Linux netstat +awk 看攻击IP
netstat -n | awk '/^tcp/ {n=split($(NF-1),array,":");if(n<=2)++S[array[(1)]];else++S[array[(4)]];++s[$NF];++N} END {for(a in S){printf("%-20s %s\n", a, S[a]);++I}printf("%-20s %s\n","TOTAL_IP",I);for(a in s) printf("%-20s %s\n",a, s[a]);printf("%-20s %s\n","TOTAL_LINK",N);}' | sort -k 2 -rn | head -15
netstat -n | awk '/^tcp/ {++S[$NF]} END {for (a in S) print a, S[a]}'
感谢关注