March 1, 2015

Using netstat to audit your network connections

There is a number of tools you can use in Linux to see what is going on your machine at the network level, one of the most common is netstat. This command will show you all the connections on your system, including some that you may not be interested in, like UNIX sockets. There are a few flags you can pass to netstat, my favourite set of flags is: -antp

-a all
-n show ip instead of host names
-t show only tcp connections
-p show process id/name

Another command that will give you similar results is: lsof -nPi

What if you wanted to see the 10 ip addresses with the most connection to your server? You could use a one-liner like this one I came up with:

netstat -ant | grep -i establ | awk -F" " '{print $5}' | cut -d':' -f 1 | sort -n | uniq -c | sort -nr | head -n10

Continue reading @ blackbytes.info...
Click Here!