Last update at :2024-04-24,Edit by888u
This is a very common command that allows you to know the current status of the vps in real time, such as the common number of 80 connections, and sort by some to check whether it is under attack? Check time_wait and syn connection number, etc.
1. View the number of connections on all 80 ports
netstat -nat|grep -i "80"|wc -l
2. Sort the connected IPs by the number of connections
netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
3. Check TCP connection status
netstat -nat |awk '{print $6}'|sort|uniq -c|sort -rn
netstat -n | awk '/^tcp/ {++S[$NF]};END {for(a in S) print a, S[a]}'
netstat -n | awk '/^tcp/ {++state[$NF]}; END {for(key in state) print key,"\t",state[key]}'
netstat -n | awk '/^tcp/ {++arr[$NF]};END {for(k in arr) print k,"\t",arr[k]}'
netstat -n |awk '/^tcp/ {print $NF}'|sort|uniq -c|sort -rn
netstat -ant | awk '{print $NF}' | grep -v '[a-z]' | sort | uniq -c
4. View the 20 IPs with the largest number of connections on port 80
netstat -anlp|grep 80|grep tcp|awk '{print $5}'|awk -F: '{print $1}'|sort|uniq -c|sort -nr|head -n20
netstat -ant |awk '/:80/{split($5,ip,":");++A[ip[1]]}END{for(i in A) print A,i}' |sort -rn |head -n20
5. Use tcpdump to sniff port 80 access to see who has the highest
tcpdump -i eth0 -tnn dst port 80 -c 1000 | awk -F"." '{print $1"."$2"."$3"."$4}' | sort |uniq -c | sort -nr |head - 20
6. Find more time_wait connections
netstat -n|grep TIME_WAIT|awk '{print $5}'|sort|uniq -c|sort -rn|head -n20
7. Find more SYN connections
netstat -an | grep SYN | awk '{print $5}' | awk -F: '{print $1}' | sort | uniq -c | sort -nr | more
Recommended site search: permanent free linux server, me domain name registration, legendary server rental price list, overseas virtual host space, overseas server, asp.net host, free space application, vip domain name, vps host, vps Dynamic IP,
发表评论