1.1 KiB
Connections to servers
Usually connections to servers are a sign that all is working, occasionally though some nefarious parties decide that they really like the server and want to hog all the connections to themselves.
A command you can use to see the connections on a server is
netstat -anp | grep 'tcp\|udp' | awk '{print $5}' | cut -d ':' -f 1 | sort | uniq -c | sort -n
In these situations we will usually see a high connection count for certain services, the most common ones are (In order of how common they are)
- HTTP (Web Service)
- SMTP (Outgoing Email Service)
- IMAP (Incoming Email Service)
- POP3 (Incoming Email Service)
- FTP (File Transport Service)
HTTP
Finding IP addresses connecting to HTTP is quite easy, all you should need to do is tail access logs to find the IP addresses
You can use a command like tail -f /home/*/access-logs/* | awk '{print $1}' to get a live update on connections via HTTP/HTTPS on the server. For more information on the commands used click here Note: This will only check sites in /home