How to check which process is flooding TCP SYN connections on Linux? -


my server running fedora core 13. 1 day found there lot of abnormal traffic tried initiate tcp connections outside hosts. tried remove default route , dns server configurations, traffic changed localhost localhost. below data collected:

[root@svr /]# tshark -pni lo | grep '22 \[syn' | head  running user "root" , group "root". dangerous. capturing on lo   0.000226    127.0.0.1 -> 127.0.0.1    tcp 38805 > 22 [syn] seq=0 win=32792 len=0 mss=16396 tsv=141307237 tser=0 ws=6   0.004381    127.0.0.1 -> 127.0.0.1    tcp 38806 > 22 [syn] seq=0 win=32792 len=0 mss=16396 tsv=141307241 tser=0 ws=6   0.009740    127.0.0.1 -> 127.0.0.1    tcp 38811 > 22 [syn] seq=0 win=32792 len=0 mss=16396 tsv=141307246 tser=0 ws=6   0.014950    127.0.0.1 -> 127.0.0.1    tcp 38812 > 22 [syn] seq=0 win=32792 len=0 mss=16396 tsv=141307252 tser=0 ws=6   0.018930    127.0.0.1 -> 127.0.0.1    tcp 38817 > 22 [syn] seq=0 win=32792 len=0 mss=16396 tsv=141307256 tser=0 ws=6   0.022737    127.0.0.1 -> 127.0.0.1    tcp 38818 > 22 [syn] seq=0 win=32792 len=0 mss=16396 tsv=141307259 tser=0 ws=6   0.026949    127.0.0.1 -> 127.0.0.1    tcp 38823 > 22 [syn] seq=0 win=32792 len=0 mss=16396 tsv=141307264 tser=0 ws=6   0.030749    127.0.0.1 -> 127.0.0.1    tcp 38824 > 22 [syn] seq=0 win=32792 len=0 mss=16396 tsv=141307267 tser=0 ws=6   0.034732    127.0.0.1 -> 127.0.0.1    tcp 38829 > 22 [syn] seq=0 win=32792 len=0 mss=16396 tsv=141307271 tser=0 ws=6   0.038591    127.0.0.1 -> 127.0.0.1    tcp 38830 > 22 [syn] seq=0 win=32792 len=0 mss=16396 tsv=141307275 tser=0 ws=6 [root@svr /]# [root@svr /]# lsof -n -i :22 command  pid user   fd   type     device size/off node name sshd    1821 root    3u  ipv4      11689      0t0  tcp *:ssh (listen) sshd    1821 root    4u  ipv6      11693      0t0  tcp *:ssh (listen) ssh     2401 root    4u  ipv4 1010098785      0t0  tcp 172.17.2.128:56650->172.17.5.1:ssh (established) sshd    7126 root    3u  ipv4  998744449      0t0  tcp 10.10.91.220:ssh->10.10.91.250:46490 (established) [root@svr /]# [root@svr /]# netstat -anpt | grep :22 tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   listen      1821/sshd            tcp        0      0 127.0.0.1:48011             127.0.0.1:22                established -                    tcp      300      0 127.0.0.1:22                127.0.0.1:48011             established -                    tcp        0      0 10.10.91.220:22             10.10.91.250:46490          established 7126/3               tcp        0      0 172.17.2.128:56650          172.17.5.1:22               established 2401/ssh             tcp        0      0 :::22                       :::*                        listen      1821/sshd

so questions how can find out process flooding tcp connections?

tia!


Comments

Post a Comment

Popular posts from this blog

sql server - Cannot query correctly (MSSQL - PHP - JSON) -

i have little problem on project. , turns out query result returns nothing when value of first name or last name has 'ñ' in it. here's code config.php: <?php ini_set('mssql.charset', 'utf-8'); header('content-type: text/html; charset=utf-8'); $servername = "192.168.1.21"; /* ip add of db server */ $connection = array("database" => "db", "uid" => "?", "pwd" => "***"); $conn = sqlsrv_connect($servername, $connection); if(!$conn){ echo "connection not established."; die(print_r(sqlsrv_errors(), true)); } ?> myquery: $idnumber = $_post["idnum"]; $response = array(); $query2 = "select clname, cfname, cmname, cqualifier student cidno = '$idnumber'"; try{ $stmt2 = sqlsrv_query($conn, $query2); } catch(pdoexeption $ex){ $response["success"] = 0; $response["message"] = "d...
Read more

php - trouble displaying mysqli database results in correct order -

i have table in database stores events , date expire. want display events on website display current events first expired events after? i have tried following sql $sql = "select noticeid, notice, noticedesc, noticeimg, noticedate, expirydate tbl_notices group noticeid ,expired order expirydate asc"; but returns expired results first due expirydate being ordered asc in query. my tbl_notice structure looks this noticeid => int(4) notice => varchar(100) noticedesc => text noticedate => timestamp noticeimg => varchar(40) expirydate => datetime expired => int(1) 0 current or 1 expired my php code is $sql = "select noticeid, notice, noticedesc, noticeimg, noticedate, expirydate tbl_notices group noticeid ,expired order expirydate asc"; $result = mysqli_query($conn,$sql); if ($result->num_rows > 0) { // output data of each row while($row = $result->fetch_assoc()) { ...
Read more

C++ Linked List -

i trying create linked list download txt file , use linked list handle file line line. when handling downloaded linked list operations performed on such text editor would. encountering problems however. seems "node(string value)" section of code has wrong though original node() declaration no arguments passes. unable figure out quite is. node.h class node { public: node(); node(string value); void setnext(node *nextnode); // allows user set "next" pointer of node points friend class linkedlist; private: string data; // data box node* next; // pointer box }; node.cpp # include <string> # include "node.h" using namespace std; node::node() { data = ""; next = null; } node::node(string value) { data = value; next = null; } void node::setnext(node *nextnode) // allows user set "next" pointer of node points { this->next = nextnode; } your #include <string> ...
Read more