High HTTPD and analyzing TCPDUMP

never ventured in this forum much... always in the others... but i need some NOOB help...

my top command reads like the following and HTTPD switches from 99 to 22 on every refresh.... how can I troubleshoot this to see if this is legitimate traffic or not? I am used to MYSQL going high cuz of the PHP apps on the server but the HTTPD wasn't that high b4...

Sometimes my load will be @ 10 with these same stats below and sometimes it will be @ 4... either one are both high... I did a unnecessary ZEND re-install from scratch and that might of reset my optimization efforts... but I recently got some legit DDOS attacks

USER %CPU %MEM COMMAND
root 99 36:39 httpd
mysql 33.6 86:14 mysqld

anyhow... a direct question is.. how would i read the output from the tcpdump command properly cuz I get an ip with the last digit having 4 numbers appearing alot... but it is simiarly to my providers ip..

I dunno... i willl read through posts in here to see what i can find...

 

 

 

 

Top