1、利用netstat 工具来检测查看SYN连接 1netstat -n -p -t 2Active Internet connections (w/o servers) 3Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name 4tcp 0 0 192.168.0.200:5050 192.168.0.38:48892 TIME_WAIT - 5tcp 0 0 192.168.0.200:5050 192.168.0.38:36604 TIME_WAIT - 6tcp 0 0 192.168.0.200:5050 192.168.0.38:52988 TIME_WAIT - 7tcp 0 0 192.168.0.200:5050 192.168.0.38:38911 TIME_WAIT - 8tcp 0 0 192.168.0.200:5050 192.168.0.38:58623 TIME_WAIT - 9tcp 0 0 192.168.0.200:43690 192.168.0.200:61616 ESTABLISHED 10415/java 当然我上面的都是正常连接。当然TIME_WAIT如果占比过多,肯定也是不正常的。(要么受到了攻击,要么需要参数调……

Continue reading