User Tools

Site Tools


connetctions_to_port

Connections to port 80

This command will show all connections (including IP address) to port 80. You are able to change this port if your web server does not run on this by changing the |grep :80| section in the command below
Show static view of connections to port 80:

NEW AWESOME COMMAND

 netstat -punt | grep ':80.*ESTAB' | awk '{ print $5}' | cut -d':' -f4 | sort | uniq -c | sort -rn | while read i; do echo -n "$i "; curl -s http://ip-api.com/csv/$(echo "$i" | awk '{ print $2 }') | cut -d',' -f2; sleep 1; done
Example output:
6 x.x.x.x "United States"
5 x.x.x.x Ireland
2 x.x.x.x "United Kingdom"
2 x.x.x.x "South Africa"
2 x.x.x.x China
1 x.x.x.x "United Kingdom"
1 x.x.x.x "Czech Republic"


Second Best command:
netstat -nap | awk '$4~/:80$/{print$5}' | awk -F: '{print$(NF-1)}' | sort | uniq -c | sort -nr | head -20

netstat -plan|grep :80|awk {'print $5'}|cut -d: -f 1|sort|uniq -c|sort -nk 1


netstat -ant | egrep ":80|:443" | egrep "ESTABLISHED|SYN_RECV" | awk '{ print $5 }' | sed -e 's/\:\:ffff\://g' | awk -F: '{print $1}' | sort | uniq -c | sort -nr |awk '{print $1 " "$2}'


Show a live view of current connections
while x=0; do clear;date;echo "";echo "  [Count] | [IP ADDR]";echo "-------------------";netstat -np|grep :80|grep -v LISTEN|awk '{print $5}'|cut -d: -f1|uniq -c; sleep 5;done

Troubleshooting IP Connections

Once you have this output you may want to toubleshoot the location. Is this a ddos? an dos?

whois x.x.x.x | grep 'country\|address'
whois x.x.x.x | egrep 'role:|address:|abuse-mailbox:' 

connetctions_to_port.txt · Last modified: 2024/05/23 07:26 by 127.0.0.1

Except where otherwise noted, content on this wiki is licensed under the following license: Public Domain
Public Domain Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki