Small blog about system administration.

HOWTO: Finding number of connections to :25 port

To find out the largest number of established connections with port number.

#netstat -na | grep ‘ESTABLISHED’ | awk ‘{print $4}’ | uniq -c | sort -rn

To find out the number of connections to port 80 [http] from each IP.
#netstat -plan|grep :80|awk {’print $5′}|cut -d: -f 1|sort|uniq -c|sort -n

Similarly, you can find out the number of connections to port 25 from each IP as.
#netstat -plan|grep :25|awk {’print $5′}|cut -d: -f 1|sort|uniq -c|sort -n

NETSTAT is the most useful tool to detect and determine whether a server is under DoS or DDoS attack (Distributed Denial of Service).

No comments :

Post a Comment