LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Linux - Determine number of unique hosts connected to server (https://www.linuxquestions.org/questions/linux-networking-3/linux-determine-number-of-unique-hosts-connected-to-server-628286/)

linux_linux 03-15-2008 02:32 PM
Linux - Determine number of unique hosts connected to server
 
Normally; I would use netstat -a | grep <port number>
To see a list or to get a count of how many connections to a particular port. However, I need a bit more granular output so that I can also see the number of UNIQUE hosts connected to that port. Otherwise, the current output I am getting will show multiple connections a host may have; which doesn't give me an accurate 'count' of total UNQIUE hosts connected.

Thanks

jschiwal 03-15-2008 04:21 PM
The "sort" command
Code:
netstat -v -A inet | sed -n  '1,2d;/www-http/p;' | sort -b -k5
tcp        1      0 192.168.1.104:29961    12.120.5.14:www-http    CLOSE_WAIT
tcp        1      0 192.168.1.104:29962    12.120.5.14:www-http    CLOSE_WAIT
tcp        0      0 192.168.1.104:23120    128.242.191.11:www-http ESTABLISHED
tcp        0      0 192.168.1.104:4556      128.242.191.58:www-http CLOSE_WAIT
tcp        1      0 192.168.1:bluectrlproxy 209.62.187.18:www-http  CLOSE_WAIT
tcp        0      0 192.168.1.104:5685      feeds.feedburn:www-http ESTABLISHED
tcp        0      0 192.168.1.104:5686      feeds.feedburn:www-http ESTABLISHED
tcp        0      0 192.168.1.104:5687      feeds.feedburn:www-http ESTABLISHED
tcp        0      0 192.168.1.104:ggz      feeds.feedburn:www-http ESTABLISHED
tcp        1      0 192.168.1.104:10934    od-in-f166.goo:www-http CLOSE_WAIT
tcp        1      0 192.168.1.104:10935    od-in-f166.goo:www-http CLOSE_WAIT
tcp        1      0 192.168.1.104:29115    www.linuxquest:www-http CLOSE_WAIT

netstat -v -A inet | sed -n  '1,2d;/www-http/p;' | sort -b -k5 -u
tcp        1      0 192.168.1.104:29961    12.120.5.14:www-http    CLOSE_WAIT
tcp        0      0 192.168.1.104:23120    128.242.191.11:www-http ESTABLISHED
tcp        0      0 192.168.1.104:4556      128.242.191.58:www-http CLOSE_WAIT
tcp        1      0 192.168.1:bluectrlproxy 209.62.187.18:www-http  CLOSE_WAIT
tcp        0      0 192.168.1.104:5685      feeds.feedburn:www-http ESTABLISHED
tcp        1      0 192.168.1.104:10934    od-in-f166.goo:www-http CLOSE_WAIT
tcp        1      0 192.168.1.104:29115    www.linuxquest:www-http CLOSE_WAIT
The fifth entry looked so strange that I added a rule in iptables to drop that IP.

Tinkster 03-15-2008 09:41 PM
I'd like to discourage members to respond to these posts.
This is the product of a SPAM bot.


All times are GMT -5. The time now is 04:54 PM.