Earlier while analyzing a Linux server it was pointed out to me that the Apache logs were filling up with constant connections requesting domains that were not configured on the server. To me it looked as if a load balancer somewhere was misconfigured and sending traffic to our IP address by mistake but I needed to open a ticket with the colocation provider to have them look into the issue further since the network in this case is not something I have any control over. Below is a quick Linux command that will output a list of IP addresses making port 80 connections to your server.
List All IP Addresses Making Port 80 Connections To Linux Server:
The below command could be ported to any other port by simply changing 80 to whatever port you needed to analyze. Also keep in mind that the sort command is being used to filter the output and only list each IP address once. To limit the output to the IP address only the cut command is used to remove the beginning and ending text that would display without it. Keep in mind that there may be some other output but the below command will provide a list of IP’s listening on a specific port.
Linux Command To List IP’s Addresses Making Connections On Specific Port To Server:
[root@dev httpd]# netstat -antp | grep 80 | cut -d: -f8 | sort -u 192.168.130.12 192.168.0.111 192.168.141.34 192.168.177.26 10.211.169.163 [root@dev httpd]#
Again the above command may need to be adjusted to provide the proper output but this command does provide a great foundation to accomplish the task of listing IP’s making connections to a specified port on a Linux Server which in this case is CentOS Linux.