There is a number of tools you can use in Linux to see what is going on your machine at the network level, one of the most common is netstat. This command will show you all the connections on your system, including some that you may not be interested in, like UNIX sockets. There are a few flags you can pass to netstat, my favourite set of flags is: -antp
-a all -n show ip instead of host names -t show only tcp connections -p show process id/name
Another command that will give you similar results is: lsof -nPi
What if you wanted to see the 10 ip addresses with the most connection to your server? You could use a one-liner like this one I came up with:
netstat -ant | grep -i establ | awk -F" " '{print $5}' | cut -d':' -f 1 | sort -n | uniq -c | sort -nr | head -n10
Continue reading @ blackbytes.info...
