论坛徽章:: 0

电梯直达

1楼 [收藏(0)] [报告]

发表于 2006-07-24 16:20 |只看该作者 |倒序浏览

我的服务器流量明白不正常，我用tcpdump 抓包看到一个IP在疯狂连80端口，请问怎么样查这个IP在访问哪个网页？tcpdump抓包能看到吗？
6:20:31.613462 IP 202-85-108-116.net-infinity.net.52922 > 218.6.172.24.http: . ack 1889640 win 32580 <nop,nop,timestamp 38491898 29380431,nop,nop,sack sack 1 {1892536:1901224} >

[ 本帖最后由 zhaowenhui 于 2006-7-24 16:24 编辑 ]

文库|博客

zhaowenhui

白手起家

论坛徽章:: 0

2楼 [报告]

发表于 2006-07-24 17:17 |只看该作者

netstat -antp

tcp       0    0 0.0.0.0:32768             0.0.0.0:*                LISTEN    1968/rpc.statd
tcp       0    0 0.0.0.0:80                0.0.0.0:*                LISTEN    15825/httpd
tcp       0    0 211.91.82.44:80          218.249.231.210:38238    SYN_RECV -
tcp       0    0 211.91.82.44:80          124.200.6.168:50809       SYN_RECV -
tcp       0    0 211.91.82.44:80          218.249.231.210:38240    SYN_RECV -
tcp       0    0 211.91.82.44:80          124.200.6.168:50799       SYN_RECV -
tcp       0    0 211.91.82.44:80          218.249.231.210:38280    SYN_RECV -
tcp       0    0 0.0.0.0:21                0.0.0.0:*                LISTEN    15081/vsftpd
tcp       0    0 0.0.0.0:631                0.0.0.0:*                LISTEN    31767/cupsd
tcp       0    0 127.0.0.1:25             0.0.0.0:*                LISTEN    2217/sendmail: acce
tcp       0    0 211.91.82.44:33851       61.152.91.188:80          TIME_WAIT -
tcp       0    0 211.91.82.44:33850       61.152.91.188:80          TIME_WAIT -
tcp       0    0 211.91.82.44:33854       61.152.91.188:80          TIME_WAIT -
tcp       0    0 211.91.82.44:33841       61.152.91.188:80          TIME_WAIT -
tcp       0    0 211.91.82.44:33857       61.152.91.188:80          TIME_WAIT -
tcp       0    0 211.91.82.44:33863       61.152.91.188:80          TIME_WAIT -
tcp       0    0 211.91.82.44:33872       61.152.91.188:80          TIME_WAIT -
tcp       0    0 211.91.82.44:33874       61.152.91.188:80          ESTABLISHED 28833/httpd
tcp       0    0 211.91.82.44:33876       61.152.91.188:80          TIME_WAIT -
tcp       0    0 211.91.82.44:33879       61.152.91.188:80          TIME_WAIT -
tcp       0    1 211.91.82.44:33896       61.152.91.188:80          SYN_SENT 29041/httpd
tcp       0    0 211.91.82.44:33892       61.152.91.188:80          TIME_WAIT -
tcp       0    0 211.91.82.44:33864       61.55.138.195:80          TIME_WAIT -
tcp       0    0 211.91.82.44:33894       210.51.178.2:80          TIME_WAIT -
tcp       0    0 211.91.82.44:33620       61.152.91.188:80          ESTABLISHED 28977/httpd
tcp       0    0 211.91.82.44:80          72.30.103.32:55327       TIME_WAIT -
tcp       0    1 211.91.82.44:33886       202.31.186.54:80          SYN_SENT 29034/httpd
tcp       0    0 211.91.82.44:33885       210.150.29.30:80          TIME_WAIT -
tcp       0    0 211.91.82.44:33869       218.92.172.152:80          TIME_WAIT -
