====== Snippets for netstat ======


===== Searching WEB attacks =====

Connections to 80/443 ports:
<code bash>
netstat -tn | egrep ':80|:443'
</code>

Sorted connections to 80/443 and only established:
<code bash>
netstat -tn | egrep ':80|:443' | grep ESTABLISHED | awk '{print $5}' | sed 's/:.*//' | sort | uniq -c | sort -n
</code>

Count of connections:
<code bash>
netstat -tn | egrep ':80|:443' | grep ESTABLISHED | wc -l
</code>

Then check WEB server logs ;-)