Comments on: Four Commands to Analyze Connection Usage under Linux http://blog.trendics.com/linux/four-commands-to-analyze-connection-usage-under-linux/ Tue, 06 Jan 2009 02:54:28 +0000 http://wordpress.org/?v=2.6 By: Video: ‘Your Linux is ready’ | Linux and Open Source | TechRepublic.com http://blog.trendics.com/linux/four-commands-to-analyze-connection-usage-under-linux/#comment-141 Video: ‘Your Linux is ready’ | Linux and Open Source | TechRepublic.com Thu, 31 Jul 2008 15:53:23 +0000 http://blog.trendics.com/?p=86#comment-141 [...] 4 Commands to Analyze Connection Usage under Linux [...] [...] 4 Commands to Analyze Connection Usage under Linux [...]

]]> By: David http://blog.trendics.com/linux/four-commands-to-analyze-connection-usage-under-linux/#comment-127 David Wed, 30 Jul 2008 01:56:37 +0000 http://blog.trendics.com/?p=86#comment-127 Thanks Kent, could you give me the line for the first grep. Much appreciated. Thanks Kent, could you give me the line for the first grep. Much appreciated.

]]> By: Bruce http://blog.trendics.com/linux/four-commands-to-analyze-connection-usage-under-linux/#comment-125 Bruce Wed, 30 Jul 2008 00:43:48 +0000 http://blog.trendics.com/?p=86#comment-125 After I find an offending IP with netstat I block that IP with iptables like this: # iptables -A FORWARD -s xx.xx.xx.xx -j DROP To unblock: # iptables -D FORWARD -s xx.xx.xx.xx -j DROP After I find an offending IP with netstat I block that IP with iptables like this:
# iptables -A FORWARD -s xx.xx.xx.xx -j DROP

To unblock:
# iptables -D FORWARD -s xx.xx.xx.xx -j DROP

]]> By: kent http://blog.trendics.com/linux/four-commands-to-analyze-connection-usage-under-linux/#comment-123 kent Tue, 29 Jul 2008 20:17:14 +0000 http://blog.trendics.com/?p=86#comment-123 If the grep -P switch is not supported on your system, try... time tcpdump -ns 200 -c 100 '(dst port http or dst port https) and tcp[13] & 2!=0' | grep -o -e '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,5\}[ ]>' | cut -d '.' -f 1-4 | sort | uniq -c | sort -n -r -k 1,7 | head -25 If the grep -P switch is not supported on your system, try…

time tcpdump -ns 200 -c 100 ‘(dst port http or dst port https) and tcp[13] & 2!=0′ | grep -o -e ‘[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,5\}[ ]>’ | cut -d ‘.’ -f 1-4 | sort | uniq -c | sort -n -r -k 1,7 | head -25

]]> By: David http://blog.trendics.com/linux/four-commands-to-analyze-connection-usage-under-linux/#comment-122 David Tue, 29 Jul 2008 19:41:59 +0000 http://blog.trendics.com/?p=86#comment-122 Running ubuntu Hardy, unfortunately grep is not compiled with -P option. Is there any way around this other than compiling grep from source code (something I would not like to do)? Running ubuntu Hardy, unfortunately grep is not compiled with -P option. Is there any way around this other than compiling grep from source code (something I would not like to do)?

]]> By: Niall http://blog.trendics.com/linux/four-commands-to-analyze-connection-usage-under-linux/#comment-115 Niall Tue, 29 Jul 2008 14:41:33 +0000 http://blog.trendics.com/?p=86#comment-115 <a href="http://www.ex-parrot.com/~pdw/iftop/" rel="nofollow">Iftop</a> is also a very handy tool. It's available in apt on Debian and Ubuntu. Iftop is also a very handy tool. It’s available in apt on Debian and Ubuntu.

]]> By: Caitin http://blog.trendics.com/linux/four-commands-to-analyze-connection-usage-under-linux/#comment-103 Caitin Mon, 28 Jul 2008 18:26:04 +0000 http://blog.trendics.com/?p=86#comment-103 also, `lsof -i` is nice if you want to see which program is actually causing these connections... also, `lsof -i` is nice if you want to see which program is actually causing these connections…

]]>