主题:【求助】关于网站大量 Error 001 应对 -- 铁手
分析ipcontrack的脚本如下:
下面是我测试结果。
tcp 6 115 TIME_WAIT src=10.242.230.109 dst=10.242.148.102 sport=59592 dport=10080 packets=17 bytes=1324 src=10.242.148.102 dst=10.242.230.109 sport=10080 dport=59592 packets=11 bytes=18112 [ASSURED] mark=0 secmark=0 use=1
tcp 6 83 TIME_WAIT src=10.242.230.109 dst=10.242.148.102 sport=49749 dport=10080 packets=6 bytes=775 src=10.242.148.102 dst=10.242.230.109 sport=10080 dport=49749 packets=5 bytes=512 [ASSURED] mark=0 secmark=0 use=1
tcp 6 105 TIME_WAIT src=10.242.230.111 dst=10.242.148.102 sport=48174 dport=10080 packets=5 bytes=762 src=10.242.148.102 dst=10.242.230.111 sport=10080 dport=48174 packets=4 bytes=1657 [ASSURED] mark=0 secmark=0 use=1
tcp 6 27 TIME_WAIT src=10.242.148.102 dst=10.242.148.140 sport=42357 dport=64148 packets=7 bytes=1156 src=10.242.148.140 dst=10.242.148.102 sport=64148 dport=42357 packets=7 bytes=5180 [ASSURED] mark=0 secmark=0 use=1
tcp 6 90 TIME_WAIT src=10.242.230.109 dst=10.242.148.102 sport=52014 dport=10080 packets=6 bytes=820 src=10.242.148.102 dst=10.242.230.109 sport=10080 dport=52014 packets=5 bytes=512 [ASSURED] mark=0 secmark=0 use=1
tcp 6 77 TIME_WAIT src=10.242.230.112 dst=10.242.148.102 sport=53700 dport=10080 packets=18 bytes=1407 src=10.242.148.102 dst=10.242.230.112 sport=10080 dport=53700 packets=11 bytes=19839 [ASSURED] mark=0 secmark=0 use=1
tcp 6 25 TIME_WAIT src=10.242.230.107 dst=10.242.148.102 sport=47959 dport=10080 packets=10 bytes=960 src=10.242.148.102 dst=10.242.230.107 sport=10080 dport=47959 packets=7 bytes=8566 [ASSURED] mark=0 secmark=0 use=1
tcp 6 20 TIME_WAIT src=10.242.230.112 dst=10.242.148.102 sport=36645 dport=10080 packets=18 bytes=1311 src=10.242.148.102 dst=10.242.230.112 sport=10080 dport=36645 packets=11 bytes=19508 [ASSURED] mark=0 secmark=0 use=1
tcp 6 113 TIME_WAIT src=10.242.230.108 dst=10.242.148.102 sport=60306 dport=10080 packets=12 bytes=1241 src=10.242.148.102 dst=10.242.230.108 sport=10080 dport=60306 packets=8 bytes=11344 [ASSURED] mark=0 secmark=0 use=1
tcp 6 96 TIME_WAIT src=10.242.148.102 dst=10.242.148.140 sport=42710 dport=64148 packets=7 bytes=1108 src=10.242.148.140 dst=10.242.148.102 sport=64148 dport=42710 packets=7 bytes=4676 [ASSURED] mark=0 secmark=0 use=1
[root@ud60216 ~]# head ipcontrack | awk '{print substr($5, index($5,"=")+1) }' | awk '{a[$1]+=1};END {for( i in a){print i,a[ i ] }}' | sort -n -k 2
10.242.230.107 1
10.242.230.108 1
10.242.230.111 1
10.242.148.102 2
10.242.230.112 2
10.242.230.109 3
另外,目前我们生产环境中net.ipv4.netfilter.ip_conntrack_tcp_timeout_established设置为43200.不过我们前端有防dds攻击的策略。
另外加一个链接状况分类统计的脚本。
netstat -n | awk '/^tcp/ {++state[$NF]} END {for(key in state) print key,"\t",state[key]}'
- 相关回复 上下关系8
压缩 3 层
🙂老哥您就知足吧 羽羊 字311 2012-01-07 09:45:14
🙂奇怪的是,netstat里面的 铁手 字150 2012-01-04 19:53:46
🙂我的猜测 2 代码ABC 字556 2012-01-04 20:15:58
🙂脚本是对的,可能发帖时候多了换行,拷贝后无法执行。
🙂这个脚本执行了老半天才出结果 铁手 字223 2012-01-04 20:01:18
🙂这个数据应该算正常的 2 季侯 字701 2012-01-05 01:13:51
🙂max值我已经增加过好几次,但是记录数不断增加 铁手 字287 2012-01-05 02:36:42
🙂不好意思,多打个了0 1 季侯 字860 2012-01-05 06:50:12