tcp       0    0 211.91.82.44:80          58.60.25.104:37120       TIME_WAIT -
tcp       0    0 211.91.82.44:33865       202.205.109.8:80          TIME_WAIT -
tcp       0    0 211.91.82.44:80          203.168.193.2:46871       ESTABLISHED 26992/httpd
tcp       0    0 211.91.82.44:33881       61.152.108.167:80          TIME_WAIT -
tcp       0    0 211.91.82.44:80          203.134.242.93:1613       TIME_WAIT -
tcp 65444    0 211.91.82.44:33831       218.6.172.24:80          ESTABLISHED 29033/httpd
tcp 70544    0 211.91.82.44:33520       218.6.172.24:80          ESTABLISHED 28984/httpd
tcp 74876    0 211.91.82.44:33576       218.6.172.24:80          ESTABLISHED 28995/httpd
tcp       0    0 211.91.82.44:80          61.173.53.118:12431       ESTABLISHED 22534/httpd
tcp 64776    0 211.91.82.44:33731       218.6.172.24:80          ESTABLISHED 29040/httpd
tcp       0    0 192.168.100.102:33866    192.168.100.200:3306       TIME_WAIT -
tcp       0    0 192.168.100.102:33860    192.168.100.200:3306       TIME_WAIT -
tcp       0    0 192.168.100.102:33859    192.168.100.200:3306       TIME_WAIT -
tcp       0    0 192.168.100.102:33884    192.168.100.200:3306       TIME_WAIT -
tcp       0    0 192.168.100.102:33882    192.168.100.200:3306       TIME_WAIT -
tcp       0    0 192.168.100.102:33875    192.168.100.200:3306       TIME_WAIT -
tcp       0    0 192.168.100.102:33893    192.168.100.200:3306       TIME_WAIT -
tcp       0    0 192.168.100.102:33889    192.168.100.200:3306       TIME_WAIT -
tcp       0    0 192.168.100.102:33890    192.168.100.200:3306       TIME_WAIT -
tcp       0    0 192.168.100.102:33891    192.168.100.200:3306       TIME_WAIT -
tcp       0    0 211.91.82.44:33883       61.129.70.6:80             TIME_WAIT -
tcp       0    0 211.91.82.44:33880       61.129.70.6:80             TIME_WAIT -
tcp       0    0 211.91.82.44:33862       61.129.70.6:80             TIME_WAIT -
tcp       0    0 211.91.82.44:80          219.133.31.242:33162       ESTABLISHED 27006/httpd
tcp       0    0 211.91.82.44:59087       218.6.172.24:80          ESTABLISHED 28820/httpd
tcp 67232    0 211.91.82.44:59012       218.6.172.24:80          ESTABLISHED 28249/httpd
tcp       0 447 211.91.82.44:80          221.14.149.212:1972       ESTABLISHED 27057/httpd
tcp       0    0 211.91.82.44:59344       218.6.172.24:80          ESTABLISHED 28728/httpd
tcp       0    0 211.91.82.44:58636       218.6.172.24:80          ESTABLISHED 28794/httpd
tcp       0    0 211.91.82.44:58645       218.6.172.24:80          ESTABLISHED 28757/httpd
tcp       0    0 211.91.82.44:58679       218.6.172.24:80          ESTABLISHED 28700/httpd
tcp       0    0 211.91.82.44:58352       218.6.172.24:80          ESTABLISHED 28697/httpd
tcp       0    0 211.91.82.44:33856       61.55.138.148:80          TIME_WAIT -
tcp       0    0 211.91.82.44:80          221.14.149.212:1970       ESTABLISHED 26967/httpd
