How to see IPs of user using the most SYN_RECV, TIME_WAIT, etc?

Question

Does anyone recommend (or have a netstat script) that will print the IP sending the most of X (where X is FIN_WAIT, SYN_RECV, etc.).

Like, I have this

netstat -nat | awk '{print $6}' | sort | uniq -c | sort -n

Which will nicely print out:

  1 CLOSE_WAIT
  1 established)
  1 Foreign
  3 FIN_WAIT1
  3 LAST_ACK
 13 ESTABLISHED
 17 LISTEN
154 FIN_WAIT2
327 TIME_WAIT

But I don't know how to figure out which IP is sending the most TIME_WAITs.

score 1 · Accepted Answer · answered Mar 13 '13 at 02:43

1

netstat -nat | awk '/TIME_WAIT/ { sub(/:[0-9]+/, "", $5); print $5 }' | sort | uniq -c | sort -rn | head

answered Mar 13 '13 at 02:43

quanta

1 Answers1