For Example: I have a script on cron that calculates how many SYN_RECV my server is getting, if over a certain threashold - it sends me an email so I can find out why they are trying to DDOS me, or if they are having connection issues. I'd like to know what user that is easily.
P.S. I didnt make the cron script picked it up years ago from somewhere.
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 **.167.147.104:22 184.108.40.206:41360 SYN_RECV -
tcp 0 0 **.167.147.219:22 220.127.116.11:56191 SYN_RECV -
tcp 0 0 **.167.147.104:22 18.104.22.168:38350 SYN_RECV -
tcp 0 0 **.167.147.121:22 22.214.171.124:48540 SYN_RECV -
tcp 0 0 **.167.147.219:22 126.96.36.199:54686 SYN_RECV -
if anyone wants this cron script let me know.