New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Howto? Established connections [SRC - DST]
Hello, I want detect what is the VPS that is receiving all of this connections.
With:
netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
I see the source IPs, but also I want see the destination.
Can I show 2 colums? source - destination
Or some other thing to detect what is the afected VPS?
Thanks.
Comments
Yeah. Use
awk '{print $4 $5}'
to read both columns and then you can sort them in groups if you want (so you count same source+destination).If you want to count them separately and then show the tops, read two variables using a separator. A space would do for what you want, I suppose.
IFS='separator' read destination source < <(echo "$extractedcolumns")
Then you can use
$destination
and$source
as you wish.The upstream can get you a nice log of flows for sure, too.
Sorry for the fast explanation, but I really need to catch some sleep now :P
Try
then do all your sort uniq stuff.
How specific to do you need the output?
netstat -ntu | awk '{print $4" -> "$5}'
Thanks all, with netstat the problem is not found
I found with the conntrack-tools and found the hacker. Very interesting this tool
You can download here or directly running this:
Then run "conntrack -L" to found the hacker...
and solve running: