Find number of active connections in Linux using various tools

1. Netstat
Netstat (network statistics) is a command-line network utility tool that displays network connections for the Transmission Control Protocol (both incoming and outgoing), routing tables, and a number of network interface (network interface controller or software-defined network interface) and network protocol statistics.
Using “netstat -a” will give you something sort of like this (this is a segment of my server):

tcp 0 0 SYN_RECV
tcp 0 0 SYN_RECV
tcp 0 0 SYN_RECV
tcp 0 0 SYN_RECV
tcp 0 0 SYN_RECV
tcp 0 0 SYN_RECV
tcp 0 0 SYN_RECV
tcp 0 0 41-135-22-100.dsl.mwe:64774 SYN_RECV

As you can see it does name resolving for us and all that good stuff. Sometimes very hand but that’s not what this is about. We want to get some solid numbers so we can take a broader perspective. To do this we can use the following command:

netstat -an | wc -l


Now, If we can check the No of Ips connected to port 80 . which is very helpful to detect the Ddos attack . the command is as under

netstat -tn 2>/dev/null | grep :80 | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -nr | head

Output – Total connections by IP, from highest to lowest.


If you would like to Watching active IP connections

watch -d -n1 ‘netstat -anp | grep -i stream’

2. SS
Socket statistics, or ss for short, is an easy replacement command for netstat. One way to use it, is with parameters ss -aut

-a: show listening and non-listening sockets
-u: show UDP
-t: show TCP

[root@archlinux ~]# ss -aut
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
udp UNCONN 0 0 *:bootpc *:*
tcp LISTEN 0 128 *:ssh *:*
tcp ESTAB 0 0
tcp LISTEN 0 128 :::19531 :::*
tcp LISTEN 0 128 :::ssh :::*

This way it will show similar information to what netstat shows. When using it for very specific requests, you should refer to the man page, as it has some nice options.

Share This :

Leave a Reply

Your email address will not be published. Required fields are marked *