netstat -ant 분석용
$ netstat -ant
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:873 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
tcp 0 0 XXX.YYY.ZZZ.AAA:80 XXX.139.152.209:2932 ESTABLISHED
tcp 0 0 XXX.YYY.ZZZ.AAA:80 XXX.34.215.235:3781 ESTABLISHED
tcp 0 0 XXX.YYY.ZZZ.AAA:80 XXX.239.186.49:2629 ESTABLISHED
tcp 0 0 XXX.YYY.ZZZ.AAA:80 XXX.112.22.191:31040 ESTABLISHED
tcp 0 0 XXX.YYY.ZZZ.AAA:80 XXX.239.186.49:2670 TIME_WAIT
tcp 0 0 XXX.YYY.ZZZ.AAA:80 XXX.103.0.182:30166 TIME_WAIT
tcp 0 0 XXX.YYY.ZZZ.AAA:80 XXX.234.71.133:1852 TIME_WAIT
tcp 0 0 XXX.YYY.ZZZ.AAA:80 XXX.112.15.100:57200 TIME_WAIT
tcp 0 0 XXX.YYY.ZZZ.AAA:80 XXX.96.190.91:1884 SYN_RECV
tcp 0 0 XXX.YYY.ZZZ.AAA:80 XXX.192.149.182:50564 SYN_RECV
tcp 0 0 XXX.YYY.ZZZ.AAA:80 XXX.34.215.235:3845 SYN_RECV
tcp 0 0 XXX.YYY.ZZZ.AAA:80 XXX.112.22.191:1205 SYN_RECV
tcp 0 0 XXX.YYY.ZZZ.AAA:80 XXX.103.0.182:29775 FIN_WAIT2
tcp 0 0 XXX.YYY.ZZZ.AAA:80 XXX.207.207.8:52064 FIN_WAIT2
tcp 0 0 XXX.YYY.ZZZ.AAA:80 XXX.139.152.209:2929 FIN_WAIT2
… 생략
| $ netstat -ant | awk ‘{ print $5 }’ | awk -F “:” ‘{ print $1}’ | sort | uniq -c | sort -r | head |
20 XXX.172.248.211
10 XXX.187.178.87
10 XXX.159.1.219
8 XXX.230.189.233
7 XXX.120.17.130
6 XXX.196.106.10
5 XXX.96.62.44
5 XXX.161.22.219
5 XXX.0.0.0
4 XXX.110.227.16
접속수가 많은 상위 IP를 보여준다.
| $ netstat -ant | grep ESTABLISHED | awk ‘{ print $5 }’ | awk -F “:” ‘{ print $1}’ | sort | uniq -c | sort -r | head |
5 XXX.143.104.30
4 XXX.236.189.130
3 XXX.166.84.151
2 XXX.54.215.14
2 XXX.92.76.16
2 XXX.195.128.237
2 XXX.152.204.103
2 XXX.146.252.192
2 XXX.133.110.31
1 XXX.38.56.154
ESTABLISHED의 상태중 접속수가 많은 IP를 보여준다.
———=—————-
| $ netstat -ant | grep SYN_RECV | awk ‘{ print $5 }’ | awk -F “:” ‘{ print $1}’ | sort | uniq -c | sort -r | head |
SYN_RECV 상태인 IP들