List connections on the server with netstat command
You can find the connections on the server using netstat command. This will help us to determine if the server is under DDOS attack.
netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
An example output of the mentioned command is given below:
2 177.177.215.117 2 207.46.13.148 2 62.212.75.234 2 66.249.78.201 2 68.180.229.109 2 86.98.48.85 3 86.96.48.123 6 122.174.220.250 9 108.162.229.84 10 141.101.89.173 13 220.227.139.194
That’s it!
Read More:
- Install mytop on cPanel
- Enable DKIM and SPF for all accounts in cPanel
- Maiman not starting in cPanel server
- Install Zabbix on CentOS 8 and Derivatives
- Understanding FTP ( File Transfer Protocol )
- How to restore and backup MBR in Linux
- Install OpenSCAD in Ubuntu, Debian, Fedora and Arch Linux
If you like this post and wish to receive more articles from us, please like our FB page: Grepitout
Your suggestions and feedbacks will encourage us and help to improve further, please feel free to write your comments.
For more details on our services, please drop us an E-mail at info@grepitout.com
This is a good utility, but there are some issues:
1) The output of the netstat -ntu command has 2 header lines that should be ignored
2) An IPV6 address contains “:” characters inside and is handled incorrect.
I have reworked your idea and handle IPV4 and IPV6 in two commands. Here is my solution:
netstat -ntu -v4 | awk ‘{if (NR > 2) print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n
netstat -ntu -v6 | awk ‘{if (NR > 2) print $5}’ | cut -d: -f1-5 | sort | uniq -c | sort -n
Best regards
Karel
Thank you very much for sharing this!