1.1 KiB
Connections to servers
Usually connections to servers are a sign that all is working, occasionally though some nefarious parties decide that they really like the server and want to hog all the connections to themselves.
A command you can use to see the connections on a server is
netstat -anp | grep 'tcp\|udp' | awk '{print $5}' | cut -d ':' -f 1 | sort | uniq -c | nort -n
In these situations we will usually see a high connection count for certain services, the most common ones are (In order of how common they are)
- HTTP (Web Service)
- SMTP (Outgoing Email Service)
- IMAP (Incoming Email Service)
- POP3 (Incoming Email Service)
- FTP (File Transport Service)
##HTTP
Finding IP addresses connecting to HTTP is quite easy, all you should need to do is tail access logs to find the IP addresses
You can use a command like tail -f /home/*/access-logs/* | awk '{print $1}' to get a live update on connections via HTTP/HTTPS on the server. For more information on the commands used click here Note: This will only check sites in /home
##SMTP