The following command can be used to find out the number of connections per remote hosts (which is useful to identify denial-of-service attacks):
# netstat -n | grep 'tcp\|udp' | awk '{ print $5; }' | cut -d: -f1 | sort | uniq -c | sort -nr
netstat -n
is just faster than without the -n
parameter since it shows numerical addresses instead of trying to determine symbolic host, port or user names.
grep 'tcp\|udp'
only shows tcp and udp connections (thus removing unix sockets and headers). Read More