在高流量的 Linux server 下分析流量十分有用,以下是几个有用的指令:
1. 列出每個連線 IP 的連線數量:
# netstat -lnta|fgrep "ESTABLISHED"|cut -b 49-75|cut -d ':' -f1|sort|uniq -c|sort -nr --key=1,7|head -20
9 218.82.228.93
8 121.24.240.38
4 220.192.52.143
2 59.50.139.117
2 222.248.248.36
2 222.242.170.167
2 221.199.150.103
2 220.205.157.183
2 219.154.116.22
2 218.28.237.182
1 66.249.66.36
1 66.249.66.34
1 61.149.98.217
1 60.212.220.53
2. 列出每個 IP 的 SYN_RECV 連線數量:
# netstat -lnta|fgrep "SYN_RECV"|cut -b 49-75|cut -d ':' -f1|sort|uniq -c|sort -nr --key=1,7|head -20
1 60.28.164.21
1 60.212.220.53
1 221.4.214.218
1 220.205.157.183
1 125.82.235.24
3. 列出 connection state 的連線數量:
# netstat -nta | fgrep ":" | cut -b 77-90 | sort | uniq -c
2 CLOSING
37 ESTABLISHED
5 FIN_WAIT1
17 FIN_WAIT2
2 LAST_ACK
5 LISTEN
1 SYN_RECV
129 TIME_WAIT