Displays the number of connections for each IP address in the ESTABLISHED state
# netstat -naltp | grep ESTABLISHED | awk '{print $5}' | awk -F: '{print $1}' | sort -n | uniq -c
or
# netstat -nalpt | grep ESTABLISHED | awk '{print $5}' | cut -d: -f1| sort | uniq -c | sort -rn
Display all active Internet connections on port 80 of the server and sorting them
Useful for detecting a large number of requests from a single IP address (DoS)
# netstat -na | grep :80 | sort
Counting the number of connections from each IP address to the 80-port of the server.
# netstat -npla | grep :80 | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -rn
The determination of the number of connection requests was received from the network.
The number should be fairly low (less than 5). During a DoS / DDoS attack, such a number can have a high value. However, the value always depends on the system (a high value on one server can be average on another)
# netstat -np | grep SYN_RECV | wc -l
List of all IP addresses from which connections with the status SYN_RECV come
# netstat -np | grep SYN_RECV | awk '{print $5}' | awk -F: '{print $1}'
Counting the number of connections from each IP address
# netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -rn
Counting the number of connections from each IP address using TCP or UDP.
# netstat -nap | grep 'tcp|udp' | awk '{print $5}' | cut -d: -f1| sort | uniq -c | sort -rn
Similar Posts:
- How to use netstat command
- how to delete a lot of files in linux
- how to Find Linux Files by Name or Extension via command line
- basic csf commands
- How to reload sysctl.conf variables on Linux