Published 2010/06/28 | 
This is something I found online, on a linux site I have since forgotten the name. (Ping me if you know it’s origin, so I can give proper credit to the author)
Anyway, I have it in my shell’s alias’ file:
nn='netstat -an | grep ESTABLISHED | awk '\''{print $5}'\'' | awk -F: '\''{print $1}'\'' | sort | uniq -c | awk '\''{ printf("%s\t%s\t",$2,$1); for (i = 0; i < $1; i++) {printf("*")}; print ""}'\'''It’s rather useful, as I can quickly see a graphic representation of my TCP connections, in the ESTABLISHED state.
The output is something like this:
~$ nn 10.XXX.XX.XX 1 * 10.XXX.XX.XX 5 ***** 10.XXX.XX.X 2 ** 143.XXX.XXX.XX 1 * 192.XXX.X.XX 1 * 208.XX.XXX.XX 1 * 212.XXX.XXX.XX 1 * 213.XX.XXX.XX 1 *
For security reasons I mangled the IP addresses with X’s. This was taken on my work PC, but imagine running it on a webserver. It might just help you figure out who’s sucking up your connections (or not).
I recently had a problem with a webserver, and this little snippet led me to find out that a certain IP address had 250 established connections to each of the frontend servers of that particular service. One iptables command later, and we could breathe again…
Recent Comments