 (LISTEN)
Root TCP 1.2.3.4: 22-> 6.7.8.9: 2544 (ESTABLISHED)
Huangwei TCP 1.2.3.4: 22-> 6.7.8.9: 2544 (ESTABLISHED)
Root TCP 1.2.3.4: 22-> 6.7.8.9: 29340 (ESTABLISHED)
Huangwei TCP 1.2.3.4: 22-> 6.7.8.9: 29340 (ESTABLISHED)
Root TCP 1.2.3.4: 22-> 6.7.8.9: 33223 (ESTABLISHED)
Huangwei TCP 1.2.3.4: 22-> 6.7.8.9: 33223 (ESTABLISHED)
Huangwei TCP [: 1]: cisco-sccp (LISTEN)
Huangwei TCP 127.0.0.1: cisco-sccp (LISTEN)
Huangwei TCP 1.2.3.4: 40183-> 74.125.227.8: https (ESTABLISHED)
Root TCP 1.2.3.4: 22-> 6.7.8.9: 43698 (ESTABLISHED)
Huangwei TCP 1.2.3.4: 22-> 6.7.8.9: 43698 (ESTABLISHED)
Root TCP 1.2.3.4: 22-> 6.7.8.9: 44943 (ESTABLISHED)
Huangwei TCP 1.2.3.4: 22-> 6.7.8.9: 44943 (ESTABLISHED)
Huangwei TCP 1.2.3.4: 38038-> 74.125.227.20: www (ESTABLISHED)
Let's see who is using a large number of concurrent connections?
DDoS? Website administrator's nightmare! A "simple" command can be used to find the script kids? You can see:
$ Sudo netstat-anp | grep 'tcp \ | udp' | awk '{print $5}' | cut-d:-f1 | sort | uniq-c | sort-nr
8 192.168.0.218
7 192.168.0.38
6 192.168.0.14
6 0.0.0.0
2 192.168.0.166
2 192.168.0.110
2 192.168.0.10
1 192.168.232.223
1 192.168.0.70
1 192.168.0.6
1 192.168.0.50
1 192.168.0.22
1 192.168.0.210
1 192.168.0.194
How many ports are opened on the server? You can see:
$ Sudo lsof-I
Command pid user fd type device size/OFF NODE NAME
Mysqld 1190 mysql 10u IPv4 5022 0t0 TCP localhost: mysql (LISTEN)
Apache2 1347 root 3u IPv4 5327 0t0 TCP *: www (LISTEN)
Svnserve 1759 svn 3u IPv4 6612 0t0 TCP ooxx-vpn: svn (LISTEN)
Sshd 2583 root 3r IPv4 1194924 0t0 TCP 192.168.1.176: 8822-> 192.168.2.223: 40876 (ESTABLISHED)
Sshd 2651 huangwei 3u IPv4 1194924 0t0 TCP 192.168.1.176: 8822-> 192.168.2.223: 40876 (ESTABLISHED)
Apache2 2714 www-data 3u IPv4 5327 0t0 TCP *: www (LISTEN)
Apache2 2715 www-data 3u IPv4 5327 0t0 TCP *: www (LISTEN)
Apache2 2722 www-data 3u IPv4 5327 0t0 TCP *: www (LISTEN)
Apache2 2722 www-data 11u IPv4 1198941 0t0 TCP ooxx-vpn: www-> 192.168.0.50: 4068 (ESTABLISHED)
Apache2 2723 www-data 3u IPv4 5327 0t0 TCP *: www (LISTEN)
Apache2 2725 www-data 3u IPv4 5327 0t0 TCP *: www (LISTEN)
Apache2 2725 www-data 11u IPv4 1198939 0t0 TCP ooxx-vpn: www-> 192.168.0.194: 15397 (ESTABLISHED)
Apache2 2734 www-data 3u IPv4 5327 0t0 TCP *: www (LISTEN)
Apache2 2809 www-data 3u IPv4 5327 0t0 TCP *: www (LISTEN)
Apache2 2809 www-data 11u IPv4 1198940 0t0 TCP ooxx-vpn: www-> 192.168.0.218: 1521 (ESTABLISHED)
Apache2 2810 www-data 3u IPv4 5327 0t0 TCP *: www (LISTEN)
Apache2 2811 www-data 3u IPv4 5327 0t0 TCP *: www (LISTEN)
Apache2 2818 www-data 3u IPv4 5327 0t0 TCP *: www (LISTEN)
Apache2 2819 www-data 3u IPv4 5327 0t0 TCP *: www (LISTEN)
Apache2 2845 www-data 3u IPv4 5327 0t0 TCP *: www (LISTEN)
Apache2 2845 www-data 11u IPv4 1198938 0t0 TCP ooxx-vpn: www-> 192.168.0.14: 36802 (ESTABLISHED)
Proftpd 7191 ftp 0u IPv4 29954 0t0 TCP ooxx-vpn: ftp (LISTEN)
Sshd 9720 root 3u IPv4 47070 0t0 TCP *: 8822 (LISTEN)
Sshd 9720 root 4u IPv6 47072 0t0 TCP *: 8822 (LISTEN)
Svnserve 11217 svn 4u IPv4 1019658 0t0 TCP ooxx-vpn: svn-> 192.168.0.166: 6211 (ESTABLISHED)
Svnserve 11350 svn 4u IPv4 1020389 0t0 TCP ooxx-vpn: svn-> 192.168.0.166: 6286 (ESTABLISHED)
Svnserve 12706 svn 4u IPv4 627093 0t0 TCP ooxx-vpn: svn-> 192.168.0.22: 1084 (ESTABLISHED)
Check all applications that use TCP port 80 on the local machine.
$ Sudo lsof-I tcp: 80
The sample output is as follows:
Command pid user fd type device size/OFF NODE NAME
Apache2 2827 www-data 3u IPv4 1609898 0t0 TCP *: www (LISTEN)
Apache2 2827 www-data 11u IPv4 2026780 0t0 TCP ooxx-vpn: www-> 192.168.0.22: 14949 (ESTABLISHED)
Apache2 2875 www-data 3u IPv4 1609898 0t0 TCP *: www (LISTEN)
Apache2 2919 www-data 3u IPv4 1609898 0t0 TCP *: www (LISTEN)
Apache2 2920 www-data 3u IPv4 1609898 0t0 TCP *: www (LISTEN)
Apache2 2921 www-data 3u IPv4 1609898 0t0 TCP *: www (LISTEN)
Apache2 2924 www-data 3u IPv4 1609898 0t0 TCP *: www (LISTEN)
Apache2 2926 www-data 3u IPv4 1609898 0t0 TCP *: www (LISTEN)
Apache2 2928 www-data 3u IPv4 1609898 0t0 TCP *: www (LISTEN)
Apache2 2930 www-data 3u IPv4 1609898 0t0 TCP *: www (LISTEN)
Apache2 2932 www-data 3u IPv4 1609898 0t0 TCP *: www (LISTEN)
Apache2 2933 www-data 3u IPv4 1609898 0t0 TCP *: www (LISTEN)
Apache2 26081 root 3u IPv4 1609898 0t0 TCP *: www (LISTEN)
Smile
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
