我有几台服务器,其中netstat -s(来自/ proc / net / snmp)返回的失败连接尝试度量标准大约每秒增长一次,我想诊断这些服务器的来源.
通过使用此ipTables规则(在不同的服务器上):
-A OUTPUT -p tcp –dport 23 -j REJECT
我阻止传出的telnet,所以我可以运行这个循环:
while true ; do
telnet www.google.co.uk
netstat -s | grep “Failed connection”
done
Trying 209.85.203.94…
telnet: Unable to connect to remote host: Connection refused
52 Failed connection attempts
Trying 209.85.203.94… telnet: Unable to connect to remote host: Connection refused
53 Failed connection attempts
Trying 209.85.203.94… telnet: Unable to connect to remote host: Connection refused
54 Failed connection attempts
因此证明计数器因连接到远程套接字的失败尝试而增加. (当然,它并不能证明这是增量的唯一原因).
问题是,我怎样才能找到失败的远程地址和端口(或两者的复数)的特定组合,以便我可以查看下一步;路由/防火墙问题?
顺便说一句,如果我运行这个:
watch -n1 ‘ss | grep “\<23\>”‘
我希望在状态SYN-SENT中看到套接