Centos判断CC攻击命令详解,centoscc命令详解

Centos判断CC攻击命令详解,centoscc命令详解

查看所有80端口的连接数

1

netstat-nat|grep-i"80"|wc-l

对连接的IP按连接数量进行排序

1

netstat-ntu |awk'{print $5}'|cut-d: -f1 |sort|uniq-c |sort-n

查看TCP连接状态

1

2

3

4

5

6

netstat-nat |awk'{print $6}'|sort|uniq-c|sort-rn

netstat-n |awk'/^tcp/ {++S[$NF]};END {for(a in S) print a, S[a]}'

netstat-n |awk'/^tcp/ {++state[$NF]}; END {for(key in state) print key,"t",state[key]}'

netstat-n |awk'/^tcp/ {++arr[$NF]};END {for(k in arr) print k,"t",arr[k]}'

netstat-n |awk'/^tcp/ {print $NF}'|sort|uniq-c|sort-rn

netstat-ant |awk'{print $NF}'|grep-v'[a-z]'|sort|uniq-c

查看80端口连接数最多的20个IP

1

2

netstat-anlp|grep80|greptcp|awk'{print $5}'|awk-F:'{print $1}'|sort|uniq-c|sort-nr|head-n20

netstat-ant |awk'/:80/{split($5,ip,":");++A[ip[1]]}END{for(i in A) print A,i}'|sort-rn|head-n20

用tcpdump嗅探80端口的访问看看谁最高

1

tcpdump -i eth0 -tnn dst port 80 -c 1000 |awk-F"."'{print $1"."$2"."$3"."$4}'|sort|uniq-c |sort-nr |head-20

查找较多time_wait连接

1

netstat-n|grepTIME_WAIT|awk'{print $5}'|sort|uniq-c|sort-rn|head-n20

查找较多的SYN连接

1

netstat-an |grepSYN |awk'{print $5}'|awk-F:'{print $1}'|sort|uniq-c |sort-nr |more

转自：http://blog.so.cm