netstat command and shell pipe feature can be used to dig out more information about particular IP address connection. You can find out total established connections, closing connection, SYN and FIN bits and much more. You can also display summary statistics for each protocol using netstat.

This is useful to find out if your server is under attack or not. You can also list abusive IP address using this method.
# netstat -nat | awk '{print $6}' | sort | uniq -c | sort -n
Output:

      	1 CLOSE_WAIT
	1 established)
	1 Foreign
	3 FIN_WAIT1
	3 LAST_ACK
	13 ESTABLISHED
	17 LISTEN
	154 FIN_WAIT2
	327 TIME_WAIT

Dig out more information about a specific ip address:
# netstat -nat |grep {IP-address} | awk '{print $6}' | sort | uniq -c | sort -n

      	2 LAST_ACK
	2 LISTEN
	4 FIN_WAIT1
	14 ESTABLISHED
	91 TIME_WAIT
	130 FIN_WAIT2

Busy server can give out more information:
# netstat -nat |grep 202.54.1.10 | awk '{print $6}' | sort | uniq -c | sort -n
Output:

  	15 CLOSE_WAIT
	37 LAST_ACK
	64 FIN_WAIT_1
	65 FIN_WAIT_2
	1251 TIME_WAIT
	3597 SYN_SENT
	5124 ESTABLISHED

ref : http://www.cyberciti.biz/tips/netstat-command-tutorial-examples.html

Filed under: Command Line |
You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Related Posts