tcp 99016    0 211.91.82.44:57529       218.6.172.24:80          ESTABLISHED 28721/httpd
tcp       0    0 211.91.82.44:60030       218.6.172.24:80          ESTABLISHED 28323/httpd
tcp       0    0 211.91.82.44:60041       218.6.172.24:80          ESTABLISHED 28924/httpd
tcp 66263    0 211.91.82.44:60370       218.6.172.24:80          ESTABLISHED 28938/httpd
tcp 65728    0 211.91.82.44:59842       218.6.172.24:80          ESTABLISHED 28921/httpd
tcp       0    0 211.91.82.44:33858       61.55.138.162:80          TIME_WAIT -
tcp       0    0 211.91.82.44:54089       218.6.172.24:80          ESTABLISHED 28387/httpd
tcp       0    0 211.91.82.44:57041       218.6.172.24:80          ESTABLISHED 28647/httpd
tcp       0    0 211.91.82.44:33852       61.233.19.236:80          TIME_WAIT -
tcp       0    0 211.91.82.44:56399       218.6.172.24:80          ESTABLISHED 28632/httpd
tcp       0    1 211.91.82.44:33824       61.150.65.196:80          SYN_SENT 29027/httpd
tcp       0    0 211.91.82.44:55793       218.6.172.24:80          ESTABLISHED 28548/httpd
tcp       0    0 211.91.82.44:55739       218.6.172.24:80          ESTABLISHED 28525/httpd
tcp       0    0 211.91.82.44:55714       218.6.172.24:80          ESTABLISHED 28439/httpd
tcp       0    0 211.91.82.44:50852       218.6.172.24:80          ESTABLISHED 28111/httpd
tcp       0    0 211.91.82.44:50412       218.6.172.24:80          ESTABLISHED 28058/httpd
tcp       0    0 211.91.82.44:52922       218.6.172.24:80          ESTABLISHED 28232/httpd
tcp       0    0 211.91.82.44:52054       218.6.172.24:80          ESTABLISHED 28131/httpd
tcp       0    1 211.91.82.44:80          202.108.189.42:31526       LAST_ACK -
tcp       0    1 211.91.82.44:33822       211.156.176.33:80          FIN_WAIT1 -
tcp       0    0 211.91.82.44:33848       211.156.176.33:80          ESTABLISHED 28973/httpd
tcp       0    1 211.91.82.44:33842       59.106.28.132:80          SYN_SENT 28985/httpd
tcp       0 401 211.91.82.44:33895       61.153.183.61:80          ESTABLISHED 29038/httpd
tcp       0    0 211.91.82.44:33877       61.153.183.61:80          TIME_WAIT -
tcp       0    0 211.91.82.44:33847       202.108.15.66:80          TIME_WAIT -
tcp       0 4198 211.91.82.44:80          61.149.8.167:63542       ESTABLISHED 23161/httpd
tcp       0    0 211.91.82.44:80          58.62.104.8:1190          ESTABLISHED 27008/httpd
tcp       0    0 211.91.82.44:33855       60.191.248.107:80          TIME_WAIT -
tcp       0 6215 211.91.82.44:80          58.62.104.8:1188          ESTABLISHED 22539/httpd
tcp       0 6010 211.91.82.44:80          58.62.104.8:1189          ESTABLISHED 26955/httpd
tcp       0    0 211.91.82.44:33887       222.66.83.221:80          ESTABLISHED 29032/httpd
tcp 15731    0 211.91.82.44:33254       203.171.227.13:80          ESTABLISHED 29015/httpd
