We have a server which listens on port X. The server has a large number of clients, from time to time the process gets hung, I am seeing SYN flooding messages in the log. I have been trying to tune relevant tcp configuration params.
I would like a way to count number of incoming connections to that particular port using tcpdump or another command.
Iptables can log connections or if you prefer you can use the --tcp-flags SYN option to match syn packets.
iptables -A INPUT -p tcp -m tcp --dport <listenPort> \
-m state --state NEW -j LOG --log-prefix 'PORTMON'
grep 'PORTMON' /var/log/messages
netstat can show active connections (pipe to wc -l for counts):
netstat -punta | grep <yourPort>
Or just use tcpdump to examine the traffic.
man tcpdump
Have you considered using a network monitoring solution?
It's not just getting the number of connections to that port, is doing something is the value is too high: like setting and iptables rule to ban an IP, or getting an alert to your cellphone . As stated in this question, you can use the IPTraf plugin of Pandora FMS to get that metric, and then use the alerting and reporting capabilities of Pandora FMS to do something about it.
