Linux traffic analysis command
在用Linux系统做的firewall下分析流量常会用到以下几个命令:
1. 显示connection state 的连接数量:
netstat -nta | fgrep “:” | cut -b 77-90 | sort | uniq -c
2. 显示每个连接IP的连接数量:
netstat -nta | fgrep “ESTABLISHED” | cut -b 49-75 | cut -d ‘:’ -f1 | sort | uniq -c | sort -n -r –key=1,7 | head -25
2. 显示每个IP 的 SYN_RECV 连接数量:
netstat -nta | fgrep “SYN_RECV” | cut -b 49-75 | cut -d ‘:’ -f1 | sort | uniq -c | sort -n -r –key=1,7 | head -25