Linux traffic analysis

Linux traffic analysis command

在用Linux系统做的firewall下分析流量常会用到以下几个命令:

1. 显示connection state 的连接数量:

netstat -nta | fgrep “:” | cut -b 77-90 | sort | uniq -c

2. 显示每个连接IP的连接数量:

netstat -nta | fgrep “ESTABLISHED” | cut -b 49-75 | cut -d ‘:’ -f1 | sort | uniq -c | sort -n -r –key=1,7 | head -25

2. 显示每个IP 的 SYN_RECV 连接数量:

netstat -nta | fgrep “SYN_RECV” | cut -b 49-75 | cut -d ‘:’ -f1 | sort | uniq -c | sort -n -r –key=1,7 | head -25

上一篇:

Comments