tcp 54275    0 211.91.82.44:33214       203.171.227.13:80          ESTABLISHED 28980/httpd
tcp       0    0 211.91.82.44:33871       202.108.12.40:80          TIME_WAIT -
tcp       0    0 211.91.82.44:80          202.108.189.41:61031       ESTABLISHED 23156/httpd
tcp       0    0 211.91.82.44:80          80.4.224.8:32365          ESTABLISHED 26950/httpd
tcp       0    1 211.91.82.44:33797       69.25.27.170:80          SYN_SENT 29018/httpd
tcp       0    0 211.91.82.44:80          72.30.107.19:37608       TIME_WAIT -
tcp       0    0 211.91.82.44:33845       222.179.142.98:80          TIME_WAIT -
tcp       0    0 211.91.82.44:80          202.32.178.40:13341       ESTABLISHED 7748/httpd
tcp       0    0 211.91.82.44:33870       58.20.51.81:80             TIME_WAIT -
tcp       0    0 211.91.82.44:80          221.210.47.138:1830       ESTABLISHED 27056/httpd
tcp       0    0 :::82                      :::*                      LISTEN    14740/httpd
tcp       0    0 :::22                      :::*                      LISTEN    2134/sshd
tcp       0    0 :::444                   :::*                      LISTEN    14740/httpd
tcp       1    0 ::ffff:211.91.82.44:82    ::ffff:202.160.178.22:33383 CLOSE_WAIT  29027/httpd
tcp       0  16968 ::ffff:211.91.82.44:82    ::ffff:61.229.136.155:2907  ESTABLISHED 29040/httpd
tcp       0    0 ::ffff:211.91.82.44:82    ::ffff:202.160.180.47:34153 ESTABLISHED 28956/httpd
tcp       0    0 ::ffff:211.91.82.44:82    ::ffff:202.160.179.73:36356 TIME_WAIT -
tcp       0  26280 ::ffff:211.91.82.44:82    ::ffff:202.132.166.235:3689 ESTABLISHED 28921/httpd
tcp       0    0 ::ffff:211.91.82.44:82    ::ffff:202.160.179.10:58438 TIME_WAIT -
tcp       1  12420 ::ffff:211.91.82.44:82    ::ffff:58.60.70.179:64119 CLOSE_WAIT  28962/httpd
tcp       1    0 ::ffff:211.91.82.44:82    ::ffff:202.160.178.10:52995 CLOSE_WAIT  28985/httpd
tcp       0  15840 ::ffff:211.91.82.44:82    ::ffff:218.170.170.246:4464 ESTABLISHED 29015/httpd
tcp       0    0 ::ffff:211.91.82.44:82    ::ffff:202.160.179.20:50019 TIME_WAIT -
tcp       0    0 ::ffff:211.91.82.44:82    ::ffff:202.160.180.56:42061 TIME_WAIT -
tcp       0    0 ::ffff:211.91.82.44:82    ::ffff:202.160.178.12:39943 TIME_WAIT -
tcp       0    0 ::ffff:211.91.82.44:22    ::ffff:202.108.93.217:2430  ESTABLISHED 28586/2
tcp       0    0 ::ffff:211.91.82.44:82    ::ffff:202.160.178.16:38747 TIME_WAIT -
tcp       0  27740 ::ffff:211.91.82.44:82    ::ffff:202.132.166.235:3627 ESTABLISHED 28249/httpd
tcp       0    0 ::ffff:211.91.82.44:82    ::ffff:202.160.178.42:43070 TIME_WAIT -
tcp       0    0 ::ffff:211.91.82.44:22    ::ffff:202.108.93.217:2328  ESTABLISHED 28168/1
tcp       0    0 ::ffff:211.91.82.44:82    ::ffff:202.160.178.10:50761 TIME_WAIT -
tcp       0    0 ::ffff:211.91.82.44:82    ::ffff:202.160.178.14:57924 TIME_WAIT -
tcp       0  12960 ::ffff:211.91.82.44:82    ::ffff:218.170.170.246:4390 ESTABLISHED 28980/httpd
