background preloader


Facebook Twitter

Ifstat. Netstat -atp. Netstat command and shell pipe feature can be used to dig out more information about particular IP address connection.

netstat -atp

You can find out total established connections, closing connection, SYN and FIN bits and much more. You can also display summary statistics for each protocol using netstat. This is useful to find out if your server is under attack or not. You can also list abusive IP address using this method. # netstat -nat | awk '{print $6}' | sort | uniq -c | sort -n Output: 1 CLOSE_WAIT 1 established) 1 Foreign 3 FIN_WAIT1 3 LAST_ACK 13 ESTABLISHED 17 LISTEN 154 FIN_WAIT2 327 TIME_WAIT Dig out more information about a specific ip address: # netstat -nat |grep {IP-address} | awk '{print $6}' | sort | uniq -c | sort -n Busy server can give out more information: # netstat -nat |grep | awk '{print $6}' | sort | uniq -c | sort -n Output: Get List Of All Unique IP Address Find Out If Box is Under DoS Attack or Not Get Live View of TCP Connections Display Interface Table. Ntop. Q.


How do I track my network usage (network usage monitoring) and protocol wise distribution of traffic under Debian Linux? How do I get a complete picture of network activity? A. ntop is the best tool to see network usage in a way similar to what top command does for processes i.e. it is network traffic monitoring software. You can see network status, protocol wise distribution of traffic for UDP, TCP, DNS, HTTP and other protocols. ntop is a hybrid layer 2 / layer 3 network monitor, that is by default it uses the layer 2 Media Access Control (MAC) addresses AND the layer 3 tcp/ip addresses. ntop is capable of associating the two, so that ip and non-ip traffic (e.g. arp, rarp) are combined for a complete picture of network activity. ntop is a network probe that showsIn interactive mode, it displays the network status on the user's terminal.

Type the following commands, enter: $ sudo apt-get update $ sudo apt-get install ntop Sample output: Reading package lists... Restart ntop service. Ping -c 20. Name ping, ping6 - send ICMP ECHO_REQUEST to network hosts Synopsis ping [ -LRUbdfnqrvVaAB] [ -c count] [ -i interval] [ -l preload] [ -p pattern] [ -s packetsize] [ -t ttl] [ -w deadline] [ -F flowlabel] [ -I interface] [ -M hint] [ -Q tos] [ -S sndbuf] [ -T timestamp option] [ -W timeout] [ hop...] destination Description ping uses the ICMP protocol's mandatory ECHO_REQUEST datagram to elicit an ICMP ECHO_RESPONSE from a host or gateway.

ping -c 20

Options. Dig. Name dig - DNS lookup utility Synopsis dig [@server] [-b address] [-c class] [-f filename] [-k filename] [-m] [-pport#] [-q name] [-t type] [-x addr] [-y [hmac:]name:key] [-4] [-6] [name] [type] [class] [queryopt...] dig [-h] dig [global-queryopt...]


[query...] Description dig (domain information groper) is a flexible tool for interrogating DNS name servers. Although dig is normally used with command-line arguments, it also has a batch mode of operation for reading lookup requests from a file. Unless it is told to query a specific name server, dig will try each of the servers listed in /etc/resolv.conf. When no command line arguments or options are given, dig will perform an NS query for ". " It is possible to set per-user defaults for dig via ${HOME}/.digrc. The IN and CH class names overlap with the IN and CH top level domains names. Simple Usage A typical invocation of dig looks like: Display Filter Reference: HTTP.

Filter the response to a matched HTTP request.