netstat: commands to find attackers…
This is useful to find out if your server is under attack or not. You can also list abusive IP address using this method.
netstat -nat | awk ‘{print $6}’ | sort | uniq -c | sort -n
Dig out more information about a specific ip address:
netstat -nat |grep {IP-address} | awk ‘{print $6}’ | sort | uniq -c | sort -n
Busy server can give out more information:
netstat -nat |grep 202.54.1.10 | awk ‘{print $6}’ | sort | uniq -c | sort -n
To print list of all unique IP address connected to server, enter:
netstat -nat | awk ‘{ print $5}’ | cut -d: -f1 | sed -e ‘/^$/d’ | uniq
To print total of all unique IP address, enter:
netstat -nat | awk ‘{ print $5}’ | cut -d: -f1 | sed -e ‘/^$/d’ | uniq | wc -l
If you think your Linux box is under attack, print out a list of open connections on your box and sorts them by according to IP address, enter:
netstat -atun | awk ‘{print $5}’ | cut -d: -f1 | sed -e ‘/^$/d’ |sort | uniq -c | sort -n
Display Summary Statistics for Each Protocol
Simply use netstat -s:
netstat -s | less
netstat -t -s | less
netstat -u -s | less
netstat -w -s | less
netstat -s
You can easily display dropped and total transmitted packets with netstat for eth0:
netstat –interfaces=eth0