Centos system simply troubleshoot abnormal traffic

Original link: He Xiaodong Blog

The main reason is that the server has abnormal traffic, and I feel that there is nothing to do. The sudden abnormal traffic is not scientific at all, so I simply checked it and took a note.

Step 1: Find out which port generates abnormal traffic

iftop needs to be installed in advance to analyze the real-time network traffic. In Mac system, you may need iftop -i en0 specify the network card, and then enter the interface and open the display port by pressing the p key. For more precise parameters and usage, refer to 1613b33bb89ba6 iftop flow monitoring

Just use the command directly under centos

iftop -PB

Then you can find that the traffic occupies a large port. For example, it is found that the port of 54626 is wrong

Step 2: Analyze which process this port is occupied by

Use the command to analyze the port directly

lsof -i 54626

Analysis found that the process ID is 622

Step 3: Analyze the process

Directly use the ps aux command to analyze, this command can see a lot of information:

• USER: which user the process belongs to
• PID: The process identification code of the process.
• %CPU: The percentage of CPU resources used by the process;
• %MEM: The percentage of physical memory occupied by the process;
• VSZ: The amount of virtual memory used by the process (Kbytes)
• RSS: The fixed amount of memory occupied by the process (Kbytes)
• TTY: The process is operating on the terminal

• STAT: The current status of the process (D/R/S/T/Z)

  • D Uninterruptible sleep (usually IO)
  • R run runnable (on run queue)
  • S interrupt sleeping
  • T stopped or stopped
  • Z zombie a defunct ("zombie") process
  • Other states include W (no page resident), <(high priority process), N (low priority process), L (memory lock page).
• START: the time when the process was triggered to start;
• TIME: The time that the process actually uses the CPU to run.
• COMMAND: The actual instruction of the program

ps aux | grep 622

According to the results, analyze what program caused the abnormal flow, and then kill the process or uninstall the corresponding software, which is done according to the needs.

Finally, just get a meal Cloud's full range of products/SMS packages are the best choice for purchasing small and medium-sized enterprises to the cloud.