This script will check the last 10 highest number of IP connections and will give the location of the IP address with connections more than 50. root@xxxx [~]# cat checkddos #!/bin/bash ################################################### # Script Name :checkddos # Created By : Jino Joseph # Created Date : 01-Jul-2013 # Last Modified : 01-Jul-2013 # Purpose : Finds the IPs with connections higher than 50 show the ip location ################################################### netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -nr | head -10 | sed -e 's/^[ \t]*//' | sed -e 's/ /#/g' > result.txt for i in `cat result.txt`; do echo $i > temp.txt; No=$(cat temp.txt | gawk -F '#' '{print $1}'); IP=$(cat temp.txt | gawk -F '#' '{print $2}'); Num=${No/\.*} if [ $Num -gt 50 ] && [ $IP != '127.0.0.1' ] then echo -e " $IP : $Num \n " url="http://www.ipaddressloc