NETSTAT COMMANDS VIA SSH

Note: this is from a clients ticket having questions about the netstat command via ssh

I use the netstat command in two different ways - "netstat -antpee" - without the quotes of course for micro IP connection reports and - "netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n" - which is for Macro management

netstat -antpee shows individual connections which is great for micro management and also indicates which port they are connected or trying to connect to.

netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n - shows all the connected IP's and the very first number in the line shows how many connections each IP is occupying.

In your example - the last few lines is: 41 108.27.17.30 - which indicates 41 connections from IP 108.27.17.30

Though the IP itself does not indicate malicious activity - one would wonder what the need for 41 connections is about.
  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

WHAT WE MANAGE AND FIREWALL FALSE POSITIVES

Relevant to dedicated servers and answering an inquiry from a dedicated server client:Certainly...

ADDING MEMCACHED TO CENTOS 6.5+ AND CENTOS 7+

Step 1: SSH into your server and fire this command yum install memcached.x86_64 Step 2: Next...

APACHE NOBODY ATTACK SCRIPT

The Apache Nobody attack script is useful in stopping those that are victims of Apache Nobody...

BOOT PARTITION FILLING UP

The boot partition can fill up with excess kernels causing the system to crash if the boot...

CLOUDFLARE RAILGUN SERVER INSTALLATION

Installing CloudFlares RailgunThe following tutorial considers that one is already a CloudFlare...

Powered by WHMCompleteSolution