23 lines
1.1 KiB
Markdown
23 lines
1.1 KiB
Markdown
# Connections to servers
|
|
|
|
Usually connections to servers are a sign that all is working, occasionally though some nefarious parties decide that they really like the server and want to hog all the connections to themselves.
|
|
|
|
A command you can use to see the connections on a server is
|
|
|
|
`netstat -anp | grep 'tcp\|udp' | awk '{print $5}' | cut -d ':' -f 1 | sort | uniq -c | sort -n`
|
|
|
|
In these situations we will usually see a high connection count for certain services, the most common ones are (In order of how common they are)
|
|
|
|
* HTTP (Web Service)
|
|
* SMTP (Outgoing Email Service)
|
|
* IMAP (Incoming Email Service)
|
|
* POP3 (Incoming Email Service)
|
|
* FTP (File Transport Service)
|
|
|
|
## HTTP
|
|
|
|
Finding IP addresses connecting to HTTP is quite easy, all you should need to do is tail access logs to find the IP addresses
|
|
|
|
You can use a command like `tail -f /home/*/access-logs/* | awk '{print $1}'` to get a live update on connections via HTTP/HTTPS on the server. [For more information on the commands used click here](/Commands/commands.md) *__Note: This will only check sites in /home__*
|
|
|
|
## SMTP |