Netstat is a useful Linux tool to help understand who is connected to/from your server, which ports are in use, which programs are bound to specific ports, and many more things. Without further ado, here is a short but handy list of netstat commands:
List all outgoing UDP, TCP and RAW connections, in numerical form, showing the associated process:
netstat -nputw
List all TCP and UDP connections to a server, sorted in order of IPs, by largest number of connections first:
netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
Show TCP total connection count by "state" (useful for checking and debunking DoS attacks):
netstat -ant | awk '{print $6}' | sort | uniq -c | sort -n
Displays a total connection count to TCP 443:
netstat -anp | grep :443 | wc -l
Displays a total count of "established" (sending/receiving) connections to TCP 443:
netstat -anp | grep :443 | grep ESTABLISHED | wc -l
Watch a live list of all TCP, UDP and RAW connections to/from a server:
watch netstat -n -A inet