tcp       1  12960 ::ffff:211.91.82.44:82    ::ffff:218.164.36.51:1122 CLOSE_WAIT  28995/httpd
tcp       0  12960 ::ffff:211.91.82.44:82    ::ffff:218.164.36.51:1135 ESTABLISHED 29033/httpd
tcp       0    0 ::ffff:211.91.82.44:82    ::ffff:202.160.178.23:52166 TIME_WAIT -
tcp       0    0 ::ffff:211.91.82.44:82    ::ffff:202.160.179.15:32944 ESTABLISHED 29034/httpd
tcp       0    0 ::ffff:211.91.82.44:82    ::ffff:202.160.178.17:46995 TIME_WAIT -
tcp       0    0 ::ffff:211.91.82.44:82    ::ffff:202.160.178.24:56529 ESTABLISHED 29041/httpd
tcp       1    0 ::ffff:211.91.82.44:82    ::ffff:202.160.178.25:36575 CLOSE_WAIT  28977/httpd
tcp       0 4577 ::ffff:211.91.82.44:82    ::ffff:220.246.237.131:1183 ESTABLISHED 29039/httpd
tcp       0    0 ::ffff:211.91.82.44:82    ::ffff:202.160.178.11:49052 TIME_WAIT -
tcp       0    0 ::ffff:211.91.82.44:82    ::ffff:202.160.178.11:42395 TIME_WAIT -
tcp       0    0 ::ffff:211.91.82.44:82    ::ffff:220.246.237.131:1180 ESTABLISHED 29038/httpd
tcp       0  10220 ::ffff:211.91.82.44:82    ::ffff:222.157.185.145:1193 ESTABLISHED 28984/httpd
tcp       0    0 ::ffff:211.91.82.44:82    ::ffff:202.160.178.15:35740 TIME_WAIT -
tcp       0    0 ::ffff:211.91.82.44:82    ::ffff:202.160.178.22:41123 TIME_WAIT -
tcp       0    0 ::ffff:211.91.82.44:82    ::ffff:202.160.179.93:55261 TIME_WAIT -
tcp       0    0 ::ffff:211.91.82.44:82    ::ffff:202.160.178.16:59100 ESTABLISHED 28833/httpd
tcp       0    0 ::ffff:211.91.82.44:82    ::ffff:202.160.180.25:34944 TIME_WAIT -
tcp       0  36764 ::ffff:211.91.82.44:82    ::ffff:220.131.44.239:2063  ESTABLISHED 28721/httpd
tcp       0    0 ::ffff:211.91.82.44:82    ::ffff:202.160.179.16:54449 TIME_WAIT -
tcp       0  12960 ::ffff:211.91.82.44:82    ::ffff:218.170.170.246:4272 ESTABLISHED 28930/httpd
tcp       0  12960 ::ffff:211.91.82.44:82    ::ffff:218.170.170.246:4275 ESTABLISHED 28943/httpd
tcp       0    0 ::ffff:211.91.82.44:82    ::ffff:221.6.89.165:9407 ESTABLISHED 29032/httpd
tcp       0    0 ::ffff:211.91.82.44:82    ::ffff:66.249.66.3:56602 ESTABLISHED 28022/httpd
tcp       0  36500 ::ffff:211.91.82.44:82    ::ffff:202.132.166.235:3733 ESTABLISHED 28938/httpd
tcp       0 7904 ::ffff:211.91.82.44:22    ::ffff:202.108.93.217:2747  ESTABLISHED 28864/3
tcp       1    0 ::ffff:211.91.82.44:82    ::ffff:202.160.178.42:56470 CLOSE_WAIT  29018/httpd
tcp       0    0 ::ffff:211.91.82.44:82    ::ffff:202.160.178.86:58605 TIME_WAIT -

实战分享：从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线！ | 新一代分布式关系型数据库RadonDB知多少？

skylove

荣誉版主

论坛徽章:: 0

3楼 [报告]

发表于 2006-07-24 21:17 |只看该作者

在web server里可以设置访问日志记录并查看的，就是access.log，具体要根据你的web server去查看了。

实战分享：从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线！ | 新一代分布式关系型数据库RadonDB知多少？

返回列表

Chinaunix › 论坛 › IT运维 › 数据安全 › 我的网络流量很不正常，怀疑被攻击，一起分析一下问题在 ...

我的网络流量很不正常，怀疑被攻击，一起分析一下问题在哪吧？ [复制链接]