Check Apache concurrent Connections using Netstat command

As a Server Administrator we need to learn all kind of troubleshooting skill & method, So that we can handle the situation without panic when incident or issue arias. Today i’m going to teach you how to identify when apache eating server resource. If server load is huge automatically we will check with Top or Htop command. If the top & htop command output shows, so many apache requests coming from different resource, it could be DDOS attack and we have to check the apache concurrent connections to identify whether its such kind of attack. Verity of commands are available to check the number of active web server connections and I have tested verity of commands on my server and put the output’s here.

When your server is hitting high & overload, you might want to check how many active connections are there and which IP take maximum of hit/connection from apache.

To Count Apache concurrent connection’s, use any of the below commands.

# netstat -nt | grep :80 | wc -l
# netstat -plan|grep :80 | wc -l
# netstat -an | grep 'EST' | wc -l
# netstat -ant | grep ESTABLISHED | grep :80 | wc -l
# ps -A | grep httpd | wc -l
# ps -ef | grep http | wc -l
# ps aux | grep httpd | wc -l
# ps aux | grep http | grep -v "\(root\|grep\)" | wc -l

To print the active Internet connections to the server at port 80 and sort the results, use the below commands.

# netstat -an | grep :80 | sort
or
# netstat -plan | grep :80
or
# netstat -anp | grep :80

tcp        0      0 0.0.0.0:80                  0.0.0.0:*                   LISTEN
tcp        0      0 109.123.85.74:42918         208.43.96.32:80             TIME_WAIT
tcp        0      0 109.123.85.74:59130         208.43.96.32:80             TIME_WAIT
tcp        0      0 109.123.85.74:59134         208.43.96.32:80             TIME_WAIT
tcp        0      0 109.123.85.74:59136         208.43.96.32:80             TIME_WAIT
tcp        0      0 77.92.87.193:80             219.91.219.14:42395         TIME_WAIT
tcp        0      0 77.92.87.193:80             219.91.219.14:42400         TIME_WAIT
tcp        0      0 77.92.87.193:80             219.91.219.14:42403         TIME_WAIT
tcp        0      0 77.92.87.193:80             219.91.219.14:42411         ESTABLISHED
tcp        0      0 77.92.87.194:80             149.126.75.1:26588          TIME_WAIT
tcp        0      0 77.92.87.194:80             149.126.75.33:57244         TIME_WAIT
tcp        0      0 77.92.87.194:80             149.126.76.1:2496           TIME_WAIT
tcp        0      0 77.92.87.194:80             149.126.76.1:32108          TIME_WAIT
tcp        0      0 77.92.87.194:80             149.126.76.1:56303          ESTABLISHED
tcp        0      0 77.92.87.194:80             149.126.76.33:33143         ESTABLISHED
tcp        0      0 77.92.87.194:80             149.126.78.33:64528         TIME_WAIT
tcp        0      0 77.92.87.194:80             198.143.32.1:26342          TIME_WAIT

To calculate and count, number of connection currently established from each IP address with server.

# netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
      1 149.126.75.33
      1 149.126.76.1
      1 149.126.76.33
      1 173.194.78.95
      1 198.143.32.1
      1 198.143.33.1
      1 213.205.228.3
      1 Address
      1 servers)
      2 198.143.38.1
      4 109.123.85.74
      4 127.0.0.1
      4 208.43.96.32
     12 77.92.87.193
     13 198.143.41.1
     14 219.91.219.14
     26 198.143.42.1
    101 77.92.87.194

To calculate and count, number of connection currently established from each IP address through TCP or UDP protocol with server.

# netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
      1 173.194.78.27
      1 198.143.33.33
      1 198.143.38.1
      1 198.143.39.1
      1 213.205.228.3
      1 37.228.106.146
      1 82.94.176.144
      2 198.143.39.33
      3 127.0.0.1
      3 198.143.37.33
      4 208.43.96.32
      6 198.143.33.1
     11 198.143.37.1
     11 198.143.42.1
     20 198.143.41.1
     23 219.91.219.14
     27 77.92.87.193
     42 0.0.0.0
    111 77.92.87.194

To Print ESTABLISHED connections instead of all connections, and displays the connections count for each IP

# netstat -ntu | grep ESTAB | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -nr
     12 219.91.219.14
      2 198.143.42.1
      1 213.205.228.3
      1 198.143.39.33
      1 198.143.33.1

To print the list of IP address and its connection count, that connect to port 80 on the server.

# netstat -plan|grep :80|awk {'print $5'}|cut -d: -f 1|sort|uniq -c|sort -nk 1
      1 0.0.0.0
      1 149.126.78.33
      1 198.143.32.1
      1 198.143.39.33
      1 82.94.176.144
      2 149.126.75.1
      2 198.143.38.1
      5 198.143.33.1
      5 208.43.96.32
     10 198.143.42.1
     17 198.143.41.1
     17 219.91.219.14

To print all the apache httpd actual processes in Linux, use the below commands.

# ps -aux | grep httpd
or
# ps -ef | grep httpd

root      5629  0.0  0.0  61184   732 pts/1    S+   10:58   0:00 grep httpd
root     12171  0.0  0.0  91388 10628 ?        Ss   Sep16   2:01 /usr/local/apache/bin/httpd -k start -DSSL
root     25101  0.0  0.0  91388  6768 ?        S    10:13   0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody   25102  0.0  0.0  92056 10436 ?        S    10:13   0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody   25103  0.0  0.0  92004 10500 ?        S    10:13   0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody   25104  0.0  0.0  92036 10512 ?        S    10:13   0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody   25105  0.0  0.0  92008 10476 ?        S    10:13   0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody   25106  0.0  0.0  92016  9964 ?        S    10:13   0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody   25117  0.0  0.0  91936 10404 ?        S    10:13   0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody   25120  0.0  0.0  92076 10548 ?        S    10:13   0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody   25122  0.0  0.0  92364 10272 ?        S    10:13   0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody   25127  0.0  0.0  92036 10404 ?        S    10:13   0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody   25149  0.0  0.0  91920 10416 ?        S    10:13   0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody   25156  0.0  0.0  92008 10492 ?        S    10:13   0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody   25161  0.0  0.0  91932  9848 ?        S    10:13   0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody   25166  0.0  0.0  92152 10088 ?        S    10:13   0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody   25170  0.0  0.0  92116 10044 ?        S    10:13   0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody   25175  0.0  0.0  92164 10640 ?        S    10:13   0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody   25178  0.0  0.0  92040 10508 ?        S    10:14   0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody   25185  0.0  0.0  92024 10432 ?        S    10:14   0:00 /usr/local/apache/bin/httpd -k start -DSSL

Magesh Maruthamuthu

Love to play with all Linux distribution

You may also like...

Shares
Close
Please support the site
By clicking any of these buttons you help our site to get better