Netstat Connection Check
netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n | tail
This command does a tally of concurrent active connections from single IPs and prints out those IPs that have the most active concurrent connections. VERY useful in determining the source of a DoS or DDoS attack.
Sample Output
[root@vps10 root]# netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n | tail
8 200.217.193.102
8 82.101.189.139
9 84.195.188.60
11 189.63.98.3
11 60.28.166.169
13 24.227.166.150
15 200.214.44.134
16 189.92.141.77
22 189.14.101.44
31 127.0.0.1