Tuesday, July 29, 2014

Get Detailed Information About Particular IP address Connections Using netstat Command

Get Detailed Information About Particular IP address Connections Using netstat Command

These commands will be gives the more information about following criteria
  •  out total established connections,
  • closing connection,
  •  SYN and FIN bits and much more.

This is useful to find out if your server is under attack or not. You can also list abusive IP address using this method.

netstat -nat | awk '{print $6}' | sort | uniq -c | sort -n

Output

1 established)
 1 Foreign
 1 SYN_SENT
 16 LISTEN
 29 TIME_WAIT
382 ESTABLISHED

Dig out more information about a specific ip address:

netstat -nat |grep 192.168.100.254 | awk '{print $6}' | sort | uniq -c | sort -n

Output
7 TIME_WAIT
28 ESTABLISHED

Get List Of All Unique IP Address


To print list of all unique IP address connected to server, enter:

netstat -nat | awk '{ print $5}' | cut -d: -f1 | sed -e '/^$/d' | uniq

Output
192.168.100.216               
10.25.23.3                           
10.25.39.1                           
10.25.33.1                           
192.168.100.220               
192.168.100.216               
192.168.100.254               
192.168.100.101               
127.0.0.1                             
                                               
To print total of all unique IP address, enter:

netstat -nat | awk '{ print $5}' | cut -d: -f1 | sed -e '/^$/d' | uniq | wc -l

Output
430

Find out If Box is Under DoS Attack or Not

If you think your Linux box is under attack, print out a list of open connections on your box and sorts them by according to IP address, enter:


netstat -atun | awk '{print $5}' | cut -d: -f1 | sed -e '/^$/d' |sort | uniq -c | sort -n

Output
1 192.168.100.146            
1 192.168.100.161            
1 192.168.100.180            
1 192.168.100.31              
1 192.168.100.37              
1 192.168.100.39              
1 192.168.100.40              
1 192.168.100.41              
1 192.168.100.48              
1 192.168.100.59              
1 Address           
1 and                    
2 192.168.100.55              
4 192.168.100.25

Get Live View of TCP Connections

You can use tcptrack command to display the status of TCP connections that it sees on a given network interface. tcptrack monitors their state and displays information such as state, source/destination addresses and bandwidth usage in a sorted, updated list very much like the top command.

Display Summary Statistics for Each Protocol

Simply use netstat -s:

netstat -s | less

netstat -t -s | less

netstat -u -s | less

netstat -w -s | less

netstat -s
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)