I have a webserver, i need to check number of connections in my server at that given time,
i used following
netstat -anp |grep 80 |wc -l
this returned with
2542
but from my google analytics's i know that simultaneous users is not more than 100.
is this correct ?
if not how to i get the active number of connections ?
is this sign of a victim of DOS attack how do i know that ?
Try just counting the ESTABLISHED connections:
netstat -anp | grep :80 | grep ESTABLISHED | wc -l
Also, be careful about not using a colon in your port grep statement. Just looking for 80 can lead to erroneous results from pids and other ports that happen to have the characters 80 in their output.
ss -tn src :80 or src :443
This will show all connections to the local ports 80 or 443 (add/modify port(s) if needed).
Disclaimer: I realize this is an old question, but it's still the top result at Google, so I think it deserves an answer utilizing modern utilities.
Taking @d34dh0r53 answer one step "further" (towards an answer with a "broader" perspective), you can also check all the connections sorted according to their state with the following:
netstat -ant | grep :<port_num> | awk '{print $6}' | sort | uniq -c | sort -n
for example:
netstat -ant | grep :8000 | awk '{print $6}' | sort | uniq -c | sort -n
A possible output might be:
1 CLOSING
1 established
1 FIN_WAIT2
1 Foreign
2 CLOSE_WAIT
6 FIN_WAIT1
7 LAST_ACK
7 SYN_RECV
37 ESTABLISHED
44 LISTEN
297 TIME_WAIT
Hope it helps and please rise up any elaborations and/or comments you have on the above.
Cheers,
Guy.
