I will give examples of viewing the number of active compounds:
netstat -an | wc -l
netstat -anop
cat /proc/net/ip_conntrack | wc -l
netstat -anp | grep 'tcp\|udp' | cut -d: -f1| sort | uniq -c
netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
Examples of viewing connections per port, for example 80:
netstat -na | grep :80 | wc -l
netstat -na | grep :80 | grep syn
netstat -na | grep ":80\ " | grep syn
netstat -na | grep ":80\ " | grep SYN | wc -l
netstat -na | grep ":80\ " | grep SYN | sort -u | more
netstat -na | grep ":80\ " | grep SYN_RCVD
netstat -na | grep ":80\ " | sort | uniq -c | sort -nr | less
Definition of SYN attack:
netstat -n --tcp | grep SYN_RECV
netstat -n --tcp | grep SYN_RECV | wc -l
View the number of Apache2 processes:
ps aux | grep apache | wc -l
Apache2 status:
apachectl status
View the Apache2 logs /var/log/apache2/error.log, /var/log/apache2/access.log, …
View in logs the number of requests from ip addresses:
cat /var/log/apache2/access.log | awk '{print $1}' | sort | uniq -c
Which domain are the most frequently requested requests:
tcpdump -npi eth0 port domain
View network interface downloads:
sudo cat /proc/net/dev
View open ports:
netstat -na|grep LISTEN
nmap -r -v -O 127.0.0.1